0

I'm trying to set up OpenVPN to listen on port 443 on my Asustor NAS, and then pass all HTTPS traffic to Apache, by using the port-share option based on: OpenVPN port-share with Apache/SSL

However i'm not getting it to work. I think the problem is that port 443 seems to be listening to a process myhttp. When i run the # netstat -tulpn | grep LISTEN command, i'll get this result:

tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 4475/myhttpd

When i change the port on OpenVPN to 444 and run the # netstat -tulpn | grep LISTEN command again, i'll get the next result:

tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 4475/myhttpd

tcp 0 0 0.0.0.0:444 0.0.0.0:* LISTEN 1507/openvpn

tcp 0 0 127.0.0.1:1195 0.0.0.0:* LISTEN 1507/openvpn

I'm not sure how to solve this issue. Does anyone have suggestions?

Community
  • 1
Mni82
  • 3
  • 2

2 Answers2

1

The issue is that your Apache is listening to 0.0.0.0:443, when you need to set it up to listen to localhost:443. Then you won't get conflicting ports for servers.

Tero Kilkanen
  • 36,796
  • 3
  • 41
  • 63
  • In the apache2.conf i configured the folowing: #Listen 12.34.56.78:80 Listen 80 Listen 4545 Is there any other place i need to edit? I searched for 443 and replaced it on more places to 4545. – Mni82 Jul 19 '17 at 22:20
  • Then you have another HTTP daemon running in your system. You need to find out what that is. – Tero Kilkanen Jul 20 '17 at 08:01
  • I found with ps -a 4524 (4524 is the current pid): 4524 root 0:00 /usr/sbin/myhttpd -t 1 -p 8001. What can i do next? – Mni82 Jul 20 '17 at 12:02
  • You need to find out how to make that service not to start. However, it is most probably the management interface for the box, and therefore can have side-effect if you stop it. You should use a product designed to do what you want to do. – Tero Kilkanen Jul 20 '17 at 12:45
  • I was afraid for answer. I have the same feeling. Thnx for helping me! – Mni82 Jul 20 '17 at 15:21
0

Services on the NAS get started in incremental order by number then alphabetical, and the VPN service located in /usr/builtin/etc/init.d/ is S83vpnconnect.

What I ended up doing for myself was creating a start script that kills whatever is using the ports I want just before the script that needs them:

S49killmyhttpd -> /usr/local/AppCentral/killmyhttpd/CONTROL/start-stop.sh

In your case you will probably want to link it as S83killmyhttpd, and the script will be:

#! /bin/sh

case $1 in
    start)
        PID1="$(fuser 80/tcp)"
        PID2="$(fuser 443/tcp)"
        echo "Killing useless port 80 hog, PID=${PID1}"
        kill -9 ${PID1}
        echo "Killing useless port 443 hog, PID=${PID2}" 
        kill -9 ${PID2} 
    ;;
    stop)
        echo "myhttpdkiller can't bring back what it killed"
    ;;
    reload)
        PID1="$(fuser 80/tcp)"
        PID2="$(fuser 443/tcp)"
        echo "Killing useless port 80 hog, PID=${PID1}"
        kill -9 ${PID1}
        echo "Killing useless port 443 hog, PID=${PID2}" 
        kill -9 ${PID2} 
    ;;
    *)
        echo "usage: $0 {start|stop|reload}"
    exit 1
    ;;
esac
exit 0

You may or may not need that reload section. This has been one of the most frustrating things about this NAS for me - the Web GUI interface is what starts myhttpd as soon as port 80 or 443 are freed, the purpose being only to redirect them to 8000 and 8001.

For myself the script above didn't work as well, so I placed the kill block within the docker init script to ensure my containers nabbed the ports before anything else did.

Luke Jones
  • 1