Linux – Preventing other applications from binding to port 80 and 443

apache-2.2linuxnginxportUbuntu

Last week I got a call from a scared customer because he thought his website was hacked. When I looked up his website I saw the apache2 default page. That night my server (Ubuntu 16.04 LTS) had upgraded and rebooted. Normally when something goes wrong I would've got alerted during the night. This time not, because the monitoring system checks for HTTP status code 200, and the apache2 default page comes with status code 200.

What happened is that during startup apache2 was faster to bind to port 80 and 443 than my actual webserver nginx. I did not install apache2 myself. Through aptitude why apache2 I found out the php7.0 package requires it.

Simply removing apache2 won't work because apparently php7.0 requires it. Is it somehow possible create a restriction so that only nginx is allowed to bind to port 80 and 443?

Other solutions are more than welcome too.

Best Answer

You can't prevent a port from being bound by the wrong service. In your case, just remove apache from autostart and you should be good.

For 16.04 and newer:

sudo systemctl disable apache2

For older Ubuntu versions:

sudo update-rc.d apache2 disable

Related Solutions

Nginx – How to forward to Amazon S3 when in maintenance mode with nginx using 503

I don't believe you can pass a redirect using a 503 as it's not intended for redirection.

You'll either need to host that specific file in a safe location so it's unaffected by whatever maintenance system is in effect, or use a proxy_pass so that nginx fetches the page from amazon and then passes it on to the client.

Something along these lines might do the trick. Haven't touched nginx in a while, but this might give you an idea of what I'm suggesting:

    error_page 503 @maintenance;
    location @maintenance {
            rewrite ^(.*)$ /maintenance.html break;
            proxy_pass http://mysite.s3-website-us-east-1.amazonaws.com;
    }

Edit: On the page referenced about Google's recommendation for a 503, someone commented a fantastic idea for how to redirect with a 503. He mentioned it for Apache, but the concept is the same with nginx:

Hi!

This might help. On Apache Servers, it's usually not possible to redirect a user with any other HTTP Status Code than of the 3xx class.

Users that visit a site under maintenance deserve to get a useful information page.

Do this with a 302 redirect first that leads to a 503 page that outputs the 503 header (i.e. via PHP or Perl). This will work fine with Google since Google will assign all target page properties to the source page when they encounter a 302 - including the header response. I've tested this on Virtual Hosts and it works as desired. If you can, choose a time with few requests for the service actions.

Regards, Thomas

Nginx, Deluge, change port to default and use subdomain instead

Seems i have been able to make it works, following these steps :

Install packages : deluge deluge-webui deluged

Then start deluge-web :

# deluge-web or # deluge-web --fork to have it running in background

Then setup NGinx like this :

server {
   listen       80;
   server_name subdomain.example.com;

  location / {
     proxy_pass http://192.168.0.47:8112; # IP Address of your Server 
  }
}

For https (port 443), first i've setup deluge to use https :

I've create a self-signed certificate following instructions here (step One to Four)
Then, following this, i've copied server.crt and server.key in $HOME/.config/deluge/ssl

Open $HOME/.config/web.conf and setup like this :

"pkey": "ssl/server.key",
"cert": "ssl/server.crt",
"https": true,

Then restart deluge-web

Finally setup NGinx :

server {
   listen       443;
   server_name subdomain.example.com;
   ssl on;
   ssl_certificate /etc/nginx/ssl/server.crt;
   ssl_certificate_key /etc/nginx/ssl/server.key;

   location / {
     proxy_pass https://192.168.0.47:8112; # IP Address of your Server
   }
}

Note that it seems you cannot use deluge with both http and https : you have to choose one or another.

Best Answer

Related Solutions

Nginx – How to forward to Amazon S3 when in maintenance mode with nginx using 503

Nginx, Deluge, change port to default and use subdomain instead

Related Topic