It is currently Thu Mar 21, 2019 7:24 pm
All times are UTC + 8 hours

Stop the process using ports 443/80 from starting

Stop the process using ports 443/80 from starting

Postby luke_nukem » Wed Oct 24, 2018 6:24 am

I'm trying to get my docker containers sorted out and use a container for my web server. This requires port 443 for SSL and port 80.

However, my webserver is blocked from starting until ports are freed, and to do this I have to kill the process that is using it. This process is started on boot via
Code: Select all
myhttpd-t1-p8000
myhttpd-t1-p8001
.

I can't seem to track down what actually starts it though.

Highly frustrating - anyone have a pointer?
luke_nukem
 
Posts: 12
Joined: Wed Oct 24, 2018 6:08 am

Re: Stop the process using ports 443/80 from starting

Postby luke_nukem » Wed Oct 24, 2018 9:56 am

So the ADM Webservice, that is, the GUI for the NAS, is highjacking these ports unless the Webserver (apache) is running.
Which means that it's either the ADM GUI or apache using those ports, and no inbetween to stop anything using them at all.

I ended up working around it by getting my router to forward ports 443 to 441 and have my docker container use 441. But this doesn't solve the issue on local networks where I have to use address + port 441.

Ugh!
luke_nukem
 
Posts: 12
Joined: Wed Oct 24, 2018 6:08 am

Re: Stop the process using ports 443/80 from starting

Postby orion » Wed Oct 24, 2018 10:13 am

You can change those ports under ADM. ADM web -> Settings -> General (that's ADM web server) and ADM web -> Services -> Web server (that's apache).
User avatar
orion
 
Posts: 2197
Joined: Wed May 29, 2013 11:09 am

Re: Stop the process using ports 443/80 from starting

Postby luke_nukem » Wed Oct 24, 2018 11:24 am

orion wrote:You can change those ports under ADM. ADM web -> Settings -> General (that's ADM web server) and ADM web -> Services -> Web server (that's apache).


Doesn't work. As soon as apache stops using 80/443 then something starts 'myhttpd' with it attached to those ports:
Code: Select all
admin@nas:/etc/init.d $ sudo netstat -ntulp | grep 443
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      4100/myhttpd

admin@nas:/etc/init.d $ cat /proc/4100/cmdline
/usr/sbin/myhttpd-t1-p8001


If you look at the help for myhttpd then you see:

Code: Select all
admin@CorrosionOfCode:/etc/init.d $ myhttpd
Usage:
  httpd -t type -p port
  type : 0(http), 1(https)


So the process that called "myhttpd -t1 -p8001" is what we need to find and kill...

If I start apache with ports 80/443 enabled then that process is killed, but now apache is using those ports. Even if apache is running, but on different ports, then something starts that process as soon as those ports are freed from apache.

I thought it was
Code: Select all
/etc/init.d/S44httpredir
doing it, but I'm unsure now... And in any case, that service is restored when the nas reboots.

The library 'libservice' calls 'myhttpd' in a few ways, and that lib is linked to by various things in the webman.

Code: Select all
./lib/libservice.so.0:135995:/usr/sbin/myhttpd -t %d -p %d
./lib/libservice.so.0:136002:/usr/bin/killall -TERM myhttpd>/dev/null 2>&1
./lib/libservice.so.0:136005:/usr/bin/killall -9 myhttpd>/dev/null 2>&1
./lib/libservice.so:135995:/usr/sbin/myhttpd -t %d -p %d
./lib/libservice.so:136002:/usr/bin/killall -TERM myhttpd>/dev/null 2>&1
./lib/libservice.so:136005:/usr/bin/killall -9 myhttpd>/dev/null 2>&1
./lib/libservice.so.0.0:135995:/usr/sbin/myhttpd -t %d -p %d
./lib/libservice.so.0.0:136002:/usr/bin/killall -TERM myhttpd>/dev/null 2>&1
./lib/libservice.so.0.0:136005:/usr/bin/killall -9 myhttpd>/dev/null 2>&1


Code: Select all
./bin/lighttpdutil:1078:libservice.so
./webman/initial/sysreset.cgi:1402:libservice.so
./webman/initial/initial.cgi:3658:libservice.so
./lib/libservice.so.0:33733:libservice.so
./lib/libplugin.so:2384:libservice.so
./lib/libbuiltin.so.0.0:11025:libservice.so
./lib/libnasman.so.0:32123:libservice.so
./lib/libnasman.so.0.0:32123:libservice.so
./lib/libplugin.so.0:2384:libservice.so
./lib/libservice.so:33733:libservice.so
./lib/libbuiltin.so:11025:libservice.so
./lib/libplugin.so.0.0:2384:libservice.so
./lib/libbuiltin.so.0:11025:libservice.so
./lib/libnasman.so:32123:libservice.so
./lib/security/pam_google_authenticator.so:1759:libservice.so
./lib/libservice.so.0.0:33733:libservice.so
./sbin/httpredir:840:libservice.so
./sbin/recybind:1755:libservice.so
./sbin/nasmand:3057:libservice.so
./sbin/sftpmand:3425:libservice.so
./sbin/stormand:4836:libservice.so
./sbin/hostmand:3991:libservice.so
./sbin/logmand:2375:libservice.so
./sbin/netmand:2925:libservice.so
./sbin/dhcpserverctrl:1142:libservice.so


Bit hard to trace further without using a hex reader since the calls that actually call the function that starts myhttpd will be symbols (need nm/readelf/objdump to read them).

I've ended up using the router config to route ports from outside, and a redirect in the apache web root to redirect internal. But still, what a pain in the bottom it is not being able to claim those ports for other services.
luke_nukem
 
Posts: 12
Joined: Wed Oct 24, 2018 6:08 am

Re: Stop the process using ports 443/80 from starting

Postby luke_nukem » Wed Oct 24, 2018 11:50 am

*shakes fist*

Code: Select all
admin@nas:/etc/init.d $ ps auxf |grep myhttp
 4097 root       0:00 /usr/sbin/myhttpd -t 0 -p 8000
 4100 root       0:00 /usr/sbin/myhttpd -t 1 -p 8001
10243 admin      0:00 grep myhttp
admin@nas:/etc/init.d $ sudo netstat -ntulp | grep 443
Password:
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      4100/myhttpd
admin@nas:/etc/init.d $ sudo netstat -ntulp | grep 8001
tcp        0      0 0.0.0.0:8001            0.0.0.0:*               LISTEN      4146/lighttpd
tcp        0      0 :::8001                 :::*                    LISTEN      4146/lighttpd
admin@nas:/etc/init.d $


At this point I'm going to create a user service that exists only to kill myhttpd
luke_nukem
 
Posts: 12
Joined: Wed Oct 24, 2018 6:08 am

Re: Stop the process using ports 443/80 from starting

Postby luke_nukem » Wed Oct 24, 2018 12:43 pm

Turns out a full init script to kill anything using those ports doesn't really work as something just restarts it. Ordering doesn't seem to matter much either.

So I ended up putting this at the start of the docker init start block:

Code: Select all
                PID1="$(fuser 80/tcp)"
                PID2="$(fuser 443/tcp)"
                echo "Killing useless port 80 hog, PID=${PID1}"
                kill -9 ${PID1}
                echo "Killing useless port 443 hog, PID=${PID2}"
                kill -9 ${PID2}


This is one shitty hack of a way to get what I want.
luke_nukem
 
Posts: 12
Joined: Wed Oct 24, 2018 6:08 am

Re: Stop the process using ports 443/80 from starting

Postby orion » Wed Oct 24, 2018 2:01 pm

mm... My AS-304T does not start "myhttpd" service. I can only find lighttpd (ADM web server) and apache. Wonder what applications you installed to launch this service. (Docker? I'm not sure because my model does not support docker.) I think you may fire a support ticket to asustor to get the answer. I'm quite curious about it too.
User avatar
orion
 
Posts: 2197
Joined: Wed May 29, 2013 11:09 am

Re: Stop the process using ports 443/80 from starting

Postby luke_nukem » Wed Oct 24, 2018 3:43 pm

orion wrote:mm... My AS-304T does not start "myhttpd" service. I can only find lighttpd (ADM web server) and apache. Wonder what applications you installed to launch this service. (Docker? I'm not sure because my model does not support docker.) I think you may fire a support ticket to asustor to get the answer. I'm quite curious about it too.


If apache is running with those ports then the 'myhttpd' redirection won't be running - it seems the Web UI kills it via a call to the libservice library. But if those ports aren't used by apache then it starts again.

The purpose of this is to redirect both 443 and 80 to 8001 and 8000, I presume to make it easier to connect to the nas.
luke_nukem
 
Posts: 12
Joined: Wed Oct 24, 2018 6:08 am

Re: Stop the process using ports 443/80 from starting

Postby orion » Wed Oct 24, 2018 4:48 pm

luke_nukem wrote:If apache is running with those ports then the 'myhttpd' redirection won't be running - it seems the Web UI kills it via a call to the libservice library. But if those ports aren't used by apache then it starts again.

The purpose of this is to redirect both 443 and 80 to 8001 and 8000, I presume to make it easier to connect to the nas.

Oops, you are right!! There should be an option to disable this redirection. Not only for port usage, but also security concern.
User avatar
orion
 
Posts: 2197
Joined: Wed May 29, 2013 11:09 am

Re: Stop the process using ports 443/80 from starting

Postby luke_nukem » Thu Oct 25, 2018 4:06 am

Turned this in to a feature request.
luke_nukem
 
Posts: 12
Joined: Wed Oct 24, 2018 6:08 am

Return to [Official] For AS-30X Series

  • You cannot post new topics in this forum
    You cannot reply to topics in this forum
    You cannot edit your posts in this forum
    You cannot delete your posts in this forum
    You cannot post attachments in this forum
  • Who is online

    Users browsing this forum: No registered users and 2 guests