ASUSTOR Community Forum

[luke_nukem]

I'm trying to get my docker containers sorted out and use a container for my web server. This requires port 443 for SSL and port 80.

However, my webserver is blocked from starting until ports are freed, and to do this I have to kill the process that is using it. This process is started on boot via

Code: Select all

myhttpd-t1-p8000
myhttpd-t1-p8001

.

I can't seem to track down what actually starts it though.

Highly frustrating - anyone have a pointer?

[luke_nukem]

So the ADM Webservice, that is, the GUI for the NAS, is highjacking these ports unless the Webserver (apache) is running.
Which means that it's either the ADM GUI or apache using those ports, and no inbetween to stop anything using them at all.

I ended up working around it by getting my router to forward ports 443 to 441 and have my docker container use 441. But this doesn't solve the issue on local networks where I have to use address + port 441.

Ugh!

[orion]

You can change those ports under ADM. ADM web -> Settings -> General (that's ADM web server) and ADM web -> Services -> Web server (that's apache).

[luke_nukem]

You can change those ports under ADM. ADM web -> Settings -> General (that's ADM web server) and ADM web -> Services -> Web server (that's apache).

Doesn't work. As soon as apache stops using 80/443 then something starts 'myhttpd' with it attached to those ports:

Code: Select all

admin@nas:/etc/init.d $ sudo netstat -ntulp | grep 443
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      4100/myhttpd

admin@nas:/etc/init.d $ cat /proc/4100/cmdline
/usr/sbin/myhttpd-t1-p8001


If you look at the help for myhttpd then you see:

Code: Select all

admin@CorrosionOfCode:/etc/init.d $ myhttpd
Usage:
  httpd -t type -p port
  type : 0(http), 1(https)


So the process that called "myhttpd -t1 -p8001" is what we need to find and kill...

If I start apache with ports 80/443 enabled then that process is killed, but now apache is using those ports. Even if apache is running, but on different ports, then something starts that process as soon as those ports are freed from apache.

I thought it was

Code: Select all

/etc/init.d/S44httpredir

doing it, but I'm unsure now... And in any case, that service is restored when the nas reboots.

The library 'libservice' calls 'myhttpd' in a few ways, and that lib is linked to by various things in the webman.

Code: Select all

./lib/libservice.so.0:135995:/usr/sbin/myhttpd -t %d -p %d
./lib/libservice.so.0:136002:/usr/bin/killall -TERM myhttpd>/dev/null 2>&1
./lib/libservice.so.0:136005:/usr/bin/killall -9 myhttpd>/dev/null 2>&1
./lib/libservice.so:135995:/usr/sbin/myhttpd -t %d -p %d
./lib/libservice.so:136002:/usr/bin/killall -TERM myhttpd>/dev/null 2>&1
./lib/libservice.so:136005:/usr/bin/killall -9 myhttpd>/dev/null 2>&1
./lib/libservice.so.0.0:135995:/usr/sbin/myhttpd -t %d -p %d
./lib/libservice.so.0.0:136002:/usr/bin/killall -TERM myhttpd>/dev/null 2>&1
./lib/libservice.so.0.0:136005:/usr/bin/killall -9 myhttpd>/dev/null 2>&1


Code: Select all

./bin/lighttpdutil:1078:libservice.so
./webman/initial/sysreset.cgi:1402:libservice.so
./webman/initial/initial.cgi:3658:libservice.so
./lib/libservice.so.0:33733:libservice.so
./lib/libplugin.so:2384:libservice.so
./lib/libbuiltin.so.0.0:11025:libservice.so
./lib/libnasman.so.0:32123:libservice.so
./lib/libnasman.so.0.0:32123:libservice.so
./lib/libplugin.so.0:2384:libservice.so
./lib/libservice.so:33733:libservice.so
./lib/libbuiltin.so:11025:libservice.so
./lib/libplugin.so.0.0:2384:libservice.so
./lib/libbuiltin.so.0:11025:libservice.so
./lib/libnasman.so:32123:libservice.so
./lib/security/pam_google_authenticator.so:1759:libservice.so
./lib/libservice.so.0.0:33733:libservice.so
./sbin/httpredir:840:libservice.so
./sbin/recybind:1755:libservice.so
./sbin/nasmand:3057:libservice.so
./sbin/sftpmand:3425:libservice.so
./sbin/stormand:4836:libservice.so
./sbin/hostmand:3991:libservice.so
./sbin/logmand:2375:libservice.so
./sbin/netmand:2925:libservice.so
./sbin/dhcpserverctrl:1142:libservice.so


Bit hard to trace further without using a hex reader since the calls that actually call the function that starts myhttpd will be symbols (need nm/readelf/objdump to read them).

I've ended up using the router config to route ports from outside, and a redirect in the apache web root to redirect internal. But still, what a pain in the bottom it is not being able to claim those ports for other services.

[luke_nukem]

*shakes fist*

Code: Select all

admin@nas:/etc/init.d $ ps auxf |grep myhttp
 4097 root       0:00 /usr/sbin/myhttpd -t 0 -p 8000
 4100 root       0:00 /usr/sbin/myhttpd -t 1 -p 8001
10243 admin      0:00 grep myhttp
admin@nas:/etc/init.d $ sudo netstat -ntulp | grep 443
Password:
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      4100/myhttpd
admin@nas:/etc/init.d $ sudo netstat -ntulp | grep 8001
tcp        0      0 0.0.0.0:8001            0.0.0.0:*               LISTEN      4146/lighttpd
tcp        0      0 :::8001                 :::*                    LISTEN      4146/lighttpd
admin@nas:/etc/init.d $


At this point I'm going to create a user service that exists only to kill myhttpd

[luke_nukem]

Turns out a full init script to kill anything using those ports doesn't really work as something just restarts it. Ordering doesn't seem to matter much either.

So I ended up putting this at the start of the docker init start block:

Code: Select all

                PID1="$(fuser 80/tcp)"
                PID2="$(fuser 443/tcp)"
                echo "Killing useless port 80 hog, PID=${PID1}"
                kill -9 ${PID1}
                echo "Killing useless port 443 hog, PID=${PID2}"
                kill -9 ${PID2}


This is one shitty hack of a way to get what I want.

[orion]

mm... My AS-304T does not start "myhttpd" service. I can only find lighttpd (ADM web server) and apache. Wonder what applications you installed to launch this service. (Docker? I'm not sure because my model does not support docker.) I think you may fire a support ticket to asustor to get the answer. I'm quite curious about it too.

[luke_nukem]

mm... My AS-304T does not start "myhttpd" service. I can only find lighttpd (ADM web server) and apache. Wonder what applications you installed to launch this service. (Docker? I'm not sure because my model does not support docker.) I think you may fire a support ticket to asustor to get the answer. I'm quite curious about it too.

If apache is running with those ports then the 'myhttpd' redirection won't be running - it seems the Web UI kills it via a call to the libservice library. But if those ports aren't used by apache then it starts again.

The purpose of this is to redirect both 443 and 80 to 8001 and 8000, I presume to make it easier to connect to the nas.

[orion]

If apache is running with those ports then the 'myhttpd' redirection won't be running - it seems the Web UI kills it via a call to the libservice library. But if those ports aren't used by apache then it starts again.

The purpose of this is to redirect both 443 and 80 to 8001 and 8000, I presume to make it easier to connect to the nas.

Oops, you are right!! There should be an option to disable this redirection. Not only for port usage, but also security concern.

[luke_nukem]

Turned this in to a feature request.