Can't open port 443 (seems to be in limbo) - RHEL 9.4

ā„¹ļø Support šŸ“¦ Appliances (Docker, Snappy, VM, NCP, AIO)
, , , ,
1

Hello Nextcloud administrators,


To be honest: I have a very strange problem that I cannot explain: despite the fact that I opened port 443 on my router and server, the port stays closed?!

Iā€™m not sure if itā€™s due to Nextcloud AIO or if itā€™s a problem of Red Hat Enterprise Linux 9.4 (the distribution that Iā€™m using).

This is what I have done so far:


Opened the https services on the server

sudo firewall-cmd --permanent --zone=public --add-service=https
sudo firewall-cmd --reload

Because this didnā€™t seem enough I also opened port 80 and 443 manually:

sudo firewall-cmd --permanent --zone=public --add-port=443/tcp
sudo firewall-cmd --permanent --zone=public --add-port=443/udp
sudo firewall-cmd --reload

Now, you would think port 443 is open, but when I try to reach the server I get the following message:

telnet [domain name server] 443
telnet: connect to address [ip address server]: Connection refused

(if I use an online webservice I get the same message.)

(When I tried the above command I made sure that port 443 was open on the router.)


When I check if the port is open, it still says thatā€™s closed (?!):

sudo firewall-cmd --query-port=443/tcp
no
sudo firewall-cmd --query-port=443/udp
no

When I run netstat I get the following result:

sudo netstat -tulpn | grep 443
tcp        0      0 127.0.0.1:44321         0.0.0.0:*               LISTEN      1120/pmcd           
tcp        0      0 0.0.0.0:8443            0.0.0.0:*               LISTEN      3772937/docker-prox 
tcp6       0      0 ::1:44321               :::*                    LISTEN      1120/pmcd           
tcp6       0      0 :::8443                 :::*                    LISTEN      3772945/docker-prox

Port 443 is nowhere?

Is the problem that Docker isnā€™t listening on port 443? (But according to the documentation I donā€™t need to do this explicitly.)


The command that I used to run Nextcloud AIO

sudo docker run -d \
--init \
--sig-proxy=false \
--name nextcloud-aio-mastercontainer \
--restart always \
--publish 80:80 \
--publish 8080:8080 \
--publish 8443:8443 \
--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
--volume /var/run/docker.sock:/var/run/docker.sock:ro \
--env SKIP_DOMAIN_VALIDATION=true \
--security-opt label:disable \
ghcr.io/nextcloud-releases/all-in-one:latest

As you can see, I already added --env SKIP_DOMAIN_VALIDATION=true (to skip domain validation) and --security-opt label:disable (to allow SELinux access).


If anyone knows Iā€™m doing wrong, please let me know!

3

Hi, in general Docker should take care of adjusting the firewall correctly. So it is possible that you broke the mechanism by adjusting your firewall manuallyā€¦

1 Like
4

Also, did you already step through the complete setup? Only in the end port 443 is actually opened on the server. See How to Install the Nextcloud All-in-One on Linux - Nextcloud

2 Likes
5

I donā€™t think that the problem is that I broke the firewall settings. Not clear in the above post, but I already opened the http and https services during the previous installation of Nextcloud AIO.

I first ran NAIO with a reverse proxy (Apache) and last week I removed the reverse proxy an tried to run NAIO directly. Because I couldnā€™t connect to Nextcloud (I get a white screen that says ā€˜Unable to connectā€™ and the error message ns_error_connection_refused), I checked the different ports and found out that that port 443 is still closed. Only after this I opened port 80 and 443 manually. So before they should have been open by opening the http and https services, but I still couldnā€™t connect.

6

My installation is not completely new: I do use the volumes of the previous installation. Could it be that there is some misconfiguration in one of the settings of the previous installation? Mmmā€¦

7

I see. Probably you need to set APACHE_PORT back to 443. And if youā€™ve adjusted APACHE_IP_BINDING, you need to set it back to 0.0.0.0. Otherwise it will use the former value.

1 Like
8

Where should I adjust this? During the Docker run command or in a configuration file in one of the volumes?

9

During docker run

1 Like
11 
--env APACHE_PORT=443 \
--env APACHE_IP_BINDING=0.0.0.0 \

Is this correct?
How can I check if APACHE_IP_BINDING=0.0.0.0 is necessary?

12

Yes, it is :+1:

1 Like
13

I can also change this in the configuration file /mnt/docker-aio-config/data/configuration.json?

With the the following command:

sudo docker run -it --rm --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config:rw alpine sh -c "apk add --no-cache nano && nano /mnt/docker-aio-config/data/configuration.json"
14

You can try

1 Like
15

Yes, that did the trick!! :blush: :tada:

I didnā€™t get a SSL-certificate, but I can enter Nextcloud again! This is a very big step forward!! A thousand thanks!!

Is there a way I can thank you? Do you have ā€˜a buy me a coffeeā€™ or something like that?

Not really important, but is there a way to get a Letā€™s encrypt SSL-certificate? Is there any documentation when you didnā€™t get a certificate the first time? Is there a way to execute the service again?

1 Like
16

Very nice! Glad to hear :smiling_face:

If you really want, feel free to send a small amount via paypal. You can use the mail address as target that is mentioned in my public GitHub Profile: szaimen (Simon L.) Ā· GitHub

17

If you can enter Nextcloud again, a Lets encrypt certificate must have been ordered automatically for you. Otherwise you would not be able to open your Nextcloud again as AIO is configured to only work with a valid certificate.

18

I removed my PayPal-account a few weeks ago, so I canā€™t send a donation that way. If there is any other way, let me know!

19

All right. Currently I donā€™t have any other way set up nor available. But all good! :slight_smile:

20

The first time I opened Nextcloud I got the ā€œAccept the risk and continue messageā€, but after deleting the cookies and cache, I got, as you said, the Letā€™s encrypt certificate!

1 Like
21

Okay, then I will thank you this way:


:blush: :tada: :partying_face: Thanks you very much with your help!!! :folded_hands: :four_leaf_clover: :balloon:

:blush: :tada: :partying_face: A thousand thanks!!! :folded_hands: :four_leaf_clover: :balloon:


I could write a short paragraph about what someone has to do when he/she removes a reverse proxy (resetting the mentioned settings)? Would you like me to do that? It could be put somewhere on Github.

1 Like
22

If you really want, you could add a new section at the bottom of thid file: all-in-one/reverse-proxy.md at main Ā· nextcloud/all-in-one Ā· GitHub