jailed http server

Network related discussions (including general TCP/IP stuff, routing, etc).

jailed http server

Postby Beeblebrox » 16 Apr 2012, 13:51

Using [port]www/lighttpd[/port] and it has been installed in a jail with IP 192.168.2.100/32 (which is an alias)

When I try to start the service from inside jail, I get:
Code: Select all
# lighttpd -D -f /usr/lo*/etc/lighttpd/lighttpd.conf
(network.c.379) can't bind to port: 192.168.2.100 80 Address already in use


[FILE]sockstat[/FILE] in the jail:
Code: Select all
USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS     
root     cron       6562  4  dgram  -> /var/run/logpriv
root     syslogd    6520  4  dgram  /var/run/log
root     syslogd    6520  5  dgram  /var/run/logpriv


[FILE]ifconfig[/FILE] from inside jail:
Code: Select all
re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
   options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE
   inet 192.168.2.100 netmask 0xffffffff broadcast 192.168.2.100
   media: Ethernet autoselect (1000baseT <full-duplex>)
   status: active
11-CURRENT_amd64_root-on-zfs_RadeonKMS
User avatar
Beeblebrox
Member
 
Posts: 838
Joined: 03 Sep 2010, 04:45

Postby SirDice » 16 Apr 2012, 13:54

Make sure there's nothing running on the host that also uses port 80. If there is you must make sure it's bound to the host's IP address instead of all.
Senior UNIX Engineer at Unix Support Nederland
Experience is something you don't get until just after you need it.
User avatar
SirDice
Old Fart
 
Posts: 16149
Joined: 17 Nov 2008, 16:50
Location: Rotterdam, Netherlands

Postby Beeblebrox » 16 Apr 2012, 13:56

Nothing running on port 80 on host side. Stopping [FILE]ntpd[/FILE] makes no difference. The "?" service is a [FILE]mountd[/FILE] process for some reason...
Code: Select all
# sockstat -4l
USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS     
root     ntpd       78836 20 udp4   *:123                 *:*
root     ntpd       78836 21 udp4   192.168.1.10:123      *:*
root     ntpd       78836 22 udp4   192.168.2.1:123       *:*
root     ntpd       78836 23 udp4   192.168.2.100:123     *:*
root     ntpd       78836 24 udp4   192.168.2.101:123     *:*
root     ntpd       78836 25 udp4   127.0.0.1:123         *:*
root     inetd      78823 6  udp4   192.168.2.1:69        *:*
dhcpd    dhcpd      78589 7  udp4   192.168.2.1:67        *:*
dhcpd    dhcpd      78589 20 udp4   192.168.2.1:33002     *:*
root     nfsd       78353 5  tcp4   192.168.2.1:2049      *:*
root     mountd     78351 5  udp4   127.0.0.1:59          *:*
root     mountd     78351 6  udp4   192.168.2.1:59        *:*
root     mountd     78351 7  tcp4   127.0.0.1:59          *:*
root     mountd     78351 8  tcp4   192.168.2.1:59        *:*
root     rpcbind    78349 7  udp4   127.0.0.1:111         *:*
root     rpcbind    78349 8  udp4   192.168.2.1:111       *:*
root     rpcbind    78349 9  udp4   *:868                 *:*
root     rpcbind    78349 10 tcp4   127.0.0.1:111         *:*
root     rpcbind    78349 11 tcp4   192.168.2.1:111       *:*
mysql    mysqld     5589  10 tcp4   192.168.2.101:3306    *:*
root     perl       1644  6  tcp4   *:10101               *:*
root     perl       1644  7  udp4   *:10000               *:*
nobody   gdomap     824   3  udp4   *:538                 *:*
nobody   gdomap     824   4  tcp4   *:538                 *:*
root     syslogd    511   6  udp4   *:514                 *:*
?        ?          ?     ?  udp4   192.168.2.1:2049      *:*
11-CURRENT_amd64_root-on-zfs_RadeonKMS
User avatar
Beeblebrox
Member
 
Posts: 838
Joined: 03 Sep 2010, 04:45

Postby SirDice » 16 Apr 2012, 14:27

Not related but you can stop running ntp in your jails. It won't work anyway, jails get their time from the host.
Senior UNIX Engineer at Unix Support Nederland
Experience is something you don't get until just after you need it.
User avatar
SirDice
Old Fart
 
Posts: 16149
Joined: 17 Nov 2008, 16:50
Location: Rotterdam, Netherlands

Postby Beeblebrox » 16 Apr 2012, 14:35

ntp is for the [FILE]diskless[/FILE] clients so that they can sync their clocks to host before distributed compile / compute starts. [FILE]ntpd[/FILE] is running from host side (together with [FILE]nfsd[/FILE] & [FILE]rpcbind[/FILE]). I would prefer to run [FILE]ntpd[/FILE] from the jail serving [FILE]pxe[/FILE] but it does not start when placed in [FILE]jail/etc/rc.conf[/FILE]. If I [FILE]jexec[/FILE] into jail, stop [FILE]dhcpd[/FILE], I can then manually start [FILE]ntpd[/FILE] then I just re-start [FILE]dhcpd[/FILE]. This is too much of a hassle however.

NFS runs on host as well because as yet, it's impossible to jail.

EDIT: Of course, under normal jail circumstances one would not want [FILE]ntpd[/FILE] running from inside a jail since it is unable to bind to a single IP but listens on all IP's instead - thereby causing a process leak to other jails and host its self.
11-CURRENT_amd64_root-on-zfs_RadeonKMS
User avatar
Beeblebrox
Member
 
Posts: 838
Joined: 03 Sep 2010, 04:45

Postby Beeblebrox » 16 Apr 2012, 16:24

The annoying part is, the jailed [port]www/thttpd[/port] starts nicely with no errors, but shows nothing but a 404 page (jail-or-host, can't get it to work).
I suppose this makes the initial post a [FILE]lighttpd[/FILE] specific error?

EDIT: Yes, the error was in my [FILE]lighttpd.conf[/FILE]. I had copied it from host environment to the jail and had not changed
Code: Select all
server.port = 80
server.bind = "localhost"

Should have been:
Code: Select all
server.port = 80
server.bind = "192.168.2.100"
11-CURRENT_amd64_root-on-zfs_RadeonKMS
User avatar
Beeblebrox
Member
 
Posts: 838
Joined: 03 Sep 2010, 04:45


Return to Networking

Who is online

Users browsing this forum: No registered users and 1 guest