Hello,
Prerequisites
I just installed HA supervised on and existing VM with Debian 12.
On this Debian, i already have a reverse proxy nginx (and some services: wordpress, domoticz, a small java app)
I don’t want to buy an other device and i don’t have enough memory to create an other vm on my server. (it’s an old server i can’t add more)
I can access webUI using 192.168.1.10:8123
now i want to reach through ha . mydomain . com
I add the nginx configuration founded here:
My issue
but I have this error when i execute this command after restarting nginx:
sudo journalctl -xeu nginx.service
févr. 21 18:39:48 debian nginx[9933]: nginx: [emerg] bind() to [::]:443 failed (98: Address already in use)
févr. 21 18:39:48 debian nginx[9933]: nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
févr. 21 18:39:48 debian nginx[9933]: nginx: [emerg] still could not bind()
It seems that a docker container created by HA is using port 80 and 443:
(here nginx is not lauched cause i can’t)
~ % sudo netstat -ltnp | grep -w ':80'
~ % sudo netstat -ltnp | grep -w ':443'
~ % sudo lsof -i :80
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
python3 8891 root 27u IPv4 175764 0t0 TCP debian:43306->172.30.32.2:http (ESTABLISHED)
python3 8891 root 31u IPv4 175765 0t0 TCP debian:43308->172.30.32.2:http (ESTABLISHED)
python3 8891 root 34u IPv4 161515 0t0 TCP debian:54886->172.30.32.2:http (ESTABLISHED)
~ % sudo lsof -i :443
~ %
I don’t really understand why HA is using port both: 8123, 80, 443.
Here all port used : (nginx is not lauched)
% sudo netstat -tlnp
Connexions Internet actives (seulement serveurs)
Proto Recv-Q Send-Q Adresse locale Adresse distante Etat PID/Program name
tcp 0 0 0.0.0.0:5355 0.0.0.0:* LISTEN 508/systemd-resolve
tcp 0 0 0.0.0.0:1883 0.0.0.0:* LISTEN 628/mosquitto
tcp 0 0 0.0.0.0:4357 0.0.0.0:* LISTEN 1526/docker-proxy
tcp 0 0 172.30.32.1:65455 0.0.0.0:* LISTEN 3748/nginx: master
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 652/sshd: /usr/sbin
tcp 0 0 192.168.1.10:40000 0.0.0.0:* LISTEN 8891/python3
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/init
tcp 0 0 127.0.0.1:65455 0.0.0.0:* LISTEN 3748/nginx: master
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 753/mariadbd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1224/exim4
tcp 0 0 0.0.0.0:8123 0.0.0.0:* LISTEN 8891/python3
tcp6 0 0 :::5355 :::* LISTEN 508/systemd-resolve
tcp6 0 0 ::1:25 :::* LISTEN 1224/exim4
tcp6 0 0 :::4357 :::* LISTEN 1533/docker-proxy
tcp6 0 0 :::22 :::* LISTEN 652/sshd: /usr/sbin
tcp6 0 0 :::111 :::* LISTEN 1/init
tcp6 0 0 :::8123 :::* LISTEN 8891/python3
tcp6 0 0 fe80::58c9:4eff:f:40000 :::* LISTEN 8891/python3
Here my ha.conf for nginx:
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
server_name ha.mydomain.com;
listen [::]:80 default_server ipv6only=off;
return 301 https://$host$request_uri;
}
server {
server_name ha.mydomain.com;
ssl_certificate /etc/letsencrypt/live/ha.mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/ha.mydomain.com/privkey.pem;
ssl_dhparam /etc/nginx/ssl/dhparams.pem;
listen [::]:443 ssl default_server ipv6only=off; # if your nginx version is >= 1.9.5 you can also add the "http2" flag here
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
ssl_protocols TLSv1.2;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
proxy_buffering off;
location / {
proxy_pass http://127.0.0.1:8123;
proxy_set_header Host $host;
proxy_redirect http:// https://;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}
Do you have an idea / explainations / links ?
Thanks !
1 post - 1 participant