Locked out of Administration

[pj]

Hello,

could anyone please help here?

I wanted to change the admin port of eBox to allow for later use of the port by other web pages. I added a new https service port at 443 for secure http, added a new admin port at 7443 under the eBox Administration Service (I did not remove the original 443 port, thinking that if it didn't work, it would still connect with 443...oh well), and changed the port under Services ->General to 7433. Added the new https service to allow external connections in the firewall, and added the port to the external router, and saved changes. Hum.

I do have ssh, so I can alter the config files as necessary.

There are no other secure pages set up as yet. Firefox gives an "Unable to connect" page for https://www.website.com:7443/ebox, and https://www.website.com/ebox.

What have I missed?

Kind regards

[J. A. Calvo]

You don't have to add a new service in order to change the port. Anyway, if you can't access now, you can try to execute "dpkg-reconfigure ebox", it should ask you for the administration port.

[pj]

Thanks for the prompt answer. Did that in the eBox Admin platform beforehand, and now your suggestion in a terminal, but no difference I'm afraid. Still get : https://www.website.com:7443/ebox - "Unable to connect".

I have tried changing the port back to 443 with dpkg-reconfigure ebox - also no connection. At a loss here... any further help appreciated! I hadn't made any more changes than those in my original post.

Kind regards

[pj]

Forgot to add that when configuring ebox, it shows "It seems that the port you have selected is already being used. You can continue anyway or enter a new port." on changing the port to 7443.

Does this help?

[pj]

Also, I tried changing to another unused port - didn't work either. I also stopped the firewall just in case that was the problem. Didn't make any difference.

[Javier Amor Garcia]

Maybe your ebox apache is down.

Try this to restart it:
/etc/init.d/ebox apache restart

Then you could try agian. Anyway to see if it is up and in what port it listens you can use this command:

netstat -tlnp | grep apache2

(If you have the webmail or the user corner modules enabled it will be additional instances used by those modules)

[pj]

Hello Javier,

no, the server was up - I could always get port 80 "It works". I can still log in to SquirrelMail, but it uses non-secure IMAP.

The netstat shows:

tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      19356/apache2   
tcp        0      0 0.0.0.0:8888            0.0.0.0:*               LISTEN      20551/apache2   
tcp        0      0 0.0.0.0:8443            0.0.0.0:*               LISTEN      23226/apache2

8443 is the port for ebox...
I don't remember putting in port 8888... I do not have that port open on the router.
Where has port 443 gone?

Any ideas please?

Kind regards

[Javier Amor Garcia]

8888 is the default port for ebox-usercorner.

Another thing we could try is to use a text based browser with HTTPS support (like links) from inside eBox to try to connect to the administrative interface in https://127.0.0.1:8433. If it works we will know that is a problem with outside connections and not with apache itself..

[pj]

Hello Javier

(port id 8443)

in eBox:

wget https://127.0.0.1:8443
--20:46:44--  https://127.0.0.1:8443/
           => `index.html'
Connecting to 127.0.0.1:8443... connected.
ERROR: Certificate verification error for 127.0.0.1: self signed certificate
ERROR: certificate common name `eBox Server' doesn't match requested host name `127.0.0.1'.
To connect to 127.0.0.1 insecurely, use `--no-check-certificate'.
Unable to establish SSL connection.

I can also get to the port from another computer on the same LAN 192.168.0.1:8443 - shows certificate problem, but connects.

Checked the router configuration for the umpteenth time (probably 8  , and the port 8443 as well as 7443 is open.

I do not understand where the problem could be. Is it possible that the eBox firewall is stopping the connection?

Kind regards

[jjm1982]

The firewall may be stopping the connection. Try running "/etc/init.d/ebox firewall stop" and attempt to connect again.

[pj]

Oh dear jjm1982 (how are you doing? , not doing well here , but thanks for the post. I am coming round to the thought that it might just be a bug.

Stopping the firewall does not help. Still no connection from the outside world. A right to-do!

I have a feeling it is something to do with me not removing port 443 from the ebox admin service. Perhaps it doesn't like having 2 ports. I do not understand why the netstat doesn't show port 443 as well. I added a https service with that port, as in my first post. Where would one check that, do you know please?

Kind regards

[jjm1982]

You could try unconfiguring the modules, there's a script in the "/usr/share/ebox" directory call "ebox-unconfigure-module". I've used it to unconfigure samba an number of times... long story.

If you issue the command:
sudo /usr/share/ebox/ebox-unconfigure-module {module-name}

I'm not quite sure what the module would be, I believe its the apache module, Javier may be able to provide the correct one. I would hate to see you have to start from scratch.

[Javier Amor Garcia]

I will unconfigure the apache module so it could listen again in 443.
Maybe you need too to unconfigure the firewall and services modules but first try to unconfigure only the apache moduke

[pj]

Thanks to you both.

I have issued the command sudo /usr/share/ebox/ebox-unconfigure-module apache. It just returns to the prompt.

Do you know which scripts I could edit to add port 443 to apache2? I tried out "listen 80, 443" (don't know if the syntax was correct) a week ago, but it made no difference. I also added 443 to the ports.conf file - no change either. I removed both these alterations afterwards.

Kind regards

[jjm1982]

You could try updating the apache2.conf file in "/etc/apache2" directory and then restarting apache.

I'm not sure where else you can go from here.