Help! Can't access webGUI

pfguy2018

@viragomann
This seems simple! Any particular port that you would suggest?

viragomann

@pfguy2018
You can use any unused port up to 65k.
The only drawback, you have to enter it into the web browser when you want to access pfSense.

pfguy2018

@viragomann
OK, I changed the port to 4443. Rebooted. Same problem recurs. From console, when I try to restart webgui, I get the following:
Restarting webConfigurator...
Message from syslogd@ark at Nov 15 11:30:04 ...
nginx: 2021/11/15 11:30:04 [emerg] 78994#100601: bind() to 0.0.0.0:80 failed (48: Address already in use)

Message from syslogd@ark at Nov 15 11:30:04 ...
nginx: 2021/11/15 11:30:04 [emerg] 78994#100601: bind() to 0.0.0.0:80 failed (48: Address already in use)

Message from syslogd@ark at Nov 15 11:30:04 ...
nginx: 2021/11/15 11:30:04 [emerg] 78994#100601: still could not bind()
done.

And now when I kill the OpenVPN service from the console, I can't get the webgui to restart at all.

pfguy2018

And the device emailed me the following error
11:42:15 PHP ERROR: Type: 64, File: /usr/local/sbin/pfSsh.php(374) : eval()'d code, Line: 29, Message: Cannot redeclare usage() (previously declared in /usr/local/sbin/pfSsh.php(374) : eval()'d code:30)

I am really stuck here. I can't figure out how to reach the webgui at all

pfguy2018

Output to command sockstat -l | grep :80

root lighttpd_p 30452 4 tcp4 127.0.0.1:8081 :
root lighttpd_p 30452 6 tcp4 10.10.10.1:80 :
root lighttpd_p 30452 8 tcp6 ::1:8081 :
root openvpn 82111 6 tcp4 *:80 :

Hoping someone can make sense of this

viragomann

@pfguy2018 said in Help! Can't access webGUI:

root openvpn 82111 6 tcp4 *:80 :

Your OpenVPN listens on port 80???

pfguy2018

@viragomann
That was the problem. I killed that process and was able to restart the webgui. And now have changed that OpenVPN server port! Not sure why I ever set it up that way.

Thanks for your help with this!

mer

Doesn't OpenVPN by default listen on 80/443 to cover inbound connections? I'm looking at some client side config as I say that.

viragomann

@mer said in Help! Can't access webGUI:

Doesn't OpenVPN by default listen on 80/443 to cover inbound connections?

No, the web configurator does.

But the port can be changed in the System settings as mentioned above.
To get rid of listening to port 80 as well you can additionally check "Disable webConfigurator redirect rule".

pfguy2018

@mer
Not sure. But when I changed from port 80 to another port and rebooted, webgui came up immediately with no issues. So this clearly was the problem.

mer

@viragomann
Ok, maybe I'm not being clear.
It seems like the reason the OP webgui couldn't start was because OpenVPN was listening on one or more of the ports the web gui defaults to listening on.

Is that a correct statement?

If so then what does OpenVPN server listen on by default? I have some client config from a work system that implies/says to talk to the server on 80/443.

So, we know the webgui by default listens on 80/443, by default what is OpenVPN server listening on and if there is overlap, which one should change the default?

viragomann

@mer
No, there is no port overlapping with pfSense services by default of course.

The web configurator listens on both, 80 and 443.
OpenVPN is on 1194. But as soon as you need an additional OpenVPN server you need a second different port for it naturally.

In the TOs case, he set the OpenVPN to listen on 80 and 443 and hence the web configurator did not start up.

I have some client config from a work system that implies/says to talk to the server on 80/443

This is possible for sure when you move the webGUI to a different port and check "Disable webConfigurator redirect rule".

There are also other possibilities like OpenVPN port sharing or going over HA proxy to share ports with other services.

mer

@viragomann Thank you the additional server part was not clear to me. Probably read too quickly over it.
But thanks for clarification.