Help! Can't access webGUI

pfguy2018

After a change to my WAN port, I am no longer to access the webGUI. Everything else seems to be working - DNS assigning addresses, internet connection active, console accessible. But I cannot get any connection at the webGUI address. How can I fix this?

pfguy2018

@pfguy2018
And when I try to restart the webconfigurator from the console, I get the following message:

Restarting webConfigurator...
Message from syslogd@ark at Nov 14 18:13:15 ...
nginx: 2021/11/14 18:13:15 [emerg] 61928#100494: bind() to 0.0.0.0:443 failed (48: Address already in use)

viragomann

@pfguy2018 said in Help! Can't access webGUI:

nginx: 2021/11/14 18:13:15 [emerg] 61928#100494: bind() to 0.0.0.0:443 failed (48: Address already in use)

Check out which application is using port 443:

sockstat | grep 443

pfguy2018

@viragomann said in Help! Can't access webGUI:

sockstat | grep 443

I was able to restore access to the webgui by stopping OpenVPN server and restarting webgui from console. But when rebooting, the same problem occurs.

The output to the sockstat command is
root nginx 49861 5 tcp4 *:443 :
root nginx 49861 6 tcp6 *:443 :
root nginx 49861 9 tcp4 192.168.88.1:443 192.168.88.100:60561
root nginx 49809 5 tcp4 *:443 :
root nginx 49809 6 tcp6 *:443 :
root nginx 49758 5 tcp4 *:443 :
root nginx 49758 6 tcp6 *:443 :
root lighttpd_p 53712 5 tcp4 127.0.0.1:8443 :
root lighttpd_p 53712 7 tcp4 10.10.10.1:443 :
root lighttpd_p 53712 9 tcp6 ::1:8443 :
root openvpn 13832 6 tcp4 X.X.X.X:443 :

viragomann

@pfguy2018
So your OpenVPN is listening on port 443.

You can switch the WebGUI to a different port in System > Advanced > Admin Access.

pfguy2018

@viragomann
This seems simple! Any particular port that you would suggest?

viragomann

@pfguy2018
You can use any unused port up to 65k.
The only drawback, you have to enter it into the web browser when you want to access pfSense.

pfguy2018

@viragomann
OK, I changed the port to 4443. Rebooted. Same problem recurs. From console, when I try to restart webgui, I get the following:
Restarting webConfigurator...
Message from syslogd@ark at Nov 15 11:30:04 ...
nginx: 2021/11/15 11:30:04 [emerg] 78994#100601: bind() to 0.0.0.0:80 failed (48: Address already in use)

Message from syslogd@ark at Nov 15 11:30:04 ...
nginx: 2021/11/15 11:30:04 [emerg] 78994#100601: bind() to 0.0.0.0:80 failed (48: Address already in use)

Message from syslogd@ark at Nov 15 11:30:04 ...
nginx: 2021/11/15 11:30:04 [emerg] 78994#100601: bind() to 0.0.0.0:80 failed (48: Address already in use)

Message from syslogd@ark at Nov 15 11:30:04 ...
nginx: 2021/11/15 11:30:04 [emerg] 78994#100601: bind() to 0.0.0.0:80 failed (48: Address already in use)

Message from syslogd@ark at Nov 15 11:30:04 ...
nginx: 2021/11/15 11:30:04 [emerg] 78994#100601: bind() to 0.0.0.0:80 failed (48: Address already in use)

Message from syslogd@ark at Nov 15 11:30:04 ...
nginx: 2021/11/15 11:30:04 [emerg] 78994#100601: still could not bind()
done.

And now when I kill the OpenVPN service from the console, I can't get the webgui to restart at all.

pfguy2018

And the device emailed me the following error
11:42:15 PHP ERROR: Type: 64, File: /usr/local/sbin/pfSsh.php(374) : eval()'d code, Line: 29, Message: Cannot redeclare usage() (previously declared in /usr/local/sbin/pfSsh.php(374) : eval()'d code:30)

I am really stuck here. I can't figure out how to reach the webgui at all

pfguy2018

Output to command sockstat -l | grep :80

root lighttpd_p 30452 4 tcp4 127.0.0.1:8081 :
root lighttpd_p 30452 6 tcp4 10.10.10.1:80 :
root lighttpd_p 30452 8 tcp6 ::1:8081 :
root openvpn 82111 6 tcp4 *:80 :

Hoping someone can make sense of this

viragomann

@pfguy2018 said in Help! Can't access webGUI:

root openvpn 82111 6 tcp4 *:80 :

Your OpenVPN listens on port 80???

pfguy2018

@viragomann
That was the problem. I killed that process and was able to restart the webgui. And now have changed that OpenVPN server port! Not sure why I ever set it up that way.

Thanks for your help with this!

mer

Doesn't OpenVPN by default listen on 80/443 to cover inbound connections? I'm looking at some client side config as I say that.

viragomann

@mer said in Help! Can't access webGUI:

Doesn't OpenVPN by default listen on 80/443 to cover inbound connections?

No, the web configurator does.

But the port can be changed in the System settings as mentioned above.
To get rid of listening to port 80 as well you can additionally check "Disable webConfigurator redirect rule".

pfguy2018

@mer
Not sure. But when I changed from port 80 to another port and rebooted, webgui came up immediately with no issues. So this clearly was the problem.

mer

@viragomann
Ok, maybe I'm not being clear.
It seems like the reason the OP webgui couldn't start was because OpenVPN was listening on one or more of the ports the web gui defaults to listening on.

Is that a correct statement?

If so then what does OpenVPN server listen on by default? I have some client config from a work system that implies/says to talk to the server on 80/443.

So, we know the webgui by default listens on 80/443, by default what is OpenVPN server listening on and if there is overlap, which one should change the default?

viragomann

@mer
No, there is no port overlapping with pfSense services by default of course.

The web configurator listens on both, 80 and 443.
OpenVPN is on 1194. But as soon as you need an additional OpenVPN server you need a second different port for it naturally.

In the TOs case, he set the OpenVPN to listen on 80 and 443 and hence the web configurator did not start up.

I have some client config from a work system that implies/says to talk to the server on 80/443

This is possible for sure when you move the webGUI to a different port and check "Disable webConfigurator redirect rule".

There are also other possibilities like OpenVPN port sharing or going over HA proxy to share ports with other services.

mer

@viragomann Thank you the additional server part was not clear to me. Probably read too quickly over it.
But thanks for clarification.