OPNsense Forum
Archive => 18.1 Legacy Series => Topic started by: Newbiewifi on July 11, 2018, 07:07:15 pm
-
Starting web GUI...failed.
Do I need to restart the computer?
-
You're using strict interface binding for the web GUI?
Cheers,
Franco
-
no strict binding.
I can only access via ssh
-
Okay, from the console:
# /usr/local/sbin/lighttpd -f /var/etc/lighty-webConfigurator.conf
Cheers,
Franco
-
Thank you for the quick reply.
but it fails
:~ # /usr/local/sbin/lighttpd -f /var/etc/lighty-webConfigurator.conf
2018-07-11 18:29:05: (mod_openssl.c.618) ssl.pemfile has to be set when ssl.engine = "enable"
2018-07-11 18:29:05: (server.c.1148) Initialization of plugins failed. Going down.
-
# grep ssl.pemfile /var/etc/lighty-webConfigurator.conf
Looks like it's not set or not on the disk for whatever reason? oO
Cheers,
Franco
-
Thank you for the help.
I've restarted and used an old backup.
:)
-
I'm curious... what happened?
Thanks,
Franco
-
Firmware: OPNsense 18.1.11-amd64
Previous firmware: OPNsense 18.1.10-amd64
@Franco I experience the same problem.
When the interface re0 (lan side) loses the connection then the lighttpd (webgui) also crashes view the logs below.
Then after crashing and executing the command directly below, the webui is working properly. /usr/local/sbin/lighttpd -f /var/etc/lighty-webConfigurator.conf
Logging:
system.log output
Jul 11 21:06:16 XXNAMEFIREWALLXX kernel: re0: link state changed to DOWN
Jul 11 21:06:16 XXNAMEFIREWALLXX opnsense: /usr/local/etc/rc.linkup: Hotplug event detected for LAN(lan) but ignoring since interface is configured with static IP (192.168.X.X 2001:XXX:XXXX:XXXX::1)
Jul 11 21:06:19 XXNAMEFIREWALLXX kernel: re0: link state changed to UP
Jul 11 21:06:19 XXNAMEFIREWALLXX opnsense: /usr/local/etc/rc.linkup: Hotplug event detected for LAN(lan) but ignoring since interface is configured with static IP (192.168.X.X 2001:XXX:XXXX:XXXX::1)
Jul 11 21:06:20 XXNAMEFIREWALLXX opnsense: /usr/local/etc/rc.newwanip: IP renewal is starting on 're0'
Jul 11 21:06:20 XXNAMEFIREWALLXX opnsense: /usr/local/etc/rc.newwanip: On (IP address: 192.168.X.X) (interface: LAN[lan]) (real interface: re0).
Jul 11 21:06:20 XXNAMEFIREWALLXX opnsense: /usr/local/etc/rc.newwanip: ROUTING: entering configure using 'lan'
Jul 11 21:06:20 XXNAMEFIREWALLXX opnsense: /usr/local/etc/rc.newwanip: ROUTING: IPv6 default gateway set to opt1
Jul 11 21:06:20 XXNAMEFIREWALLXX opnsense: /usr/local/etc/rc.newwanip: ROUTING: IPv4 default gateway set to wan
Jul 11 21:06:20 XXNAMEFIREWALLXX opnsense: /usr/local/etc/rc.newwanip: ROUTING: skipping IPv4 default route
Jul 11 21:06:20 XXNAMEFIREWALLXX opnsense: /usr/local/etc/rc.newwanip: ROUTING: skipping IPv6 default route
Jul 11 21:06:20 XXNAMEFIREWALLXX opnsense: /usr/local/etc/rc.newwanip: Removing static route for monitor 2001:XXX:XXXX:XXXX::2 via 2001:XXX:XXXX:XXXX::1
Jul 11 21:06:23 XXNAMEFIREWALLXX kernel: re0: link state changed to DOWN
Jul 11 21:06:23 XXNAMEFIREWALLXX sshd[49952]: Received signal 15; terminating.
Jul 11 21:06:23 XXNAMEFIREWALLXX sshd[19607]: error: Bind to port 22 on fe80::201:2eff:fe78:617c failed: Can't assign requested address.
Jul 11 21:06:23 XXNAMEFIREWALLXX sshd[19607]: error: Bind to port 22 on fe80::201:2eff:fe78:617c failed: Can't assign requested address.
Jul 11 21:06:23 XXNAMEFIREWALLXX sshd[19607]: Server listening on 2001:XXX:XXXX:XXXX::1 port 22.
Jul 11 21:06:23 XXNAMEFIREWALLXX sshd[19607]: Server listening on 192.168.X.X port 22.
Jul 11 21:06:24 XXNAMEFIREWALLXX opnsense: /usr/local/etc/rc.newwanip: The command '/usr/local/sbin/lighttpd -f /var/etc/lighty-webConfigurator.conf' returned exit code '255', the output was '2018-07-11 21:06:24: (network.c.313) can't bind to socket: [2001:XXX:XXXX:XXXX::1]:443 Can't assign requested address'
Jul 11 21:06:26 XXNAMEFIREWALLXX kernel: re0: link state changed to UP
Jul 11 21:06:26 XXNAMEFIREWALLXX opnsense: /usr/local/etc/rc.linkup: Hotplug event detected for LAN(lan) but ignoring since interface is configured with static IP (192.168.X.X 2001:XXX:XXXX:XXXX::1)
Jul 11 21:06:26 XXNAMEFIREWALLXX opnsense: /usr/local/etc/rc.linkup: Hotplug event detected for LAN(lan) but ignoring since interface is configured with static IP (192.168.X.X 2001:XXX:XXXX:XXXX::1)
Jul 11 21:06:27 XXNAMEFIREWALLXX opnsense: /usr/local/etc/rc.newwanip: IP renewal is starting on 're0'
configd.log output:
Jul 11 21:06:16 XXNAMEFIREWALLXX configd.py: [fba537dd-5bbe-4537-b07c-11c9910783a7] Linkup stopping re0
Jul 11 21:06:19 XXNAMEFIREWALLXX configd.py: [7bc8e865-b5a2-47d3-8ef3-a2b8626ced4c] Linkup starting re0
Jul 11 21:06:20 XXNAMEFIREWALLXX configd.py: [4d28dac1-015e-4358-b0d3-d3c39506a972] New IPv4 on re0
Jul 11 21:06:22 XXNAMEFIREWALLXX configd.py: [2b4c1629-5694-470d-865e-f852460f74d4] generate template OPNsense/Filter
Jul 11 21:06:23 XXNAMEFIREWALLXX configd.py: generate template container OPNsense/Filter
Jul 11 21:06:23 XXNAMEFIREWALLXX configd.py: OPNsense/Filter generated //usr/local/etc/filter_tables.conf
Jul 11 21:06:23 XXNAMEFIREWALLXX configd.py: [d2c16a2f-4237-4d92-8f84-32b5d3893c40] refresh url table aliases
Jul 11 21:06:23 XXNAMEFIREWALLXX configd.py: [3cfaa67b-1075-4a1a-92c0-01f1b5615c89] generate template OPNsense/WebGui
Jul 11 21:06:23 XXNAMEFIREWALLXX configd.py: generate template container OPNsense/WebGui
Jul 11 21:06:24 XXNAMEFIREWALLXX configd.py: OPNsense/WebGui generated //usr/local/lib/php.ini
Jul 11 21:06:24 XXNAMEFIREWALLXX configd.py: OPNsense/WebGui generated //usr/local/etc/php.ini
Jul 11 21:06:24 XXNAMEFIREWALLXX configd.py: message d2c16a2f-4237-4d92-8f84-32b5d3893c40 [filter.refresh_aliases] returned OK
Jul 11 21:06:26 XXNAMEFIREWALLXX configd.py: [03ad5e4e-86df-45fe-8ba6-958318c4f22d] Linkup stopping re0
Jul 11 21:06:26 XXNAMEFIREWALLXX configd.py: [38bc3a52-3a9e-4961-9596-f1e04289e089] Linkup starting re0
Jul 11 21:06:26 XXNAMEFIREWALLXX configd.py: [ca4c2dab-abe8-46ee-861d-72fc3199c94a] New IPv4 on re0
-
Sorry,
:'(
It's a live system and I didn't have much time to look into.
-
Hi racef@ce,
Yes, you're using strict binding on SSH and the GUI... I was never completely fond of the request, but we slapped a big warning dialog on the GUI to make sure its implications:
https://github.com/opnsense/core/issues/1347#issuecomment-347696172
Mostly:
There will not be a lot of sanity checking. To stress this point, if all manually configured interfaces do not have a single IP listening address, the service will refuse to start as opposed to falling back to listen on all interfaces...
Use at your own risk. It's hard to recover without other precautions like console access, auto-console login, etc.
Maybe legacy_getall_interface_addresses() is a better pick. Unbound and Dnsmasq gained similar but lsightly more robust solutions in 18.7 vs. the initial approach in 18.1 for SSH and the GUI. I can take a look post 18.7 if you want? :)
Cheers,
Franco
-
Hey Newbiewifi,
No worries. Let me know if it happens again.
Cheers,
Franco
-
@Franco
Thanks for the quick response, I have also tested this on the OPNsense 18.7.r_10-amd64 build and can confirm the problem still presents.
How can I prevent this in the configuration, not using strict binding on SSH and the GUI?
Logging:
system.log
Jul 12 22:50:44 XXNAMEFIREWALLXX kernel: re0: link state changed to DOWN
Jul 12 22:50:44 XXNAMEFIREWALLXX opnsense: /usr/local/etc/rc.linkup: Hotplug event detected for LAN(lan) but ignoring since interface is configured with static IP (192.168.X.X 2001:XXX:XXXX:XXXX::1)
Jul 12 22:50:47 XXNAMEFIREWALLXX kernel: re0: link state changed to UP
Jul 12 22:50:47 XXNAMEFIREWALLXX opnsense: /usr/local/etc/rc.linkup: Hotplug event detected for LAN(lan) but ignoring since interface is configured with static IP (192.168.X.X 2001:XXX:XXXX:XXXX::1)
Jul 12 22:50:47 XXNAMEFIREWALLXX opnsense: /usr/local/etc/rc.newwanip: IP renewal is starting on 're0'
Jul 12 22:50:48 XXNAMEFIREWALLXX opnsense: /usr/local/etc/rc.newwanip: On (IP address: 192.168.X.X) (interface: LAN[lan]) (real interface: re0).
Jul 12 22:50:48 XXNAMEFIREWALLXX opnsense: /usr/local/etc/rc.newwanip: ROUTING: entering configure using 'lan'
Jul 12 22:50:48 XXNAMEFIREWALLXX opnsense: /usr/local/etc/rc.newwanip: ROUTING: IPv6 default gateway set to opt1
Jul 12 22:50:48 XXNAMEFIREWALLXX opnsense: /usr/local/etc/rc.newwanip: ROUTING: IPv4 default gateway set to wan
Jul 12 22:50:48 XXNAMEFIREWALLXX opnsense: /usr/local/etc/rc.newwanip: ROUTING: skipping IPv4 default route
Jul 12 22:50:48 XXNAMEFIREWALLXX opnsense: /usr/local/etc/rc.newwanip: ROUTING: skipping IPv6 default route
Jul 12 22:50:48 XXNAMEFIREWALLXX opnsense: /usr/local/etc/rc.newwanip: Removing static route for monitor 2001:XXX:XXXX:XXXX::2 via 2001:XXX:XXXX:XXXX::1
Jul 12 22:50:50 XXNAMEFIREWALLXX kernel: re0: link state changed to DOWN
Jul 12 22:50:51 XXNAMEFIREWALLXX sshd[56059]: Received signal 15; terminating.
Jul 12 22:50:51 XXNAMEFIREWALLXX sshd[31796]: error: Bind to port 22 on fe80::201:2eff:fe78:617c failed: Can't assign requested address.
Jul 12 22:50:51 XXNAMEFIREWALLXX sshd[31796]: error: Bind to port 22 on fe80::201:2eff:fe78:617c failed: Can't assign requested address.
Jul 12 22:50:51 XXNAMEFIREWALLXX sshd[31796]: error: Bind to port 22 on 2001:XXX:XXXX:XXXX::1 failed: Can't assign requested address.
Jul 12 22:50:51 XXNAMEFIREWALLXX sshd[31796]: error: Bind to port 22 on 2001:XXX:XXXX:XXXX::1 failed: Can't assign requested address.
Jul 12 22:50:51 XXNAMEFIREWALLXX sshd[31796]: Server listening on 192.168.X.X port 22.
Jul 12 22:50:52 XXNAMEFIREWALLXX opnsense: /usr/local/etc/rc.newwanip: The command '/usr/local/sbin/lighttpd -f /var/etc/lighty-webConfigurator.conf' returned exit code '255', the output was '2018-07-12 22:50:52: (network.c.313) can't bind to socket: [2001:XXX:XXXX:XXXX::1]:443 Can't assign requested address'
Jul 12 22:50:53 XXNAMEFIREWALLXX kernel: re0: link state changed to UP
Jul 12 22:50:54 XXNAMEFIREWALLXX opnsense: /usr/local/etc/rc.linkup: Hotplug event detected for LAN(lan) but ignoring since interface is configured with static IP (192.168.X.X 2001:XXX:XXXX:XXXX::1)
Jul 12 22:50:54 XXNAMEFIREWALLXX opnsense: /usr/local/etc/rc.linkup: Hotplug event detected for LAN(lan) but ignoring since interface is configured with static IP (192.168.X.X 2001:XXX:XXXX:XXXX::1)
Jul 12 22:50:55 XXNAMEFIREWALLXX opnsense: /usr/local/etc/rc.newwanip: IP renewal is starting on 're0'
Jul 12 22:50:55 XXNAMEFIREWALLXX opnsense: /usr/local/etc/rc.newwanip: On (IP address: 192.168.X.X) (interface: LAN[lan]) (real interface: re0).
Jul 12 22:51:27 XXNAMEFIREWALLXX opnsense: user 'root' authenticated successfully
Jul 12 22:51:28 XXNAMEFIREWALLXX sshd[66021]: Accepted keyboard-interactive/pam for root from 192.168.X.X0 port 1640 ssh2
configf.log
Jul 12 22:50:50 XXNAMEFIREWALLXX configd.py: [1f8a57c4-7e2c-4dea-87e3-1ad46a48abde] generate template OPNsense/Filter
Jul 12 22:50:51 XXNAMEFIREWALLXX configd.py: generate template container OPNsense/Filter
Jul 12 22:50:51 XXNAMEFIREWALLXX configd.py: OPNsense/Filter generated //usr/local/etc/filter_tables.conf
Jul 12 22:50:51 XXNAMEFIREWALLXX configd.py: [6f92cc52-0838-41c3-ad8f-4857c0e54c40] refresh url table aliases
Jul 12 22:50:51 XXNAMEFIREWALLXX configd.py: [16ba78c9-7d1b-495f-8dd7-7eb8666e7ab6] generate template OPNsense/WebGui
Jul 12 22:50:51 XXNAMEFIREWALLXX configd.py: generate template container OPNsense/WebGui
Jul 12 22:50:52 XXNAMEFIREWALLXX configd.py: OPNsense/WebGui generated //usr/local/lib/php.ini
Jul 12 22:50:52 XXNAMEFIREWALLXX configd.py: OPNsense/WebGui generated //usr/local/etc/php.ini
Jul 12 22:50:52 XXNAMEFIREWALLXX configd.py: message 6f92cc52-0838-41c3-ad8f-4857c0e54c40 [filter.refresh_aliases] returned OK
Jul 12 22:50:54 XXNAMEFIREWALLXX configd.py: [0df2844f-cf9a-4617-8389-47aaf7939f0f] Linkup stopping re0
Jul 12 22:50:54 XXNAMEFIREWALLXX configd.py: [0aba07a6-8440-4a96-bc83-bc80dfabdf60] Linkup starting re0
Jul 12 22:50:54 XXNAMEFIREWALLXX configd.py: [653d0612-9460-4bd0-87e6-966fcec8059c] New IPv4 on re0
-
Yes.
Cheers,
Franco
-
@Franco
Nice can you tell me how you can set this up?
-
There is warning dialog when you select explicit interfaces under System: Settings: Administration. It's best to uncheck (really leave unchecked) the selection and let the web GUI bind to all addresses.
I'll work on this post-18.7, but we need to get 18.7 out the door so priorities stay there.
Cheers,
Franco
-
I ran into the very same situation: After updating the official recent installation image (18.7, amd, vga from the OPNsense website) to 18.7.9, after a reboot the web GUI failed to start! The problem seems symptomatic for this update, it happened on two test sites were we try OPNsense. Most frustrating, one site is remote and ssh is disabled.
As the thread indicates, the last question was how to revert the binding to a specific address/interface? I guess the last response is a kind of ironic, since no web GUI, no chance to change. Funny.
Is there a way to configure/uncheck this manually?
Regards
-
Is there a way to configure/uncheck this manually?
Using vim to edit the configuration (via SSH) and reload everything you should be able to change almost everything running on OPNsense.
I can offer you a workaround - replace lighttpd by nginx:
1. Install the nginx plugin
2. change this line in the configuration template (uncomment the import line): https://github.com/opnsense/plugins/blob/master/www/nginx/src/opnsense/service/templates/OPNsense/Nginx/http.conf#L42
3. generate the server config "configctl template reload OPNsense/Nginx"
4. start the service "configctl nginx start"
Then the web interface is served by nginx (please note that this is currently not officially supported by core or the plugin itself, so it may cause some trouble with the next update*). Please keep in mind that even if it is faster, you should not stay with experimental code because the core currently cannot restart the web interface etc. when nginx is serving it and it tries to start lighttpd and will obviously fail (port is in use).
The main reason why the plugin ships this code is that my original intention was to share the port between the web interface and the reverse proxy so both can use the standard ports (80, 443).
* nginx plugin update => change in (2) will be lost; core update => nginx is started after lighttpd and cannot start because the port is in use (which can be prevented by also overriding the listen directive (https://github.com/opnsense/plugins/blob/master/www/nginx/src/opnsense/service/templates/OPNsense/Nginx/webgui.conf#L11-L12)
-
# vi /conf/config.xml
Find <system>
Find <webgui>
Find <interfaces>
Delete <interfaces>a,b,c,d</interfaces> line
Save the file.
# /usr/local/etc/rc.restart_webgui
Cheers,
Franco