seduction
 Language:
Welcome, Guest. Please login or register.
Did you miss your activation email?
2019/10/22, 19:12:21


Help

Author [EN] [PL] [ES] [PT] [IT] [DE] [FR] [NL] [TR] [SR] [AR] [RU] Topic: sidu-manual and pywwetha on port 80  (Read 3089 times)

0 Members and 1 Guest are viewing this topic.

Offline jaegermeister

  • User
  • Posts: 216
sidu-manual and pywwetha on port 80
« on: 2015/11/09, 16:00:32 »
Hello Dev Team,

in order to provide a new service from my siduction main box, I had to install nginx.
To my utter surprise, port 80/tcp was already booked. It showed up that it's pywwetha server, which provides the pages of sidu-manual, occupying it.

Now, in order to dispose of standard port 80, of course I could edit /etc/pywwetha/pywwetha.conf manually, and then maybe try to also edit sidu-manual somewhere, but this would result in an uncustomized and unsupported config, also due to be wiped away at next package upgrade of the python server or manual.

Right now it's instead nginx being configured on port 81 :(, but there could also be further software, besides plain webservers, conflicting with pywwetha for port 80.

MY IDEA: wouldn't it be better to configurate by default pywwetha to serve sidu-manual files on some high port above 20000 or 30000 in order to avoid conflicts with software using port 80?

THX
---------------------------------------
SI VIS PACEM PARA BELLVM
---------------------------------------

Offline piper

  • Global Moderator
  • User
  • *****
  • Posts: 1.717
  • we are the priests ... of the temples of syrinx
I either give too many fucks or no fucks at all, it's like I cannot find a middle ground for a moderate fuck distribution, it's like what the fuck

Free speech isn't just fucking saying what you want to say, it's also hearing what you don't want to fucking hear

Offline jaegermeister

  • User
  • Posts: 216
Re: sidu-manual and pywwetha on port 80
« Reply #2 on: 2015/11/09, 16:26:42 »
Interesting answer.

So the real problem would be standard nginx config.
And this gets "solved" by introducing another problem, i.e. pywwetha struggling on port 80?

Looks like that the correct answer would be fixing both packages, not the status quo.

Plus, this is based on the hypothesis that someone should use necessarily a webserver to serve pages on the web. There are many other uses, e.g. serving files on the intranet, especially if one happens to consider that we're talking about a sid box which mostly works as a desktop (otherwise why worry with distro man pages) and not as a server 24/7.

Why should one be obliged to write a fixed address in webserver config, when he, for instance, can change the interface IP address depending on the projects he's working at or just wants to browse http://localhost/something by the same machine?

I disagree with the defaults.
---------------------------------------
SI VIS PACEM PARA BELLVM
---------------------------------------

Offline jaegermeister

  • User
  • Posts: 216
Re: sidu-manual and pywwetha on port 80
« Reply #3 on: 2015/11/09, 16:42:12 »
Also, please consider that this pretty basic config doesn't work when browsed by http://localhost or http://127.0.0.1, giving the error "refused connection".

Code: [Select]
user www-data;
worker_processes 4;
pid /run/nginx.pid;

events {
    worker_connections 768;
    # multi_accept on;
}

http {
    include            mime.types;
    default_type        application/octet-stream;
    index            index.html index.htm;
    keepalive_timeout    65;
    sendfile        on;
    server_tokens        off;

    server {
        listen       80 default_server;
        listen       [::]:80 default_server;
   
   
        location / {
                root            /var/www/html;
                autoindex        on;
                autoindex_exact_size    on;
        }


    }
}
---------------------------------------
SI VIS PACEM PARA BELLVM
---------------------------------------

Offline melmarker

  • Global Moderator
  • User
  • *****
  • Posts: 2.756
    • g-com.eu
Re: sidu-manual and pywwetha on port 80
« Reply #4 on: 2015/11/10, 01:58:43 »
Why should it work? I'm really interested in, i'm not so familar with webservers.
Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. (Benjamin Franklin, November 11, 1755)
Never attribute to malice that which can be adequately explained by stupidity. (Hanlons razor)

Offline jaegermeister

  • User
  • Posts: 216
Re: sidu-manual and pywwetha on port 80
« Reply #5 on: 2015/11/10, 09:50:04 »
If you for instance change port to 81 it works.
Same config.
---------------------------------------
SI VIS PACEM PARA BELLVM
---------------------------------------

Offline melmarker

  • Global Moderator
  • User
  • *****
  • Posts: 2.756
    • g-com.eu
Re: sidu-manual and pywwetha on port 80
« Reply #6 on: 2015/11/10, 14:05:35 »

    server {
        listen       80 default_server;
        listen       [::]:80 default_server;


You get me wrong - why listen to 80? To be true, thats not that smart and you know the reasons. And things become worse. Next time one will install both apache and nginx - only one server will start. So please: Bind a server to a address and a port.
Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. (Benjamin Franklin, November 11, 1755)
Never attribute to malice that which can be adequately explained by stupidity. (Hanlons razor)

Offline jaegermeister

  • User
  • Posts: 216
Re: sidu-manual and pywwetha on port 80
« Reply #7 on: 2015/11/10, 16:16:39 »
Why listen to port 80?


Because it's a standard. For instance, browsers work without specifying it in the address.
I don't see any danger in running an intranet webserver on port 80. Of course on machines open to the internet which provide critical services authenticated and managed through http I usually avoid port 80 but... public servers, for instance, have to run on port 80, again, because that's the standard (imagine average Joe having to type http://google.com:62856). And when the port is another  than 80, this usually gets serviced by the router/firewall with nat static routes, to a server which runs more defaults than possible (usually also port 80) on the LAN to a very high port number on the WAN. This is common network administrator practice. Having a different port on LAN doesn't add anything to security.


So, the usual main reason to change a port from default 80 is in the case that two concurrent servers are running. The logic criterion usually is: keep mainstream apps on standard defaults and provide special settings to special apps.


In our case sidu-manual is the special app, while nginx, Apache, whateverhttpd are the standard apps, candidates for port 80.
This would simplify life and do absolutely no harm to security: after all one's gotta configure his own server and there is no space for cut&paste  within the realm of security.
---------------------------------------
SI VIS PACEM PARA BELLVM
---------------------------------------

Offline melmarker

  • Global Moderator
  • User
  • *****
  • Posts: 2.756
    • g-com.eu
Re: sidu-manual and pywwetha on port 80
« Reply #8 on: 2015/11/10, 16:58:42 »
hell, i give up
Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. (Benjamin Franklin, November 11, 1755)
Never attribute to malice that which can be adequately explained by stupidity. (Hanlons razor)

Offline jaegermeister

  • User
  • Posts: 216
Re: sidu-manual and pywwetha on port 80
« Reply #9 on: 2015/11/10, 17:59:31 »
Getting into practice: besides changing port number in pywwetha.conf, what else should be changed within sidu-manual package?
---------------------------------------
SI VIS PACEM PARA BELLVM
---------------------------------------

Offline melmarker

  • Global Moderator
  • User
  • *****
  • Posts: 2.756
    • g-com.eu
Re: sidu-manual and pywwetha on port 80
« Reply #10 on: 2015/11/10, 18:12:10 »
the server part possibly - but that leads to some other activities

and btw, listen 127.0.0.foo:80 .. and [::foo]:80 with foo <> 86 will solve the problem with nginx, it will solve the problem with any other webserver too. and foo=1 will solve the problems with localhost
Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. (Benjamin Franklin, November 11, 1755)
Never attribute to malice that which can be adequately explained by stupidity. (Hanlons razor)

Offline jaegermeister

  • User
  • Posts: 216
Re: sidu-manual and pywwetha on port 80
« Reply #11 on: 2015/11/10, 18:33:56 »
The localhost part is OK.


What about a couple of local interfaces, say eth0 and eth1, whose address can change (especially eth1), depending on the project? For instance eth0 can be on dhcp (alas, in some networks it could be static dhcp) while eth1would always be 10.some.thing or 192.168.some.thing etc.


This means that if a machine hooked up to one of those networks wants to browse the files served I have to manually edit nginx.conf every time depending on my ip. Which is practically a hassle. And these ips do change really often, because that depends on the network I have to create (emulating foreign environments).


If sidu-manual already runs on 127.0.0.86, it would be great if it could run on some exotic high port too.


Then, I completely agree with you that a policy to enforce better configs in webserver could be needed, and this could be practically done by issuing a siduction package of those servers with better out of the box *.conf, even though, as we all know, there's no such thing as a sane default.



---------------------------------------
SI VIS PACEM PARA BELLVM
---------------------------------------

Offline melmarker

  • Global Moderator
  • User
  • *****
  • Posts: 2.756
    • g-com.eu
Re: sidu-manual and pywwetha on port 80
« Reply #12 on: 2015/11/10, 19:20:39 »
The only sane default in case of debian would be a not configured service unable to start out of the box with all needed configurations as a sane, documented out suggestion. Nothing less, nothing more - a webserver should not start directly after installation. (nor any other non desktop service should)

The user (better sysadmin/webadmin) should be forced to set some basic values manually. But that will remain only a dream.
Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. (Benjamin Franklin, November 11, 1755)
Never attribute to malice that which can be adequately explained by stupidity. (Hanlons razor)

Offline jaegermeister

  • User
  • Posts: 216
Re: sidu-manual and pywwetha on port 80
« Reply #13 on: 2015/11/11, 00:30:49 »
Yes, no server providing "external" services should start by default after install, however this could also be milded by putting up the most harmless config possible: in case of webserver the school example is the config that just serves a static page with "hello world!", or a mailserver that just listens to 127.0.0.1:25.

Maybe more could be obtained by following the *BSD strategy, which is also providing config examples in a separate dir, although the netbsd way (just providing those and zero initial config) might be too extreme, annoying and, frankly, counterproductive in terms of user appeal. I believe that some configs with averagely sane defaults plus extra examples could be the right way.



This said, we still have on the table the port 80 conflict.
---------------------------------------
SI VIS PACEM PARA BELLVM
---------------------------------------

Offline piper

  • Global Moderator
  • User
  • *****
  • Posts: 1.717
  • we are the priests ... of the temples of syrinx
Re: sidu-manual and pywwetha on port 80
« Reply #14 on: 2015/11/11, 00:31:16 »
eth0 and eth1

Does anybody still have this anymore ?

I thought enp0/wlp0 are standard now
I either give too many fucks or no fucks at all, it's like I cannot find a middle ground for a moderate fuck distribution, it's like what the fuck

Free speech isn't just fucking saying what you want to say, it's also hearing what you don't want to fucking hear