Cannot access cockpit Web UI (port 9090)

mrmarkuz · April 18, 2020, 2:34pm

I assume it was the VPN of the old Nethserver. I think you needed to add the “old” VPN network to the trusted networks of the new Nethserver to be able to access the server manager over VPN.

ertank · April 18, 2020, 7:30pm

New NethServer was perfectly accessible over VPN. There was no problem on that. At some point it just become not accessible (for more than one fresh installation) even then I could still access it over SSH.

When I check, 9090 port was not listened. Moreover, there were some “dead” status for cockpit service as I shared above.

I do not think it is old server was not allowed to access situation here. I have no idea what was the problem either.

stephdl · April 18, 2020, 7:38pm

cockpit down, but I do not know why

CarlosJimenez · July 23, 2020, 10:02am

I created an AWS instance to put a nethserver in Amazon Web Services

When I try to access to port 22 or 980 from red it works perfectly. But when I try to access to port 9090, it works or not depending of the IP. I read that shorewall firewall only works on IPv4. Maybe is transparent for IPv6 addresses?

So, Why ShoreWall is blocking cockpit (9090) on red?
I see that there is network services defined for 980 and 22 (or 2221), but I cannot see a network service defined for cockpit 9090 to put a rule and open it in shorewall for red.

The default configuration for port 9090 should be the same than for 980 or 2221 right? Access opened from everywhere on Internet.

Even I see a rule in shorewall to open port 9090 into my computer (static IP) used when I installed nethserver. Why is my IP there? That could be it’s enabled only access to 9090 port to my computer

More specifically:
Nethserver uses template /etc/e-smith/templates/etc/shorewall/rules/70cockpit

#
# 60cockpit
#
?COMMENT cockpit
{
    my $port = '9090';
    my $access = ${'cockpit.socket'}{'access'} || 'green';
    my $limit = ${'cockpit.socket'}{'LimitAccess'} || '';

    if ($limit ne '') {
        $limit = ":$limit";
    }
    if ($access =~ 'green') {
        $OUT .= "ACCEPT\tloc\t\$FW\ttcp\t$port\n";
    }
    if ($access =~ 'red') {
        $OUT .= "ACCEPT\tnet$limit\t\$FW\ttcp\t$port\n";
    }
}

to build in /etc/shorewall/rules

# previous rules...

#
# 60cockpit
#
?COMMENT cockpit
ACCEPT  loc     $FW     tcp     9090
ACCEPT  net:xxx.xxx.xxx.xxx        $FW     tcp     9090 # I removed my static IP

# ... more rules

The patch for my nethserver is:

When I added after this block (or added as template) this

#
# 65mycockpit
#
?COMMENT mycockpit
ACCEPT loc      $FW     tcp     9090
ACCEPT net      $FW     tcp     9090

Allows to me to access cockpit from everywhere.

I hope that helps
Best regards

stephdl · July 23, 2020, 12:20pm

Hum, cockpit available on red is default IIRC, strange

CarlosJimenez · July 23, 2020, 12:37pm

Could be related with the fact that Cockpit network service didn’t appear in :9090/nethserver#/services

My nethserver installation was made on June 22, 2020 at 8:54:30 AM
I applied a few updates from them. Maybe is something that was an issue at time of my setup and now is fixed.

If you want more info, I am pleased to give it to you. My previous post just want to address where to watch for other users.

In /etc/e-smith/templates/etc/shorewall/rules/70cockpit the comment has 60cockpit instead 70cockpit
and the following lines appear that is green the default interface:

my $access = ${'cockpit.socket'}{'access'} || 'green';
my $limit = ${'cockpit.socket'}{'LimitAccess'} || '';

Best regards

Vitor_Hugo_Barbosa · September 25, 2020, 8:53am

we have an issue today about nethserver with an kernel panic (on logs) all school internet went down…
i have made those steps and it worked with reassigning ip address into lan and fixed wan ip address also to…at first we didn’t had the webgui so we reinstalled cockpit with other troubleshooting it worked…do you know what is the cause of that… also i have updated

mrmarkuz · September 25, 2020, 9:01am

Please share relevant log entries…

Maybe you hit this one?

Vitor_Hugo_Barbosa · September 25, 2020, 9:06am

Romain S is my friend is at the school is managing right now with nethserver, he gonna sent you the logs mark

Romain_S · September 25, 2020, 9:13am

Hello,

here are the logs you’ve been asking for :

September 25, 2020