Connection refused when doing initial web-based setup after install

Installation Issues
21
Welcome to nginx! body { width: 35em; margin: 0 auto; font-family: Tahoma, Verdana, Arial, sans-serif; }

Welcome to nginx!

If you see this page, the nginx web server is successfully installed and working. Further configuration is required.

For online documentation and support please refer to nginx.org.
Commercial support is available at nginx.com.

Thank you for using nginx.

22

Can you post the contents of :
/etc/nginx/nginx.conf

23 
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
        worker_connections 768;
        # multi_accept on;
}

http {

        ##
        # Basic Settings
        ##

        sendfile on;
        tcp_nopush on;
        types_hash_max_size 2048;
        # server_tokens off;

        # server_names_hash_bucket_size 64;
        # server_name_in_redirect off;

        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        ##
        # SSL Settings
        ##

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
        ssl_prefer_server_ciphers on;

        ##
        # Logging Settings
        ##

        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;

        ##
        # Gzip Settings
        ##

        gzip on;

        # gzip_vary on;
        # gzip_proxied any;
        # gzip_comp_level 6;
        # gzip_buffers 16 8k;
        # gzip_http_version 1.1;
        # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

        ##
        # Virtual Host Configs
        ##

        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;
}


#mail {
#       # See sample authentication script at:
#       # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
#       # auth_http localhost/auth.php;
#       # pop3_capabilities "TOP" "USER";
#       # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
#       server {
#               listen     localhost:110;
#               protocol   pop3;
#               proxy      on;
#       }
#
#       server {
#               listen     localhost:143;
#               protocol   imap;
#               proxy      on;
#       }
#}
24

If you run sudo service nginx status what does it show?

Here’s mine:

● nginx.service - nginx - high performance web server
     Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
     Active: active (running) since Wed 2023-03-29 22:49:42 EDT; 6 days ago
       Docs: https://nginx.org/en/docs/
    Process: 850 ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf (code=exited, status=0/SUCCESS)
    Process: 786144 ExecReload=/bin/sh -c /bin/kill -s HUP $(/bin/cat /var/run/nginx.pid) (code=exited, status=0/SUCCESS)
   Main PID: 877 (nginx)
      Tasks: 3 (limit: 5812)
     Memory: 16.6M
     CGroup: /system.slice/nginx.service
             ├─   877 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
             ├─786147 nginx: worker process
             └─786148 nginx: worker process

I would also like to know how it’s configuring to server the index.html file instead of passbolt’s index.php.

What does this show:
sudo grep -rnw '/etc/nginx' -e 'index.html'

25

Here are the results of sudo service nginx status:

● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2023-04-04 17:24:10 PDT; 1 day 2h ago
Docs: man:nginx(8)
Process: 41865 ExecReload=/usr/sbin/nginx -g daemon on; master_process on; -s reload (code=exited, status=0/SUCCESS)
Main PID: 4971 (nginx)
Tasks: 5 (limit: 779)
CPU: 700ms
CGroup: /system.slice/nginx.service
├─ 4971 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
├─41866 nginx: worker process
├─41867 nginx: worker process
├─41868 nginx: worker process
└─41869 nginx: worker process

Apr 04 17:24:10 raspberrypi systemd[1]: Starting A high performance web server and a reverse proxy server…
Apr 04 17:24:10 raspberrypi systemd[1]: Started A high performance web server and a reverse proxy server.
Apr 04 17:34:01 raspberrypi systemd[1]: Reloading A high performance web server and a reverse proxy server.
Apr 04 17:34:02 raspberrypi systemd[1]: Reloaded A high performance web server and a reverse proxy server.
Apr 04 17:34:27 raspberrypi systemd[1]: Reloading A high performance web server and a reverse proxy server.
Apr 04 17:34:27 raspberrypi systemd[1]: Reloaded A high performance web server and a reverse proxy server.
Apr 05 12:36:32 raspberrypi systemd[1]: Reloading A high performance web server and a reverse proxy server.
Apr 05 12:36:32 raspberrypi systemd[1]: Reloaded A high performance web server and a reverse proxy server.

And the results of sudo grep -rnw '/etc/nginx' -e 'index.html':

/etc/nginx/sites-available/default:44: index index.html index.htm index.nginx-debian.html;
/etc/nginx/sites-available/default:86:# index index.html;

26

If you move the default file out of sites-available directory and reload nginx, what happens when you attempt to access the site?

Like, just move it somewhere else for the moment.

27

I renamed it OLD-default and then typed systemctl reload nginx and this was the result:

Job for nginx.service failed.
See “systemctl status nginx.service” and “journalctl -xe” for details.

systemctl status nginx.service gave me:

● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2023-04-04 17:24:10 PDT; 1 day 14h ago
Docs: man:nginx(8)
Process: 65552 ExecReload=/usr/sbin/nginx -g daemon on; master_process on; -s reload (code=exited, status=1/FAILURE)
Main PID: 4971 (nginx)
Tasks: 5 (limit: 779)
CPU: 798ms
CGroup: /system.slice/nginx.service
├─ 4971 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
├─41866 nginx: worker process
├─41867 nginx: worker process
├─41868 nginx: worker process
└─41869 nginx: worker process

Apr 04 17:34:01 raspberrypi systemd[1]: Reloading A high performance web server and a reverse proxy server.
Apr 04 17:34:02 raspberrypi systemd[1]: Reloaded A high performance web server and a reverse proxy server.
Apr 04 17:34:27 raspberrypi systemd[1]: Reloading A high performance web server and a reverse proxy server.
Apr 04 17:34:27 raspberrypi systemd[1]: Reloaded A high performance web server and a reverse proxy server.
Apr 05 12:36:32 raspberrypi systemd[1]: Reloading A high performance web server and a reverse proxy server.
Apr 05 12:36:32 raspberrypi systemd[1]: Reloaded A high performance web server and a reverse proxy server.
Apr 06 07:47:27 raspberrypi systemd[1]: Reloading A high performance web server and a reverse proxy server.
Apr 06 07:47:27 raspberrypi nginx[65552]: nginx: [emerg] open() “/etc/nginx/sites-enabled/default” failed (2: No such file or directory) in /etc/nginx/ng>
Apr 06 07:47:27 raspberrypi systemd[1]: nginx.service: Control process exited, code=exited, status=1/FAILURE
Apr 06 07:47:27 raspberrypi systemd[1]: Reload failed for A high performance web server and a reverse proxy server.

journalctl -xe gave me:

░░ Subject: A reload job for unit nginx.service has begun execution
░░ Defined-By: systemd
░░ Support: Debian -- User Support
░░
░░ A reload job for unit nginx.service has begun execution.
░░
░░ The job identifier is 7582.
Apr 06 07:47:27 raspberrypi nginx[65552]: nginx: [emerg] open() “/etc/nginx/sites-enabled/default” failed (2: No such file or directory) in /etc/nginx/ng>
Apr 06 07:47:27 raspberrypi systemd[1]: nginx.service: Control process exited, code=exited, status=1/FAILURE
░░ Subject: Unit process exited
░░ Defined-By: systemd
░░ Support: Debian – User Support
░░
░░ An ExecReload= process belonging to unit nginx.service has exited.
░░
░░ The process’ exit code is ‘exited’ and its exit status is 1.
Apr 06 07:47:27 raspberrypi systemd[1]: Reload failed for A high performance web server and a reverse proxy server.
░░ Subject: A reload job for unit nginx.service has finished
░░ Defined-By: systemd
░░ Support: Debian – User Support
░░
░░ A reload job for unit nginx.service has finished.
░░
░░ The job identifier is 7582 and the job result is failed.
Apr 06 07:48:01 raspberrypi CRON[65553]: pam_unix(cron:session): session opened for user www-data(uid=33) by (uid=0)
Apr 06 07:48:01 raspberrypi CRON[65554]: (www-data) CMD ($PASSBOLT_BASE_DIR/bin/cron > $PASSBOLT_LOG_DIR/cron.log 2> $PASSBOLT_LOG_DIR/cron-error.log)
Apr 06 07:48:02 raspberrypi mariadbd[17404]: 2023-04-06 7:48:02 2345 [Warning] Access denied for user ‘’@‘localhost’
Apr 06 07:48:02 raspberrypi CRON[65553]: pam_unix(cron:session): session closed for user www-data
Apr 06 07:49:01 raspberrypi CRON[65574]: pam_unix(cron:session): session opened for user www-data(uid=33) by (uid=0)
Apr 06 07:49:01 raspberrypi CRON[65575]: (www-data) CMD ($PASSBOLT_BASE_DIR/bin/cron > $PASSBOLT_LOG_DIR/cron.log 2> $PASSBOLT_LOG_DIR/cron-error.log)
Apr 06 07:49:02 raspberrypi mariadbd[17404]: 2023-04-06 7:49:02 2346 [Warning] Access denied for user ‘’@‘localhost’
Apr 06 07:49:02 raspberrypi CRON[65574]: pam_unix(cron:session): session closed for user www-data
Apr 06 07:50:01 raspberrypi CRON[65595]: pam_unix(cron:session): session opened for user www-data(uid=33) by (uid=0)
Apr 06 07:50:01 raspberrypi CRON[65596]: (www-data) CMD ($PASSBOLT_BASE_DIR/bin/cron > $PASSBOLT_LOG_DIR/cron.log 2> $PASSBOLT_LOG_DIR/cron-error.log)
Apr 06 07:50:01 raspberrypi mariadbd[17404]: 2023-04-06 7:50:01 2347 [Warning] Access denied for user ‘’@‘localhost’
Apr 06 07:50:01 raspberrypi CRON[65595]: pam_unix(cron:session): session closed for user www-data

28

Ok, rename it back to default.

In the passbolt NGINX config file uncomment the server_name and add your ip address so it looks like:

server_name 10.0.0.81;

Then reload NGINX.

1 Like
29

I changed that line in the nginx-passbolt.conf files in both the /etc/nginx/sites-available and /etc/nginx/sites-enabled directories. I reloaded nginx, tried both my URL and 10.0.0.81 and there was no change. URL still says rejected, IP address still gives the nginx Welcome screen. Used a different browser also, same result.

30

I’m thinking we are hitting a Tomato reverse proxy or something.

31

Ok… What do you think the way forward is?

32

If it were me I would access the Pi locally and complete setup first. This should get you an admin user with basic setup. It will also help you confirm it’s working.

Then, I’d start learning more about your router capability, and make sure zones and firewall settings are correct. I looked for Advanced Tomato documentation but couldn’t find any, and I’m not familiar with it.

33

Is there a walkthrough on setting it up locally? Just to give me a jumping off point?

34

What kind of OS is your computer you are using to access the Pi? What are you using as a SSH client?

35

I’m running Kubuntu 22.04 as my main desktop and just using the default ssh client from the terminal.

36

With the SSH command you can take calls to a local port and forward them to a remote port via an SSH session.

ssh -L LOCAL_PORT:DESTINATION:DESTINATION_PORT {user@remote}

If your rpi domain and passbolt site is rpi.lan, rpi user is rpi, and assuming you aren’t running a webserver on Kubuntu (because if your are it will conflict) , it could be:

ssh -L 443:10.0.0.81:443 rpi@10.0.0.81

Add to your Kubuntu /etc/hosts file the following:

rpi.lan 127.0.0.1

All calls to your local 443 will go through ssh to the rpi 443, while the ssh connection is active. In your browser, https://rpi.lan will go to your local 443 and get forwarded to your 443 on the rpi. Whatever you set passbolt domain to, change rpi.lan to that. If you want to do http, change ports to 80.

EDIT: changed ip address in example to match what you already shared