WebServer(HTTP/SSL) startup failed on address ::

On various Hardware and OS systems: pi / windows / routers / nas, etc

Moderator: leecollings

Post Reply
gschmidt
Posts: 200
Joined: Thursday 20 December 2018 11:03
Target OS: Raspberry Pi / ODroid
Domoticz version:
Contact:

WebServer(HTTP/SSL) startup failed on address ::

Post by gschmidt »

Hi,

I recently installed a fresh version of Domoticz on my Raspberry pi.
I want to access Domoticz secured from outside but I get errors in my current setup.

Current Setup:
On my main Router, a Mini PC with pfSense (192.168.1.1), I run 2 plug-ins:
  • HAproxy
  • ACME, which generates the certs for the Backend of HAproxy
One of the Backends is Domoticz with address ip 192.168.1.55

HAproxy Frontend Setup:
Frontend Setup.JPG
Frontend Setup.JPG (79.35 KiB) Viewed 2052 times
SSL Offloading.JPG
SSL Offloading.JPG (86.32 KiB) Viewed 2052 times
HAproxy Backend Setup:
Backend.JPG
Backend.JPG (43.51 KiB) Viewed 2052 times
The backend of HAproxy to Domoticz is setup to the HTTP server on port 9090
And I copied PEM file which ACME has created, to the domoticz folder and renamed it to server_cert.pem

So when I run domoticz from outside my network: https:/mydomain, I get a login page but also when I login from my local network.
Because I don't want to login to domoticz when I am in my local network, I set in Domoticz the local networks to 192.168.1.*
This causes that the Login page also disappears when anyone enters my domain from outside.

So when I took a closer look what went wrong I started Domoticz with:

Code: Select all

./domoticz -www 9090 -sslwww 443 -log "/var/log/domoticz.log" -loglevel all -debuglevel auth,hardware,received,webserver
Which generated the following errors:

Code: Select all

pi@Domotica-Pi:~/domoticz $ ./domoticz -www 9090 -sslwww 443 -log "/var/log/domoticz.log" -loglevel all -debuglevel auth,hardware,received,webserver
2023-01-03 15:05:50.944  Status: Domoticz V2022.2 (build 14905) (c)2012-2023 GizMoCuz
2023-01-03 15:05:50.944  Status: Build Hash: 2406d20b1, Date: 2023-01-01 11:41:36
2023-01-03 15:05:50.944  Status: Startup Path: /home/pi/domoticz/
2023-01-03 15:05:50.972  Sunrise: 08:47:00 SunSet: 16:42:00
2023-01-03 15:05:50.972  Day length: 07:56:00 Sun at south: 12:45:00
2023-01-03 15:05:50.972  Civil twilight start: 08:07:00 Civil twilight end: 17:22:00
2023-01-03 15:05:50.972  Nautical twilight start: 07:24:00 Nautical twilight end: 18:05:00
2023-01-03 15:05:50.972  Astronomical twilight start: 06:43:00 Astronomical twilight end: 18:46:00
2023-01-03 15:05:51.090  Status: PluginSystem: Started, Python version '3.7.3', 2 plugin definitions loaded.
2023-01-03 15:05:51.092  Debug: : MQTT PublishSchema 1 (1), Retain 0
2023-01-03 15:05:51.098  Active notification Subsystems: telegram (1/13)
2023-01-03 15:05:51.098  Debug: CWebServer::StartServer() : settings : 'server_settings[is_secure_=false, www_root='/home/pi/domoticz/www', listening_address='::', listening_port='9090', vhostname='', php_cgi_path='']'
2023-01-03 15:05:51.099  Status: WebServer(HTTP) started on address: :: with port 9090
2023-01-03 15:05:51.102  Debug: CWebServer::StartServer() : settings : ssl_server_settings['server_settings[is_secure_=true, www_root='/home/pi/domoticz/www', listening_address='::', listening_port='443', vhostname='', php_cgi_path='']', ssl_method='tls', certificate_chain_file_path='./server_cert.pem', ca_cert_file_path='./server_cert.pem', cert_file_path=./server_cert.pem', private_key_file_path='./server_cert.pem', private_key_pass_phrase='', ssl_options='single_dh_use', tmp_dh_file_path='./server_cert.pem', verify_peer=false, verify_fail_if_no_peer_cert=false, verify_file_path='']
2023-01-03 15:05:51.109  Debug: [web:443] Enabled ciphers (TLSv1.2) ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
2023-01-03 15:05:51.111  Error: [web:443] missing SSL DH parameters from file ./server_cert.pem
2023-01-03 15:05:51.112  Status: WebServer(SSL) startup failed on address :: with port: 443: bind: Permission denied [system:13], trying ::
2023-01-03 15:05:51.113  Debug: [web:443] Enabled ciphers (TLSv1.2) ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
2023-01-03 15:05:51.115  Error: [web:443] missing SSL DH parameters from file ./server_cert.pem
2023-01-03 15:05:51.115  Status: WebServer(SSL) startup failed on address :: with port: 443: bind: Permission denied [system:13], trying 0.0.0.0
2023-01-03 15:05:51.116  Debug: [web:443] Enabled ciphers (TLSv1.2) ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
2023-01-03 15:05:51.118  Error: [web:443] missing SSL DH parameters from file ./server_cert.pem
2023-01-03 15:05:51.119  Error: WebServer(SSL) startup failed on address 0.0.0.0 with port: 443: bind: Permission denied [system:13]
2023-01-03 15:05:51.119  Error: WebServer(SSL) check privileges for opening ports below 1024
2023-01-03 15:05:51.121  Starting shared server on: :::6144
2023-01-03 15:05:51.121  Status: TCPServer: shared server started...
2023-01-03 15:05:51.122  Status: RxQueue: queue worker started...
2023-01-03 15:05:51.418  Debug: [web:9090] Host:192.168.1.1 Uri:/
2023-01-03 15:05:51.418  Debug: [web:9090] Request Headers:
content-length: 0

2023-01-03 15:05:51.418  Debug: Web ACLF: 192.168.1.1 - - [03/Jan/2023:15:05:51.418 +0100] "OPTIONS / HTTP/1" 200 0 - -
2023-01-03 15:05:52.464  Debug: [web:9090] Host:192.168.1.1 Uri:/
2023-01-03 15:05:52.464  Debug: [web:9090] Request Headers:
content-length: 0

2023-01-03 15:05:52.465  Debug: Web ACLF: 192.168.1.1 - - [03/Jan/2023:15:05:52.464 +0100] "OPTIONS / HTTP/1" 200 0 - -
are these errors because of the HAproxy or Domoticz configuration?
User avatar
kiddigital
Posts: 435
Joined: Thursday 10 August 2017 6:52
Target OS: Raspberry Pi / ODroid
Domoticz version: Beta
Location: Netherlands
Contact:

Re: WebServer(HTTP/SSL) startup failed on address ::

Post by kiddigital »

I see 2 possible issues

1) You run the SSL version on privileged port 443 (any port below 1024 is a privileged port) so you need to run domoticz with admin (root) right to be able to use that port. It is better/safer to run Domoticz as a normal user and use a different port (9443 for example) when starting Domoticz.

2) You run behind a Proxy (which is a good choice) but looking at the Request Headers that Domoticz receives, it does not get any indication that it is called via a Proxy. Looking at the Web ACLF log line, Domoticz only 'sees' a request incoming from 192.168.1.1 which is your Proxy. This is an address that is within the Trusted Network, so no login required.

You need to configure HA Proxy to forward the origin IP address of the request to Domoticz using a Proxy Header. See this link for information on how to do that for HA Proxy (Enterprise).

Once configured correctly, the debug log of Domoticz should show that it receives some additional Request Headers that will show the origin of the request which Domoticz will than use to validate if a login screen should- or should not be presented to allow access.
One RPi with Domoticz, RFX433e, aeon labs z-wave plus stick GEN5, ha-bridge 5.4.0 for Alexa, Philips Hue Bridge, Pimoroni Automation Hat
One RPi with Pi foundation standard touch screen to display Dashticz
monette999
Posts: 10
Joined: Tuesday 21 February 2023 18:42
Target OS: Raspberry Pi / ODroid
Domoticz version:
Contact:

Re: WebServer(HTTP/SSL) startup failed on address ::

Post by monette999 »

Hallo Forum ich habe auch so ein Problem mit meinem Raspberry Pi.
raspberry webserver SSL Startup failed at 0.0.0.0.

Komisch ist das meine Backup Image genau den gleichen Fehler anzeigt.

Ich habe domoticz auf der Karte.

Wer kann hier helfen.
Danke Image

Gesendet von meinem CPH2343 mit Tapatalk

User avatar
kiddigital
Posts: 435
Joined: Thursday 10 August 2017 6:52
Target OS: Raspberry Pi / ODroid
Domoticz version: Beta
Location: Netherlands
Contact:

Re: WebServer(HTTP/SSL) startup failed on address ::

Post by kiddigital »

You have to start Domoticz either using unprivileged ports (> 1024) or start it with root privileges (which is considered bad practice).

Check the startup options to set the port number to use for the Secured server (`-sslwww 8443` for example).
One RPi with Domoticz, RFX433e, aeon labs z-wave plus stick GEN5, ha-bridge 5.4.0 for Alexa, Philips Hue Bridge, Pimoroni Automation Hat
One RPi with Pi foundation standard touch screen to display Dashticz
monette999
Posts: 10
Joined: Tuesday 21 February 2023 18:42
Target OS: Raspberry Pi / ODroid
Domoticz version:
Contact:

Re: WebServer(HTTP/SSL) startup failed on address ::

Post by monette999 »

Thank you very much I am really a rookie,
Can you write me down the command prompt,so I can do a copy paste please?


Thank you for your help.

Happy Easter.
monette999
Posts: 10
Joined: Tuesday 21 February 2023 18:42
Target OS: Raspberry Pi / ODroid
Domoticz version:
Contact:

Re: WebServer(HTTP/SSL) startup failed on address ::

Post by monette999 »

Like this
sudo -sslwww 8443

Gesendet von meinem CPH2343 mit Tapatalk

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest