Background: My company hosts two server instances for our internal web-based systems dashboard: a development server and a production server. For added security on the production server, we usually disable port 80 and use a different port to access the webserver. However, our SSL certificates are set to expire soon, so I attempted to re-enable port 80 (to perform the http-01 challenge verification). I was able to enable and renew the certificate on our development machine but cannot do the same on the production machine.
Problem: I cannot connect to the Apache webserver that is hosted on an Ubuntu 20.04.1 machine. I've explored numerous resources and similar questions to no avail. I've verified that the Apache ports.conf and the 000-default.conf is listening on port 80. I've also temporarily set the ufw / iptables configurations to allow all incoming requests in an attempt to rule out the firewall. Currently, if I run curl http://production.example.com, it returns a "Connection refused." Based on that, it seems like I'm connecting to the machine, but something is blocking it. Besides UFW or iptables, is there any service that might be blocking connections to port 80? Let me know if any more information would be required! Thanks in advance!
Configurations / Tests
curl Command:
$ curl -v http://production.example.com
* Trying xxx.xxx.xx.xx:80...
* TCP_NODELAY set
* connect to xxx.xxx.xx.xx port 80 failed: Connection refused
* Failed to connect to production.example.com port 80: Connection refused
* Closing connection 0
curl: (7) Failed to connect to production.example.com port 80: Connection refused
UFW Settings:
$ sudo ufw status verbose
Status: active
Logging: on (low)
Default: allow (incoming), allow (outgoing), disabled (routed)
New profiles: skip
To Action From
-- ------ ----
443/tcp ALLOW IN Anywhere
443/tcp (v6) ALLOW IN Anywhere (v6)
Apache ports.conf and 000-default.conf
Listen 80
<VirtualHost *:80>
ServerName production.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Commands to verify Port 80 is open:
$ sudo lsof -i:80
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
apache2 706 root 4u IPv6 20604 0t0 TCP *:http (LISTEN)
apache2 752 www-data 4u IPv6 20604 0t0 TCP *:http (LISTEN)
apache2 759 www-data 4u IPv6 20604 0t0 TCP *:http (LISTEN)
apache2 764 www-data 4u IPv6 20604 0t0 TCP *:http (LISTEN)
apache2 767 www-data 4u IPv6 20604 0t0 TCP *:http (LISTEN)
apache2 774 www-data 4u IPv6 20604 0t0 TCP *:http (LISTEN)
$ netstat -a | grep http | grep LISTEN
tcp6 0 0 [::]:http [::]:* LISTEN
Similar Questions
- Connection refused after apache update
- https://superuser.com/questions/1187495/apache-2-4-reachable-but-refusing-the-connection
--Update--
As per the comments, I ran the command described in this question, but I'm not sure how to interpret the results:
sudo tcpdump -n host 138.197.97.12 and port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
17:31:56.921857 IP 47.33.203.205.59520 > 138.197.97.12.80: Flags [S], seq 1979773428, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 362696691 ecr 0,sackOK,eol], length 0
17:31:57.936229 IP 47.33.203.205.59520 > 138.197.97.12.80: Flags [S], seq 1979773428, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 362697692 ecr 0,sackOK,eol], length 0
17:32:08.748828 IP 35.190.73.167.80 > 138.197.97.12.4957: Flags [S.], seq 3923531534, ack 2621902277, win 65535, options [mss 1430,sackOK,TS val 2683344831 ecr 873100626,nop,wscale 8], length 0
17:32:16.798047 IP 47.33.203.205.59520 > 138.197.97.12.80: Flags [S], seq 1979773428, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 362715694 ecr 0,sackOK,eol], length 0
