Default deployment on empty Ubuntu 20: no www server

d0101 · November 27, 2020, 10:56am

Hi, I have a virtual server, empty Ubuntu 20.04 machine with an ip/dns entry. The machine’s dns entry works as expected for remote machines, for example ssh is possible via the server name.

I then installed OpenVidu by following the steps at 2.16.0/deployment/deploying-on-premises (the system limits the number of links I can add). All configuration was to supply the machine’s IP into /opt/openvidu/.env and set the certificate to letsencrypt. I guessed that if OpenVidu asks for a certificate provider, my e-mail and wants the port 80 for the first run if letsencrypt is selected, it will download the certificate itself, but I am not sure.

Anyways, I started the server and there is nothing at port 443, connecting to 80 causes an invalid response. The log speaks about the port 5443 instead of 443, I have no idea why, I did not specify 5443 anywhere. Then it shows HTTPS-PORT=443. I attach local netstat’s output and then OpenVidu’s output and finally the configuration of iptables.

========================================================
========================================================
# netstat -atun
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 127.0.0.1:6379          0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN     
tcp        0      0 172.17.0.1:3478         0.0.0.0:*               LISTEN     
tcp        0      0 193.70.12.137:3478       0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:3478          0.0.0.0:*               LISTEN     
tcp        0      0 172.17.0.1:3478         0.0.0.0:*               LISTEN     
tcp        0      0 193.70.12.137:3478       0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:3478          0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN     
tcp        0      0 172.17.0.1:3479         0.0.0.0:*               LISTEN     
tcp        0      0 193.70.12.137:3479       0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:3479          0.0.0.0:*               LISTEN     
tcp        0      0 172.17.0.1:3479         0.0.0.0:*               LISTEN     
tcp        0      0 193.70.12.137:3479       0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:3479          0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:41568         127.0.0.1:6379          TIME_WAIT  
tcp        0      0 127.0.0.1:6379          127.0.0.1:41560         ESTABLISHED
tcp        0      0 193.70.12.137:22         82.121.211.214:50934    ESTABLISHED
tcp        0      0 127.0.0.1:41560         127.0.0.1:6379          ESTABLISHED
tcp        0      0 127.0.0.1:41566         127.0.0.1:6379          TIME_WAIT  
tcp        0      0 127.0.0.1:6379          127.0.0.1:41562         ESTABLISHED
tcp        0      0 127.0.0.1:41570         127.0.0.1:6379          TIME_WAIT  
tcp        0    320 193.70.12.137:22         82.121.211.214:51626    ESTABLISHED
tcp        0      0 127.0.0.1:6379          127.0.0.1:41558         ESTABLISHED
tcp        0      0 127.0.0.1:41558         127.0.0.1:6379          ESTABLISHED
tcp        0      0 127.0.0.1:41562         127.0.0.1:6379          ESTABLISHED
tcp6       0      0 :::5442                 :::*                    LISTEN     
tcp6       0      0 :::5443                 :::*                    LISTEN     
tcp6       0      0 :::22                   :::*                    LISTEN     
tcp6       0      0 ::1:3478                :::*                    LISTEN     
tcp6       0      0 ::1:3478                :::*                    LISTEN     
tcp6       0      0 ::1:3479                :::*                    LISTEN     
tcp6       0      0 ::1:3479                :::*                    LISTEN     
tcp6       0      0 :::8888                 :::*                    LISTEN     
tcp6       0      0 127.0.0.1:8888          127.0.0.1:47452         ESTABLISHED
tcp6       0      0 127.0.0.1:8888          127.0.0.1:47462         TIME_WAIT  
tcp6       0      0 127.0.0.1:8888          127.0.0.1:47460         TIME_WAIT  
tcp6       0      0 127.0.0.1:47452         127.0.0.1:8888          ESTABLISHED
udp        0      0 172.17.0.1:3478         0.0.0.0:*                          
udp        0      0 172.17.0.1:3478         0.0.0.0:*                          
udp        0      0 193.70.12.137:3478       0.0.0.0:*                          
udp        0      0 193.70.12.137:3478       0.0.0.0:*                          
udp        0      0 127.0.0.1:3478          0.0.0.0:*                          
udp        0      0 127.0.0.1:3478          0.0.0.0:*                          
udp        0      0 172.17.0.1:3479         0.0.0.0:*                          
udp        0      0 172.17.0.1:3479         0.0.0.0:*                          
udp        0      0 193.70.12.137:3479       0.0.0.0:*                          
udp        0      0 193.70.12.137:3479       0.0.0.0:*                          
udp        0      0 127.0.0.1:3479          0.0.0.0:*                          
udp        0      0 127.0.0.1:3479          0.0.0.0:*                          
udp        0      0 127.0.0.53:53           0.0.0.0:*                          
udp        0      0 193.70.12.137:68         0.0.0.0:*                          
udp6       0      0 ::1:3478                :::*                               
udp6       0      0 ::1:3478                :::*                               
udp6       0      0 ::1:3479                :::*                               
udp6       0      0 ::1:3479                :::*            

========================================================
========================================================

/opt/openvidu# ./openvidu start
Creating openvidu_openvidu-server_1 ... done
Creating openvidu_app_1             ... done
Creating openvidu_redis_1           ... done
Creating openvidu_coturn_1          ... done
Creating openvidu_kms_1             ... done
Creating openvidu_nginx_1           ... done
Attaching to openvidu_openvidu-server_1
openvidu-server_1  | 
openvidu-server_1  | 
openvidu-server_1  |   =======================================
openvidu-server_1  |   =       LAUNCH OPENVIDU-SERVER        =
openvidu-server_1  |   =======================================
openvidu-server_1  | 
openvidu-server_1  | ______________________________________________
openvidu-server_1  |    ____               __      ___     _       
openvidu-server_1  |   / __ \              \ \    / (_)   | |      
openvidu-server_1  |  | |  | |_ __   ___ _ _\ \  / / _  __| |_   _
openvidu-server_1  |  | |  | | '_ \ / _ \ '_ \ \/ / | |/ _` | | | |
openvidu-server_1  |  | |__| | |_) |  __/ | | \  /  | | (_| | |_| |
openvidu-server_1  |   \____/| .__/ \___|_| |_|\/   |_|\__,_|\__,_|
openvidu-server_1  |         | |
openvidu-server_1  |         |_|             version 2.16.0
openvidu-server_1  | ______________________________________________                                          
openvidu-server_1  | 
openvidu-server_1  | [INFO] 2020-11-27 10:40:27,128 [main] io.openvidu.server.OpenViduServer - Starting OpenViduServer on vps-17f8ee5f with PID 14 (/openvidu-server.jar started by root in /)
openvidu-server_1  | [INFO] 2020-11-27 10:40:27,142 [main] io.openvidu.server.OpenViduServer - No active profile set, falling back to default profiles: default
openvidu-server_1  | [ERROR] 2020-11-27 10:40:27,526 [main] io.openvidu.server.config.OpenviduConfig - .env file not found at /.env
openvidu-server_1  | [INFO] 2020-11-27 10:40:27,653 [main] io.openvidu.server.OpenViduServer - Started OpenViduServer in 1.868 seconds (JVM running for 3.945)
openvidu-server_1  | [INFO] 2020-11-27 10:40:27,659 [main] io.openvidu.server.OpenViduServer - 
openvidu-server_1  | 
openvidu-server_1  | 
openvidu-server_1  |    Configuration properties
openvidu-server_1  |    ------------------------
openvidu-server_1  | 
openvidu-server_1  |    * CERTIFICATE_TYPE=letsencrypt
openvidu-server_1  |    * DOMAIN_OR_PUBLIC_IP=193.70.12.137
openvidu-server_1  |    * HTTPS_PORT=443
openvidu-server_1  |    * KMS_URIS=["ws://localhost:8888/kurento"]
openvidu-server_1  |    * OPENVIDU_CDR=false
openvidu-server_1  |    * OPENVIDU_CDR_PATH=/opt/openvidu/cdr
openvidu-server_1  |    * OPENVIDU_RECORDING=false
openvidu-server_1  |    * OPENVIDU_RECORDING_AUTOSTOP_TIMEOUT=120
openvidu-server_1  |    * OPENVIDU_RECORDING_COMPOSED_BASICAUTH=true
openvidu-server_1  |    * OPENVIDU_RECORDING_COMPOSED_URL=
openvidu-server_1  |    * OPENVIDU_RECORDING_CUSTOM_LAYOUT=/opt/openvidu/custom-layout
openvidu-server_1  |    * OPENVIDU_RECORDING_DEBUG=false
openvidu-server_1  |    * OPENVIDU_RECORDING_NOTIFICATION=publisher_moderator
openvidu-server_1  |    * OPENVIDU_RECORDING_PATH=/opt/openvidu/recordings
openvidu-server_1  |    * OPENVIDU_RECORDING_PUBLIC_ACCESS=false
openvidu-server_1  |    * OPENVIDU_RECORDING_VERSION=2.16.0
openvidu-server_1  |    * OPENVIDU_SECRET=MY_SECRET
openvidu-server_1  |    * OPENVIDU_SESSIONS_GARBAGE_INTERVAL=900
openvidu-server_1  |    * OPENVIDU_SESSIONS_GARBAGE_THRESHOLD=3600
openvidu-server_1  |    * OPENVIDU_STREAMS_VIDEO_MAX_RECV_BANDWIDTH=1000
openvidu-server_1  |    * OPENVIDU_STREAMS_VIDEO_MAX_SEND_BANDWIDTH=1000
openvidu-server_1  |    * OPENVIDU_STREAMS_VIDEO_MIN_RECV_BANDWIDTH=300
openvidu-server_1  |    * OPENVIDU_STREAMS_VIDEO_MIN_SEND_BANDWIDTH=300
openvidu-server_1  |    * OPENVIDU_WEBHOOK=false
openvidu-server_1  |    * OPENVIDU_WEBHOOK_ENDPOINT=
openvidu-server_1  |    * OPENVIDU_WEBHOOK_EVENTS=[sessionCreated,sessionDestroyed,participantJoined,participantLeft,webrtcConnectionCreated,webrtcConnectionDestroyed,recordingStatusChanged,filterEventDispatched,mediaNodeStatusChanged]
openvidu-server_1  |    * OPENVIDU_WEBHOOK_HEADERS=[]
openvidu-server_1  | 
openvidu-server_1  | 
openvidu-server_1  | 
openvidu-server_1  | [WARN] 2020-11-27 10:40:27,662 [main] io.openvidu.server.OpenViduServer - You have set property server.port (or SERVER_PORT). This will serve OpenVidu Server on your host at port 5443. But property HTTPS_PORT (443) still configures the port that should be used to connect to OpenVidu Server from outside. Bear this in mind when configuring a proxy in front of OpenVidu Server
openvidu-server_1  | [INFO] 2020-11-27 10:40:27,662 [main] io.openvidu.server.OpenViduServer - Using /dev/urandom for secure random generation
openvidu-server_1  | [INFO] 2020-11-27 10:40:27,772 [main] io.openvidu.server.OpenViduServer - Starting OpenViduServer on vps-17f8ee5f with PID 14 (/openvidu-server.jar started by root in /)
openvidu-server_1  | [INFO] 2020-11-27 10:40:27,773 [main] io.openvidu.server.OpenViduServer - No active profile set, falling back to default profiles: default
openvidu-server_1  | [ERROR] 2020-11-27 10:40:29,257 [main] io.openvidu.server.config.OpenviduConfig - .env file not found at /.env
openvidu-server_1  | [INFO] 2020-11-27 10:40:29,728 [main] org.springframework.boot.web.embedded.tomcat.TomcatWebServer - Tomcat initialized with port(s): 5443 (http)
openvidu-server_1  | [INFO] 2020-11-27 10:40:29,747 [main] org.apache.coyote.http11.Http11NioProtocol - Initializing ProtocolHandler ["http-nio-0.0.0.0-5443"]
openvidu-server_1  | [INFO] 2020-11-27 10:40:29,748 [main] org.apache.catalina.core.StandardService - Starting service [Tomcat]
openvidu-server_1  | [INFO] 2020-11-27 10:40:29,749 [main] org.apache.catalina.core.StandardEngine - Starting Servlet engine: [Apache Tomcat/9.0.39]
openvidu-server_1  | [INFO] 2020-11-27 10:40:29,837 [main] org.apache.catalina.core.ContainerBase.[Tomcat].[localhost].[/] - Initializing Spring embedded WebApplicationContext
openvidu-server_1  | [INFO] 2020-11-27 10:40:29,837 [main] org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext - Root WebApplicationContext: initialization completed in 2027 ms
openvidu-server_1  | [WARN] 2020-11-27 10:40:30,040 [main] io.openvidu.server.rest.ApiRestPathRewriteFilter - Support for deprecated REST API paths enabled. Update your REST API clients to use the new paths
openvidu-server_1  | [WARN] 2020-11-27 10:40:30,040 [main] io.openvidu.server.rest.ApiRestPathRewriteFilter - Deprecated path support will be removed in a future release. You can disable old path support to test compatibility with property SUPPORT_DEPRECATED_API=false
openvidu-server_1  | [INFO] 2020-11-27 10:40:30,090 [main] io.openvidu.server.OpenViduServer - OpenVidu CDR service is disabled (may be enable with 'OPENVIDU_CDR=true')
openvidu-server_1  | [INFO] 2020-11-27 10:40:30,090 [main] io.openvidu.server.OpenViduServer - OpenVidu Webhook service is disabled (may be enabled with 'OPENVIDU_WEBHOOK=true')
openvidu-server_1  | [INFO] 2020-11-27 10:40:30,118 [main] io.openvidu.server.OpenViduServer - OpenVidu Server using one KMS: ws://localhost:8888/kurento
openvidu-server_1  | [INFO] 2020-11-27 10:40:30,151 [JsonRpcClient-hearbeatExec-e1-t0] org.kurento.jsonrpc.client.JsonRpcClientNettyWebSocket - [KurentoClient]  Connecting native client
openvidu-server_1  | [INFO] 2020-11-27 10:40:30,151 [JsonRpcClient-hearbeatExec-e1-t0] org.kurento.jsonrpc.client.JsonRpcClientNettyWebSocket - [KurentoClient]  Creating new NioEventLoopGroup
openvidu-server_1  | [INFO] 2020-11-27 10:40:30,456 [nioEventLoopGroup-2-1] org.kurento.jsonrpc.client.JsonRpcClientNettyWebSocket - [KurentoClient]  Initiating new Netty channel. Will create new handler too!
openvidu-server_1  | [INFO] 2020-11-27 10:40:30,587 [main] io.openvidu.server.recording.service.RecordingManager - OpenVidu recording service is disabled
openvidu-server_1  | [INFO] 2020-11-27 10:40:30,636 [main] io.openvidu.server.coturn.CoturnCredentialsService - COTURN IP: 193.70.12.137
openvidu-server_1  | [INFO] 2020-11-27 10:40:30,636 [main] io.openvidu.server.coturn.CoturnCredentialsService - COTURN Redis DB accessible with string "ip=127.0.0.1 dbname=0 password=MY_SECRET connect_timeout=30"
openvidu-server_1  | [INFO] 2020-11-27 10:40:30,636 [main] io.openvidu.server.coturn.CoturnCredentialsService - Cleaning COTURN DB...
openvidu-server_1  | [INFO] 2020-11-27 10:40:30,637 [main] io.openvidu.server.coturn.CoturnCredentialsService - Path of COTURN log files: /var/log/
openvidu-server_1  | [INFO] 2020-11-27 10:40:30,645 [main] io.openvidu.server.coturn.CoturnCredentialsService - COTURN DB is now empty
openvidu-server_1  | [INFO] 2020-11-27 10:40:30,645 [main] io.openvidu.server.coturn.CoturnCredentialsService - Using COTURN credentials service for BASH environment
openvidu-server_1  | [INFO] 2020-11-27 10:40:30,666 [main] io.openvidu.server.core.SessionManager - Garbage collector for non active sessions initialized. Running every 900 seconds and cleaning up non active Sessions more than 3600 seconds old
openvidu-server_1  | [INFO] 2020-11-27 10:40:30,716 [main] org.springframework.scheduling.concurrent.ThreadPoolTaskScheduler - Initializing ExecutorService 'jsonrpcTaskScheduler'
openvidu-server_1  | [INFO] 2020-11-27 10:40:30,926 [main] org.springframework.scheduling.concurrent.ThreadPoolTaskExecutor - Initializing ExecutorService 'applicationTaskExecutor'
openvidu-server_1  | [INFO] 2020-11-27 10:40:31,060 [main] org.springframework.boot.autoconfigure.web.servlet.WelcomePageHandlerMapping - Adding welcome page: class path resource [static/index.html]
openvidu-server_1  | [INFO] 2020-11-27 10:40:31,313 [main] org.springframework.security.web.DefaultSecurityFilterChain - Creating filter chain: any request, [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@1c7696c6, org.springframework.security.web.context.SecurityContextPersistenceFilter@3527942a, org.springframework.security.web.header.HeaderWriterFilter@771a660, org.springframework.web.filter.CorsFilter@1e800aaa, org.springframework.security.web.authentication.logout.LogoutFilter@576d5deb, org.springframework.security.web.authentication.www.BasicAuthenticationFilter@6574a52c, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@1ed6388a, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@4f80542f, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@60099951, org.springframework.security.web.session.SessionManagementFilter@242b836, org.springframework.security.web.access.ExceptionTranslationFilter@272113c4, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@45099dd3]
openvidu-server_1  | [INFO] 2020-11-27 10:40:31,352 [main] org.apache.coyote.http11.Http11NioProtocol - Starting ProtocolHandler ["http-nio-0.0.0.0-5443"]
openvidu-server_1  | [INFO] 2020-11-27 10:40:31,376 [main] org.springframework.boot.web.embedded.tomcat.TomcatWebServer - Tomcat started on port(s): 5443 (http) with context path ''
openvidu-server_1  | [INFO] 2020-11-27 10:40:31,391 [main] io.openvidu.server.OpenViduServer - Started OpenViduServer in 3.709 seconds (JVM running for 7.683)
openvidu-server_1  | [INFO] 2020-11-27 10:40:31,392 [main] io.openvidu.server.OpenViduServer - 
openvidu-server_1  | 
openvidu-server_1  | ----------------------------------------------------
openvidu-server_1  | 
openvidu-server_1  |    OpenVidu is ready!
openvidu-server_1  |    ---------------------------
openvidu-server_1  | 
openvidu-server_1  |    * OpenVidu Server URL: https://193.70.12.137/
openvidu-server_1  | 
openvidu-server_1  |    * OpenVidu Dashboard: https://193.70.12.137/dashboard
openvidu-server_1  | 
openvidu-server_1  | ----------------------------------------------------
openvidu-server_1  | 

===========================================================
===========================================================

# cat /etc/iptables/rules.v4
# Generated by iptables-save v1.8.4 on Fri Nov 27 10:13:16 2020
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed on Fri Nov 27 10:13:16 2020
# Generated by iptables-save v1.8.4 on Fri Nov 27 10:13:16 2020
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:DOCKER - [0:0]
COMMIT
# Completed on Fri Nov 27 10:13:16 2020
# Generated by iptables-save v1.8.4 on Fri Nov 27 10:13:16 2020
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i ens3 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i ens3 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -i ens3 -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -i ens3 -p tcp -m tcp --dport 3478 -j ACCEPT
-A INPUT -i ens3 -p udp -m udp --dport 3478 -j ACCEPT
-A INPUT -i ens3 -p tcp -m tcp --dport 8080 -j ACCEPT
-A INPUT -i ens3 -p tcp -m tcp --dport 8443 -j ACCEPT
-A INPUT -i ens3 -p tcp -m multiport --dports 40000:57000 -j ACCEPT
-A INPUT -i ens3 -p udp -m multiport --dports 40000:57000 -j ACCEPT
-A INPUT -i ens3 -p tcp -m multiport --dports 57001:65535 -j ACCEPT
-A INPUT -i ens3 -p udp -m multiport --dports 57001:65535 -j ACCEPT
-A INPUT -i lo -j ACCEPT
COMMIT

d0101 · November 27, 2020, 1:08pm

Can be a problem with the certificate. From the letsencrypt log:

certbot.errors.MissingCommandlineFlag: Missing command line flag or config entry for this setting:
Input the webroot for <site name>:

d0101 · November 27, 2020, 2:04pm

I got it. Nginx treats the field DOMAIN_OR_PUBLIC_IP as a domain. Putting IP there makes confusion. Putting IP there is ok probably only for self-signed certificates.

Topic		Replies	Views
Let's Encrypt certificate with AWS deploy: What do I need to do with the ElasticIP, my DNS, and my domain? Issues with deployment v2	2	510	January 22, 2020
OpenVidu Pro deployment not recognizing LetsEncrypt SSL certificate Issues with deployment v2	10	1154	May 10, 2020
Deploying with SSL Issues Issues with deployment v2	9	656	July 31, 2020
2.15 problem with owncert Issues with deployment v2	23	3382	December 1, 2021
Openvidu ce 2.15.0 deployment on premises Issues with deployment v2	7	316	March 23, 2021

Default deployment on empty Ubuntu 20: no www server

Related topics