Apache2 server won't expose to internet
February 16, 2025, 22:16
Hey there, so I've been trying to setup a simple webpage using apache2. I've been able to set it up so I can connect to it through local ip, but if I search for my public ip I don't get the webpage.
I've already setup the needed port forwarding of port 80 to the static ip of the raspberry pi and configured the ufw of to allow 80/tcp Anywhere.
I'm kinda lost here, I've previously setup my raspberry pi (same static ip) to have a public webpage, that worked but I wanted to restart and now it doesn't work (so I would think it's not a problem with port forwarding)
Do you guys have any idea of what to try?
What says ufw status?
(Or: ufw status verbose)
Is the rpi reachable local(ping)?
if you got a ssl cert you need to forward 443 port
Yeah ufw has the 80/tcp to allow from anywhere
Yup it's reachable from the local network, I'm even able to view the apache webpage when surfing for like http://192.168.1.10
I haven't gotten to the point of getting the cert, cause I believe you first need the normal http to work. But the port forwarding on my router is setup to forward 443 port to the raspberry as well as the ufw allow 443 anywhere
you dont need normal http first to work you can get a wildcard cert before doing any webserver stuff
you can get a cert whenever
Ow, but nonetheless haven't gotten to there yet
I'll provide screenshots of the ufw and port forwarding later today
open upsome port checker on net and see if it thinks the ports are open or m9t
not*
portchecker.co
Is apache configured for SSL traffic?
I've tried with CanYouSeeMe.org but that couldn't find that the port was open, but I'll get to the portchecker.co later today
I'm not sure, how would I check that
if it cant see the port being open than its not open could be due to router or firewall
or firewall on router if you got a firewall router
I would think if I configured the port forwarding that it automatically bypasses the firewall on the router
as far as the ufw, I would think that's setup properly or does that act differently when receiving a request from local or public ip. cause on local network the webpage works
I'll show you my port forwarding once I get home
depends on what router you have and how you set it up .... if you have a firewall router that might not be the case
if you have a cheapo tplink level stuff than yes
you should've started by providing that π
noon can help without configs and stuff
and without knowing how its all setup
fair enough
everytime asking for help we need the following:
- os something is running on
- which webserver is being used (nginx, apache ......)
- what firewall is being used if any?
- what type of router is being used
- description of what app/cms you are trying to run or is it your custom site
- pics or pastes of all configs (preferrably both)
- no hiding of local IPs LOL ... some people do that and it makes life a living hell
- any adittional info that i forgot to state dosent hurt
Alright here the specs
device: raspberry pi 1 model B+
os: Raspbian GNU/Linux 12 (bookworm)
kernel: Linux pi 6.6.74+rpt-rpi-v6 #1 Raspbian 1:6.6.74-1+rpt1 (2025-01-27) armv6l GNU/Linux
it's a apache2 webserver
I'm using the ufw
I have the Docsis 3.1 Wifi6 (docsis) modem/router
at the moment I'm just trying to run a static webpage (only html)
I've given the rpi the static ip of 192.168.1.10/24
I was going through my isp's portal for configuring my network and saw something weird
This is the network settings the rpi uses ([msg](https://discord.com/channels/818384379197784084/1340808961934233620/1341088116211060820))
This is the rpi (it has the same mac address) but the ip is different, any ideas why this could happen?
here is my ufw
most configs are just default
the apache2/ports.conf
conf
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default.conf
Listen 80
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
exposed my public ip :/
where did you set static ip
in router or pi?
pi
but it displays another ip?
youve set .10 it displays .107?
it displays a different ip in my router
but it's set to .10, as my ssh does work with .10
do
cat /etc/apache2/sites-enabled/000-default.confand share the output
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>
are you sure this is the correct one? since this is only a sample .... maybe there is another file in /sites-enabled/ ...
sometimes 000-default also has a sample file
ls /etc/apache2/sites-enabled returns only that file
and you can locally access the site?
yup
give me 1 sec
<VirtualHost *:80>
#ServerName www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
this is your file without the clusterfuck comments
so i see a lot of problems here
1. server name is wrong should be your domain name ... do you have a domain or want to only access it via public ip?
I do have a ddns with no-ip but haven't set it up on the raspberry pi yet
im not asking about ddns im asking about domain
example: raspberrypi.com
do you have a domain you want to use or only public ip?
just public ip I guess, not entirely sure what you mean
do you want to type in the browser 87.664.34.512 (made up public ip) or whateverthefuckyouwant.com
domain is this
yeah but doesn't the ddns take care of that
no ddns just means your ip dosent change
domain is a name you can purchase if you want
example https://www.namecheap.com/
first read up what a domain is
domain is the name instead of ip when accessing a website
you sohuld learn about that first before making anywebsite PUBLIC... for ssl you need a domain
if you want ssl
then yeah, I have one with the no-ip, it's like something mySite.ddns.net
yeah okay
that domain should be at ServerName and without # (uncommented)
so example
<VirtualHost *:80>
ServerName ihatemylife.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
alright I've got that, now
now just for the lolz restart apache service and see if u can access it
sometiems jsut works
if not we got some stuff to work on
that didn't work, I'll reboot and try again but don't think it'll work tbh
if restarting of apache dosent work than reboot also wont
yeah
which ddns do u use
no-ip, but it isn't setup yet but the ip/target does point to my ip
like on the rpi side it doesn't automatically update it yet
than set it up first else it wont ever work
wellp
any reason why ddns at all?
because my public ip can change, if I'm correct
yes but it changes so little times a year that it dosent matter all you need to do is either call a ISP and get a static punlic IP or change 1-2 times a year the IP in domain settings and get a normal domain
that'd be my advice
i have also a dynamic ip that changes - and i need to fix it 1 time a yr
yeah sure, that could work. but a dns just resolves to my ip, if I would search for http://myIp than it should also work. like it that doesn't work the dns or ddns for that will also not work
true lets worry about domains later
if u even want them at all
yeah, fair
i wouldnt use ddns atm till you get the site online cuz there could be a no-ip issue and we'd spend hours debugging
your network
yeah that's why I've been trying to access it through my ip instead of the domain
no-ip still routes your public IP to thier servers but i never extensively used so im not completely sure how it works so even using a site that tells you your IP could be givin wrong ip
if i was you i'd completely get rid of no-ip temporarly
disable it
and see
till we get it working - than figure out why it dosent work
yeah, but like I said except for the ip pointing to mine, the rpi doesn't do anything with no-ip
I'll remove the nameserver line though
the fact you didnt know what a domain is 5 mins ago im not so sure you understand how it all works
I do know what it is, I was just confused cause you the ddns domain and dns domain are the same. I was trying to say that
but that's beside the point
i was asking are you using a domain for the website or not and you didnt give me a answer
wellp
forget it for now
send a screenshot of your port forwards - still waiting for that
like these are the ones for the 80 and 443 ports
can i get fullscreen so i can see what in this case would the 10 under the ip mean cuz thats router specific stuff
ah no wait i see
im just dumb
your routers UI is dumb jfc π
yeah thats the last block of the IP .... i get it now
It's in a different language but
first column is local, second to third is start end extern ports and the 4-5 are internal
german?
dutch
ah ... i saw ip-addressen here and i speak german so i thought maybe its german
right click --> translate page --> english
in that case
perfect ty
what do you get if you type your external ip into the browser?
anything at all?
can i get a sc of what it says
(dont need the IP if you dont want to share)
this one I can't translate like that, but it just timesout
yeah i know the bottom part is the main part what i need err_connection_timed_out
to me sounds like closed ports or fw
or apache itself
yeah, I would think something like that as the port search also didn't find the service
I'll try and take a look at that
the fw I mean
i'd just disable it till we get it working and than install it and get correct rules going
when doing stuff like that the less stuff you got going on the better it is to know what the issue is
i'd just
apt remove ufw -yand once it's working apt install it and get correct rules going on that way we can rule out PI's firewall
yeah I've disabled my modems fw and uninstalled the ufw of the pi but still just timesout
so atm you got both disabled?
yeah
amazing
1 sec
copy the current 000-default file to some other name 000-default.backup or something
and we are gonan change it a bit and play around
just so we have original if needed
it's also up in this thread anyways
alright
or no it might be split dns issue ... once you make the copy leave original name of the file as is and dont edit it yet
turn off your wifi, enable your mobile data and try accessing your ip
from mobile data only and see if there works
can be on phone
it doesn't really load
but it dosent give error?
it doesn't, gonna try a different browser
could be now that you have the 2 files original 000-default and backup in sites-enabled folder and it dosent know wtf is going on
maybe move backup 1 folder back
or anywhere
just not that folder
alright, the local ip still works though, so don't know if it really is freaking out
dosent hurt to mvoe 1 file where ever on the whole os you want
yeah, I moved, stll doesn't really load
He has forwarded the ports to the ip 192.168.1.10, but his pi has received the IP 192.168.1.107 from the router. It can't work like that! If the router automatically assigns ip and you want to set up a static ip in the Pi because you cannot do this on the router, this ip must be outside the ip range in which the router assigns ip. Otherwise it will not work as it does now. Did another device get 192.168.1.10?
Try changing the port forwarding to 192.168.1.107 and see if it works.
it does not need to be outside of dhcp range
once you set static ip inside router or pi router knows that
I did try that once, but I'll give it another try
it wont work
shouldn't like also change the rpi's ip then to the 107
do you have both ethernet and wifi enabled on the pi?
only eth
like ip link show only shows lo and eth0
yeah thats not how router works router jsut still has some lease up before it expires you can either remove the device from router and it'll grab the ip set from inside the pi or make the ip static inside router
but that wont change much since its not how routing works
<@661189939832160306> is there a way we can get a sahre screen going on? maybe jump in the servers vc? jsut so i can take a look ... and i type and you do cuz i cant talk atm i just want to see the screen
sorry for tag
didnt meant to xD
seeing the screen helps lol
eeuh sure
you can be muted np i cant talk anyways ill be muted ill just watch and type what to do
at my gfs house and everyone is screeaming like its a episode of friday the 13th
ahaha
I'm gonna switch to screen sharing instead
yeah i was about to say
now open router page and go to where you saw the IP of pi being .107
IP > ARP usually
it does show my public ip, so no no dox pls
yeah i dont really care im here to help π
not destroy ur poor pi
ahaha, that one msg was already scary. me saying I disabled my fw's and you saying amazing
XD
its how i talk with my coworkers
and it usualyl gets transfered to out side of my job
XD
fair
erm
its missing a lotta buttons routers usually have XD
yeah I wouldn't know how to change the ip
can you repss davanced settings?
press*
ah why is ur DMZ on?
idk, that's default I think
that shouldnt be on specially not with that IP XD
defaullt??????
disable it
now try maybe that was the whole issue xD
can you access your modem via 192.168.1.1 or do you need to access from that domain?
it refuses connection
try 192.168.1.1:8080 or 192.168.1.1:443 or 192.168.1.1:8443 could be that youre remotely logging on and thats why you maybe dont see all options
if none work leave it as is
all refused except 8080 which timedout
okay leave it
can i see ur general tab and then network security? just so if there is something ticked that shouldnt be or should but isnt
general seems fine
that too
go to topology view
thats one dumb ass router
lets try something go to port forwarding
add a rule same as 80 but make it 8080
now go to pi console and open up 000-default file
in nano
tried that before, but
yeah i just want to see if ur router/isp is blocking port 80
change :80 to :8080 at top
yeah still doesn't load
i think you should su - root just so you dont need to sudo every single time XD
or that
makes life easier
fair enough
can you show me your network config where you specified static ip inside pi
the 192.168.1.10
don't know where the config is located
I did something like
nmcli con mod enp3s0 ipv4.addresses 192.168.1.10/24 nmcli con mod enp3s0 ipv4.gateway 192.168.1.1 nmcli con mod enp3s0 ipv4.dns 8.8.8.8 nmcli con mod enp3s0 ipv4.method manual
erm
try
sudo /etc/network/interfaces- i forgot where pi os saves network files
that's the config
yeah
in my opinion when changing network use this
easier and better cuz once you type a wrong subnet and just spam enter in cmd
youre fucked XD
youll need a screen
fair enough
also what is 4.4.4.4?
first time seeing that dns
better
i'd even use cloudflare
you saw nothing
xDDDD
now service netwroking reload
to save that XD
service networking reload
or that
also works
networking?
it's debian default service
for /etc/network
since pi os is made on debian ...
i never used pi os myself
seems like pi os dosent have it wellp dosent matter
alright, yeah I use NetworkManager cause for some reason dhcpcd was doing annoying
maybe thats why ur pi ip is different in router
also we changed the port to 8080 but if I trie http://192.168.1.10:8080 it doesn't work
perhaps
did u change in apache without misstypos?
wdym
in 00-default at top
this?
ah yeah u got 3x 000
yeah that
cat it
ah yeah ... amybe change * to your PI ip
192.168.1.10:8080
brb need to take a piss
change what to the ip
the
*
alright
so isntead of ":8080" you get 192.168.1.1*
the "*" means all interfaces all ips all devices
so im tkaing a piss if u havent restart apache and try
I have
and?
same
do u need to use apache? π
i have so much better experience in nginx
i have barely touched apache in years
eeuh, I haven't used it before but I don't necessarily need apache
ita same shit and i can provide some proven working configs and test on my end .... i cant with apache since i dont use it anymore since 2017
nginx is better inmy opinion and when oyu meed ssl certs nginx and letsencrypt act much better together
get nginx going and ill pull a working config out of my ass for you
xD
π
lemme grab a drink
go to /etc/nginx/sites-enabled
and wait 3 mins for me to grab a drink
soooooooooooooooooooooooooo
first 1 sec
get rid of all lines that are blue or commented xD ctrl + k at start of the line
so we only see the neede stuff not the guides
or that
what ever you prefer
better
change listen 80 port to 8080
and save file systemctl reload nginx
than try
on local it works
perfect
on public same thing as before? loads and never stops loading?
yeah on pc it timedout, I'll quickly do on mobile
yeah always try both mobile on mobile data and pc
sometimes it works on public but dosent show while trying from local on public ip
wanted to say I could use a vpn, but don't know if that bricks my ssh. anyways mobile keeps loading
and now try port checker
for 8080
it says closed
okay so
ping your pi from your cmd on pc
okay... erm interesting
you can close the ping cmd
its either fw or portforwarding
the server also works on local, so would expect the ping to also work
not working at all
yeah but if it didnt than we'd have a issue
yeah
i'd say restart y<our modem force it to grab your .10 ip from erasing leases
and see if that solves smthing
wait wha, force it, how'd I do that. just restart or
yeah.... cuz what im thinking is - you said your dhcp client was acting up probably modem thinks pi's ip is different from what you set it to rebooting pi usually forces it to erase all leases and recheck them and grab the actual ips or give out new leases to dhcp clients
just reboot and come back when done
join call share screen and ping me just so i know ur done
alright
force it dosent mean beat the living shit outof it
its just how modems/routers work
maybe put a gun to its head
it might work
man
the intro sound, alright I'm back
i jumped outta window when u joined
scared the living shit out of me
i just shitted out my heart
it needs some, apparently
may i get share screen back? xD
ahaha, wow it's shows 0 connected devices
yeah ti just forced a new reset and it will force grab them all ... but there should be somethign else called "arp" or smthing .... maybe more advanced view we are not getting or your isp is just retarded
wellp
try it now from public pc and phone
yeah, it's loading
just hangs again
are you connected via user or admin acc?
when you login
I'm a admin I believe
can you check in profile tab or smthing? you can check on another screen if you think there are info you dont want me to see
yeah admin, I checked
ah oaky
some routers have a user and a admin acc and you seem to lack 50% of features normal routers have
if you click on your name at top right with drop down arrow does it maybe say something about some admin/advanced view? again you can do this in another screen if you think theres info you dont want me seeing
nope
normal router stuff XDD
and then looking at your uo XD
this is what i'd like to see but dosent seem you ahve the arp table
OH
NO
BETTER IDEA
install and run this and it will tell you which ip your pi actually uses on your network ... is it 10 or 107
it is 10
you can close now
has it ever worked from public?
at all?
it did from before I like wiped the rpi with a clean install
so its probably in pi issue
I would think so
check if smthing like iptables is installed
on?
pi
ah
there is our issue
apt remove iptables
now it should just work if pi is the issue
you had 2 firewalls isntalled
the ufw and one on my modem
iptables and ufw
ow
and modem
try now
ufw is a user friendly version of iptables
still not working :/
ufw is 100% removed?
yeah
change /etc/nginx/sites-enabled/default ip from 8080 back to 80 nginx reload and retry
can i see your /var/www/html folder?
which is correct
index or index-debian
the index.html was the one from apache, but that just showed the apache default on local
index-debian is the default of the nginx
where is your static site file?
located
that you want to host
static site file?
yeah the website you want to host
the static site
yeah I am planning to do that in the /var/www/html/ but haven't gotten there, I want to be able to run the webpage before building that one
than just make a file with random letters or smthing named index.html jsut so we use something else than defaults for testing
dosent matter the contents just so we have smthing to work on
web-data
a h yes
www-data XD
i was looking at smthing else and got confused
perfect
now go back to default nginx config
cat it
cat /etc/nginx/sites-enabled/default
after index.html delete all others
save and stuff
hmmm
than after go back to your router advanced tab
tell dmz to fuck off and enable upnp at top
now try
i guess
I swear I've dissable dmz 3 times already
itll probably keep comming on on reboot but oh well if it does just ignore
XD
yeah the same
jfc
everything works
or is set correctly
but it dosent give a fuck
do you host any other website at any other device?
no
don't know what the other port forwarding are, but I couldn't really host anything without forwarding
I'll dissable those for good measure
sure for now
jfc
lemme think
do you just ahve a modem/router combo or also a separate router?
anywhere in the mix from the modem to the pi
the combo, straight ethernet connection
there's a switch between them but, that shouldn't matter
yeah switch dosent amtter
matter
otherwise I'll just contact my isp see if they know why the port forwarding isn't working, and if they can give a more advanced view
yeah i was about to say if we dont figure it out soon contact isp maybe they are all the sudden blocking ports and shit and yeah ask for the view
maybe
jsut for the lolz
nah it's back at 107
and giggles
set ur pi ip to 107
at this point
i just want to see
what happens
/etc/network/interfaces
where was it again
im just fuckign curious at this point
i think u have the most retarded modem on the planet
yeah
yeah restarting nginx dosent help XDDD
:/
wrong command
huh
when applying networking you have some wierd wodo shit command
that dosent work
xD
or reboot...
yeah do reboot
cuz fuck it
it boots fast anyways not like my dell server which takes whole weekend to boot
the iptables does explain that previous bs, that I had to wait like 20s before being able to connect ssh
it kept refusing for that period
yeh
check config maybe it didnt apply
/etc/networking/interfaces
i think ur pi and router are taking a piss
it does seem that way...
ah
i guess it's also the otehr thing you use for setting ip not mixing with this
it's the commands isn't it
i guess
yup
that could be overwritting this
cant helop u there since that seems to be pi specific or smthing oyu downlaoded after - i usually run debian and its what i typed
some woodoo shit going on right there
sigh
i think all this network wired woodoo shit going on right there and a mix of everything is why its not working
can you purge that nmcli? xD
no dont
...
i think adding static-eth0 connection makes pi think its using 2 interfaces
shouldn't show up in ifconfig though
that could explain a different ip in router
wellp
just reboot and hope?
i guess xD
if we broke networking and all you want on pi and have on it is the website than you flash debian to usb stick or sd or wat ever you use for pi
yeah sd
yeah I'm confused
2 ipv6 are what is bothering me
why the fuck do you have 2 ipv6
some woodoo shit going on
isn't one of them my public
ah could be
cause eeuhm the 2a02 is public
if I'm correct
ah okay than makes sense
man
yup that's public
what i'd do is flash debian to pi cuz there is probably some bullshit woodoo shit this pi os has installed thats meant to be more user friendly and is fucking with us ... debian is just pure os without any crap going on - but thats up to you .... cuz we cant even change the fucking ip as we'd like to
so overcomplicated
fair
but its up to u in the end
but eeuhm, I'll get back to you when I do that. getting quite hungry (it's 9pm)
yeah same here π
also in eu
I thought knew by now
pi imager has debian image
iirc
if not use ubuntu which is there
anything but pi os
yeh it had ubuntu you could just do ubuntu ...
pi os is based on debian bookworm though
yeah but has so much installed shit on top of it its starting ot get over complicated
get ubuntu server
ubuntu server is normal ubuntu minus desktop
in short
the rpi 1 b+ isn't in the compatibilities though
ah you have pi1?
yeah
it's a pain
go back and in left choose device
pi 1
and lets see which os you can do
ahaha
fuck sake .... do minimal pi os
the most minimal version you can find
maybe that dosent have the bs
ah lite yeah
that's the one I installed
ah than leave it
go to raspi-config
and we can disable the network manager
in cli
where's that, or you mean systemctl disable
it is a command on all pi os
apparently
not here
try buster version of pi os dosent have this networkmanager
think Ima go ahead and buy a new pi and modem
apparently
π
yeah
debian buster based pi os
in pi os other
WHERE IS IT
than do bullseye
bullseye lite
in pi os other
2nd from bottom
"a port of debian bullseye"
I'm just blind
try that and report back when installed
alright see you next time I guess
thanks for the help already
means a lot
want to add me in dms so we dont have to spam there?
you'll have to add me, your friend requests are closed
ah yeah its bcos kids keep spamming me with 20β¬ giftcard links π
wooow, free β¬20, yes please
getting hacked? yes please
that's only a thought
I'd reinstalling the os works :), thx guys. I'll close this thread