So im getting down to the final checks and a couple of things are annoying my brain, i like to try and understand why just so i know its all good
Firstly Maria DB
This is purely cosmetic, if i visit the settings tab it shows MariaDB as stopped and does not react to any of the controls. However doing Systemctl status mariadb it shows as loaded and active and everything is working fine, and in taks monitor advanced the DB section is fine
SO i presume this is just a minor cosmetic issue on my setup.
Open Ports
This one i cant get my head around so need help seeing the logic
So all my domains are setup as - Nginx Static no cache - Php 7.4 FPM templates, so pretty standard
If i do a Nmap Scan it shows open ports
80 / 443 nginx
8080 / 8443 Apache
CSF only has ports 80 and 443 open and not the latter 2 ports.
Is this correct?
So im wondering if Nmap can see these ports as when they scan they are forwarded from Nginx to Apache?
Or if not how can it see ports 8080/8443 if csf is not set to open them.
Thanks least it wasn’t me this time that tinkered and broke it lol so I’ll just look into the apache ports may reinstall tomorrow but try deb 10 or ubuntu instead see if I get a different result.
If you run the nmap scan from the server hestia is installed on, then the Apache ports might appear open. Are you doing it from a remote server?
Ultimately the best way to satisfy yourself that the firewall rules are in place, is to look at the output of
v-list-firewall
iptables -L -n | grep ACCEPT
Okay Im gonna Leave this up because its always good to remind yaself how much of an idiot one can be when you focus on a problem which actually is not there and miss the blindingly obvious.
CSF auto inputs your setup ip in csf.allow. So this got me thinking when i typed the above reply, as my vm is running on my home ip is it seeing more than a remote scanner would
And yep i fired up Google’s free cloud console (how handy is that free tool!!) installed Nmap did a scan and what a surprise only ports 80 and 443 are showing.
Now i am wondering if this forum has a badge for the most idiotic thread started by a user, because i should be awarded it.
Honestly, I think we could count that under “Normal Thread” - if you would be with us a longer time, you would understand that there are a few other threads which should get that badge on…