root@test:~# iptables -L -v
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:8080
2 104 ACCEPT tcp -- any any anywhere anywhere tcp dpt:8000
Everything seems to be o.k., but besides refused connections nmap doesn’t list the ports open:
root@test:~# nmap 116.203.xxx.xxx -p 8000-9000
Starting Nmap 7.70 ( https://nmap.org ) at 2020-03-23 23:40 CET
Nmap scan report for my.hostname.de (116.203.xxx.xxx)
Host is up (0.0000090s latency).
Not shown: 1000 closed ports
PORT STATE SERVICE
8083/tcp open us-srv
Nmap done: 1 IP address (1 host up) scanned in 1.63 seconds
Restarting iptables by the panel button had no effect, neither rebooting the server.
Have tried v-update-firewall, no effect. Still no connection, nmap shows port 8000 as “not opened”.
root@test:~# nmap 116.203.xxx.xxx -p 8000
Starting Nmap 7.70 ( https://nmap.org ) at 2020-03-24 11:56 CET
Nmap scan report for my.hostname.de (116.203.xxx.xxx)
Host is up (0.000073s latency).
PORT STATE SERVICE
8000/tcp **closed** http-alt
Nmap done: 1 IP address (1 host up) scanned in 0.25 seconds
The problem is fully solved. Indeed it was NOT an issue of Hestia or firewall but of Seafile.
For those who are interested:
By default Seafile installation binds to “127.0.0.1:8000” in file gunicorn.conf which works with further configuration of Nginx as HTTP proxy but not with direct access via port 8000 (http://cloud.my-domain.xyz:8000).
However, accessing Seafile by port 8000 is the out-of-the-box configuration which is decribed in the documention as immediately working after installation.
In other words:
If you want to access Seafile by Nginx HTTP proxy (which is the best and common way, I admit, because you want to use secure https), than leave everthing in Seafile as it is and configure Nginx as proxy following the steps of the official documentation.
If you want to access Seafile directly by port 8000 (e.g. because you use VPN, like I do), than change file /seafile-install-path/seafile/haiwen/conf/gunicorn.conf like that:
Since I have installed Seafile always with Apache proxy before it’s the first time I faced this issue. Seafile installation process should be changed or better documented.
to add to that, even if you installed seafile as a seperate user in the system outside the scope of hestia, you can use hestia to add a web domain and then use a small additional custom config in /home/[user]/conf/web/[domain] to get the normal nginx/apache work as a proxy…
PS: just to clarify, don’t edit the conf files directly, as they might get overwritten, you can add your custom files instead so they get included thanks @ScIT for the reminder