Serveur inaccessible


#1

Bonsoir,

Alors que tout fonctionnait, mon serveur est devenu inaccessible sans raison apparente. Le redémarrage n’a rien résolu. En capturant la sortie lors de la séquence de démarrage, j’ai remarqué quelques messages d’erreur. Si quelqu’un pouvait m’aider à décrypter tout ça, il me ferait plaisir.

U-Boot SPL 2014.10+dfsg1-5 (Apr 07 2015 - 21:54:22)
DRAM: 512 MiB
CPU: 960000000Hz, AXI/AHB/APB: 3/2/2


U-Boot 2014.10+dfsg1-5 (Apr 07 2015 - 21:54:22) Allwinner Technology

CPU:   Allwinner A20 (SUN7I)
I2C:   ready
DRAM:  512 MiB
MMC:   SUNXI SD/MMC: 0
*** Warning - bad CRC, using default environment

In:    serial
Out:   serial
Err:   serial
SCSI:  SUNXI SCSI INIT
Target spinup took 0 ms.
AHCI 0001.0100 32 slots 1 ports 3 Gbps 0x1 impl SATA mode
flags: ncq stag pm led clo only pmp pio slum part ccc apst 
Net:   dwmac.1c50000
Hit any key to stop autoboot:  0 
switch to partitions #0, OK
mmc0 is current device
Scanning mmc 0...
Found U-Boot script /boot/boot.scr
2686 bytes read in 181 ms (13.7 KiB/s)
## Executing script at 43100000
Mainline u-boot / new-style environment detected.
3710408 bytes read in 287 ms (12.3 MiB/s)
33830 bytes read in 213 ms (154.3 KiB/s)
17794943 bytes read in 1073 ms (15.8 MiB/s)
Booting Debian 4.9.0-6-armmp from mmc 0:1...
Kernel image @ 0x42000000 [ 0x000000 - 0x389dc8 ]
## Flattened Device Tree blob at 43000000
   Booting using the fdt blob at 0x43000000
   Loading Ramdisk to 4ef07000, end 4ffff77f ... OK
   Loading Device Tree to 4eefb000, end 4ef06425 ... OK

Starting kernel ...

[    0.000000] Linux version 4.9.0-6-armmp (debian-kernel@lists.debian.org) (gcc version 6.3.0 20170516 (Debian 6.3.0-18+deb9u1) ) #1 SMP Debian 4.9.88-1+deb9u1 (2018-05-07)
[    0.000000] Kernel command line: console=ttyS0,115200 console=ttyS1 hdmi.audio=EDID:0 disp.screen0_output_mode=EDID:1280x720p60 root=/dev/mmcblk0p1 rootwait sunxi_ve_mem_reserve=0 sunxi_g2d_mem_reserve=0 sunxi_no_mali_mem_reserve sunxi_fb_mem_reserve=0 panic=10 loglevel=6 consoleblank=0
[    0.000000] Virtual kernel memory layout:
[    0.000000]     vector  : 0xffff0000 - 0xffff1000   (   4 kB)
[    0.000000]     fixmap  : 0xffc00000 - 0xfff00000   (3072 kB)
[    0.000000]     vmalloc : 0xe0800000 - 0xff800000   ( 496 MB)
[    0.000000]     lowmem  : 0xc0000000 - 0xe0000000   ( 512 MB)
[    0.000000]     pkmap   : 0xbfe00000 - 0xc0000000   (   2 MB)
[    0.000000]     modules : 0xbf000000 - 0xbfe00000   (  14 MB)
[    0.000000]       .text : 0xc0008000 - 0xc0800000   (8160 kB)
[    0.000000]       .init : 0xc0b00000 - 0xc0c00000   (1024 kB)
[    0.000000]       .data : 0xc0c00000 - 0xc0cfc144   (1009 kB)
[    0.000000]        .bss : 0xc0cfe000 - 0xc0d51c4c   ( 336 kB)
[    0.064176] /cpus/cpu@0 missing clock-frequency property
[    0.064215] /cpus/cpu@1 missing clock-frequency property
[    0.177420] VFS: Disk quotas dquot_6.6.0
[    1.501172] audit: type=2000 audit(1.460:1): initialized
[    1.683802] Registering SWP/SWPB emulation handler
[    1.700829] sr_init: No PMIC hook to init smartreflex
[    1.706062] sr_init: platform driver register failed for SR
Loading, please wait...
starting version 232
[    1.833205] random: systemd-udevd: uninitialized urandom read (16 bytes read)
[    1.841297] random: systemd-udevd: uninitialized urandom read (16 bytes read)
[    1.841673] random: udevadm: uninitialized urandom read (16 bytes read)
[    1.843353] random: udevadm: uninitialized urandom read (16 bytes read)
[    1.843902] random: udevadm: uninitialized urandom read (16 bytes read)
[    1.844636] random: udevadm: uninitialized urandom read (16 bytes read)
[    1.845196] random: udevadm: uninitialized urandom read (16 bytes read)
[    1.845702] random: udevadm: uninitialized urandom read (16 bytes read)
[    1.846233] random: udevadm: uninitialized urandom read (16 bytes read)
[    1.846754] random: udevadm: uninitialized urandom read (16 bytes read)
[    2.133637] SCSI subsystem initialized
[    2.228883] mmc0: host does not support reading read-only switch, assuming write-enable
[    2.273456] usb_phy_generic.0.auto supply vcc not found, using dummy regulator
[    2.355029] ahci-sunxi 1c18000.sata: forcing PORTS_IMPL to 0x1
[    2.432832] axp20x-regulator axp20x-regulator: regulators node not found
[    2.681374] ata1.00: supports DRM functions and may not be fully accessible
[    2.690088] ata1.00: supports DRM functions and may not be fully accessible
[    2.702608] scsi 0:0:0:0: Direct-Access     ATA      Samsung SSD 850  2B6Q PQ: 0 ANSI: 5
[    2.757417] sunxi-mmc 1c0f000.mmc: smc 0 err, cmd 18, RD DTO !!
[    2.763511] sunxi-mmc 1c0f000.mmc: data error, sending stop command
[    2.769932] mmcblk0: timed out sending r/w cmd command, card status 0x900
[    2.784561] sd 0:0:0:0: [sda] 488397168 512-byte logical blocks: (250 GB/233 GiB)
[    2.793445] sd 0:0:0:0: [sda] Write Protect is off
[    2.798454] sd 0:0:0:0: [sda] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA
[    2.812182] sd 0:0:0:0: [sda] Attached SCSI disk
[    2.854207] random: fast init done
Begin: Loading essential drivers ... done.
Begin: Running /scripts/init-premount ... done.
Begin: Mounting root file system ... Begin: Running /scripts/local-top ... done.
Begin: Running /scripts/local-premount ... done.
Begin: Will now check root file system ... fsck from util-linux 2.29.2
[/sbin/fsck.ext4 (1) -- /dev/mmcblk0p1] fsck.ext4 -a -C0 /dev/mmcblk0p1 
/dev/mmcblk0p1: clean, 216734/915840 files, 1570291/3927552 blocks
done.
done.
Begin: Running /scripts/local-bottom ... done.
Begin: Running /scripts/init-bottom ... done.

Welcome to Debian GNU/Linux 9 (stretch)!

[    5.534886] systemd[1]: [/lib/systemd/system/redis-server.service:14] Unknown lvalue 'RunTimeDirectory' in section 'Service'
[    5.592886] systemd[1]: nscd.service: Cannot add dependency job, ignoring: Unit nscd.service is masked.
[  OK  ] Listening on Journal Socket (/dev/log).
[  OK  ] Created slice System Slice.
[  OK  ] Created slice system-postgresql.slice.
[  OK  ] Created slice system-getty.slice.
[  OK  ] Listening on Journal Audit Socket.
[  OK  ] Listening on Syslog Socket.
[  OK  ] Created slice User and Session Slice.
[  OK  ] Reached target Slices.
[  OK  ] Set up automount Arbitrary Executab…rmats File System Automount Point.
[  OK  ] Reached target Remote File Systems.
[  OK  ] Started Dispatch Password Requests to Console Directory Watch.
[  OK  ] Created slice system-postfix.slice.
         Mounting Debug File System...
[  OK  ] Listening on udev Kernel Socket.
[  OK  ] Listening on fsck to fsckd communication Socket.
[  OK  ] Started Forward Password Requests to Wall Directory Watch.
[  OK  ] Reached target Encrypted Volumes.
[  OK  ] Created slice system-serial\x2dgetty.slice.
[  OK  ] Reached target Paths.
         Mounting POSIX Message Queue File System...
[  OK  ] Listening on udev Control Socket.
[  OK  ] Listening on /dev/initctl Compatibility Named Pipe.
[  OK  ] Listening on Journal Socket.
         Starting Nameserver information manager...
         Starting Create list of required st…ce nodes for the current kernel...
         Starting Journal Service...
         Starting Load Kernel Modules...
         Starting Remount Root and Kernel File Systems...
[  OK  ] Mounted Debug File System.
[  OK  ] Mounted POSIX Message Queue File System.
[  OK  ] Started Create list of required sta…vice nodes for the current kernel.
[  OK  ] Started Load Kernel Modules.
[  OK  ] Started Nameserver information manager.
         Starting Apply Kernel Variables...
         Starting Create Static Device Nodes in /dev...
[  OK  ] Started Remount Root and Kernel File Systems.
         Starting udev Coldplug all Devices...
         Starting Load/Save Random Seed...
[  OK  ] Started Apply Kernel Variables.
[  OK  ] Started Journal Service.
         Starting Flush Journal to Persistent Storage...
[  OK  ] Started Create Static Device Nodes in /dev.
[  OK  ] Started Load/Save Random Seed.
[  OK  ] Reached target Local File Systems (Pre).
         Starting udev Kernel Device Manager...
[  OK  ] Started Flush Journal to Persistent Storage.
[  OK  ] Started udev Kernel Device Manager.
[  OK  ] Started udev Coldplug all Devices.
[    7.609336] sd 0:0:0:0: Attached scsi generic sg0 type 0
[  OK  ] Found device /dev/ttyS0.
[  OK  ] Found device Samsung_SSD_850_EVO_250GB 1.
[  OK  ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch.
         Mounting /mnt/evo...
[  OK  ] Found device /sys/subsystem/net/devices/eth0.
[  OK  ] Mounted /mnt/evo.
[  OK  ] Reached target Local File Systems.
         Starting Create Volatile Files and Directories...
[  OK  ] Started ifup for eth0.
         Starting Raise network interfaces...
         Activating swap /mnt/evo/swapfile...
         Starting Load/Save RF Kill Switch Status...
[  OK  ] Started Create Volatile Files and Directories.
[  OK  ] Started Entropy daemon using the HAVEGE algorithm.
         Starting Update UTMP about System Boot/Shutdown...
[  OK  ] Reached target System Time Synchronized.
[  OK  ] Started Load/Save RF Kill Switch Status.
[  OK  ] Started Update UTMP about System Boot/Shutdown.
[    8.841992]  RX IPC Checksum Offload disabled
[    8.846486] sun7i-dwmac 1c50000.ethernet eth0: fail to init PTP.
[  OK  ] Activated swap /mnt/evo/swapfile.
[  OK  ] Reached target Swap.
[  OK  ] Reached target System Initialization.
[  OK  ] Started Run VPN Client Checker every 5 minutes..
[  OK  ] Listening on D-Bus System Message Bus Socket.
[  OK  ] Started Daily apt download activities.
[  OK  ] Started Daily apt upgrade and clean activities.
[  OK  ] Started Clean PHP session files every 30 mins.
[  OK  ] Listening on Avahi mDNS/DNS-SD Stack Activation Socket.
[  OK  ] Started Daily Cleanup of Temporary Directories.
[  OK  ] Reached target Timers.
[  OK  ] Listening on PC/SC Smart Card Daemon Activation Socket.
[  OK  ] Reached target Sockets.
[  OK  ] Reached target Basic System.
         Starting Avahi mDNS/DNS-SD Stack...
[  OK  ] Started YunoHost boot prompt.
         Starting Login Service...
         Starting Synapse Matrix homeserver...
[  OK  ] Started D-Bus System Message Bus.
[  OK  ] Started Avahi mDNS/DNS-SD Stack.
         Starting rng-tools.service...
[  OK  ] Started Name Service Cache Daemon.
         Starting PostgreSQL Cluster 9.4-main...
         Starting System Logging Service...
[    9.857697] random: crng init done
[  OK  ] Started irqbalance daemon.
         Starting LSB: Start/stop sysstat's sadc...
         Starting Initialize hardware monitoring sensors...
[  OK  ] Started rng-tools.service.
[  OK  ] Started Login Service.
[  OK  ] Started System Logging Service.
[  OK  ] Started Initialize hardware monitoring sensors.
[  OK  ] Started LSB: Start/stop sysstat's sadc.
[  OK  ] Started PostgreSQL Cluster 9.4-main.
         Starting PostgreSQL RDBMS...
[  OK  ] Started PostgreSQL RDBMS.
[FAILED] Failed to start Raise network interfaces.
See 'systemctl status networking.service' for details.
[  OK  ] Reached target Network.
[  OK  ] Started YunoHost API Server.
         Starting coturn...
         Starting A high performance web server and a reverse proxy server...
         Starting Permit User Sessions...
         Starting MariaDB database server...
[  OK  ] Started Unattended Upgrades Shutdown.
         Starting YunoHost Firewall...
         Starting The PHP 7.0 FastCGI Process Manager...
         Starting Advanced key-value store...
[  OK  ] Reached target Network is Online.
         Starting LSB: OpenLDAP standalone s…ight Directory Access Protocol)...
         Starting LSB: Start NTP daemon...
         Starting LSB: Start/stop uWSGI server instance(s)...
         Starting LSB: coturn TURN Server...
         Starting LSB: disk temperature monitoring daemon...
         Starting /etc/rc.local Compatibility...
         Starting LSB: Starts and daemonize Glances server...
         Starting LSB: Metronome XMPP Server...
         Starting dnsmasq - A lightweight DHCP and caching DNS server...
[  OK  ] Started Etherpad-lite, the collaborative editor..
         Starting YunoHost VPN Client....
         Starting OpenBSD Secure Shell server...
         Starting Fail2Ban Service...
[  OK  ] Started coturn.
[  OK  ] Started Permit User Sessions.
[  OK  ] Started OpenBSD Secure Shell server.
[  OK  ] Started LSB: coturn TURN Server.
[  OK  ] Started LSB: disk temperature monitoring daemon.
[  OK  ] Started Advanced key-value store.
[  OK  ] Started LSB: Start NTP daemon.
[  OK  ] Started LSB: Starts and daemonize Glances server.
         Starting The PHP FastCGI Process Manager...
[  OK  ] Started LSB: OpenLDAP standalone se…weight Directory Access Protocol).
[  OK  ] Started dnsmasq - A lightweight DHCP and caching DNS server.
[  OK  ] Reached target Host and Network Name Lookups.
         Starting Postfix Mail Transport Agent (instance -)...
[  OK  ] Started rapid spam filtering system.
         Starting LSB: LDAP connection daemon...
[FAILED] Failed to start The PHP 7.0 FastCGI Process Manager.
See 'systemctl status php7.0-fpm.service' for details.
[  OK  ] Started LSB: Metronome XMPP Server.
[  OK  ] Started A high performance web server and a reverse proxy server.
[  OK  ] Started LSB: Start/stop uWSGI server instance(s).
[FAILED] Failed to start The PHP FastCGI Process Manager.
See 'systemctl status php5-fpm.service' for details.
[  OK  ] Started LSB: LDAP connection daemon.
         Starting Dovecot IMAP/POP3 email server...
[  OK  ] Started Regular background program processing daemon.
[  OK  ] Started MariaDB database server.
[  OK  ] Started ttrss_backend.
[  OK  ] Started /etc/rc.local Compatibility.
[  OK  ] Started Getty on tty1.
[  OK  ] Started Serial Getty on ttyS0.
[  OK  ] Reached target Login Prompts.
[  OK  ] Started Dovecot IMAP/POP3 email server.
         Stopping LSB: Start NTP daemon...
[  OK  ] Stopped LSB: Start NTP daemon.


  __   __  __   __  __    _  _______  __   __  _______  _______  _______
 |  | |  ||  | |  ||  |  | ||       ||  | |  ||       ||       ||       |
 |  |_|  ||  | |  ||   |_| ||   _   ||  |_|  ||   _   ||  _____||_     _|
 |       ||  |_|  ||       ||  | |  ||       ||  | |  || |_____   |   |
 |_     _||       ||  _    ||  |_|  ||   _   ||  |_|  ||_____  |  |   |
   |   |  |       || | |   ||       ||  | |  ||       | _____| |  |   |
   |___|  |_______||_|  |__||_______||__| |__||_______||_______|  |___|

 IP: 
 SSH fingerprints:
  - SHA256:bZjIm85FIegIKBUNdkt+CResPr4sCVbht5u2sPtNGr0 (DSA)
  - SHA256:WULIcDWqfs2j1K+IYFImsQo5mUdqAGsaNLJhYTU6GZo (ECDSA)
  - SHA256:LWnl1WgGDaw/le3lyg0pMbS+xIM16UaBPovkSqgbTNo (ED25519)
  - SHA256:KMzS6Ws99YS+0L/B2IZGrOEtNHLJZPz9bJZIWwzqatg (RSA)
 
stemy login:

#2

Salut,

Quand tu dis inaccessible, accès HTTPS ? Ssh? Les deux? Serveur physique ou VM ?
Dans tous les cas et en plus du dmesg, pourrais tu expliquer plus en détail avec les logs en fonction des services impactés ?

@++

martoni


#3

Seul le ssh local est accessible, et je n’ai aucune machine virtuelle.

Comme indiqué dant la sortie terminal, j’ai consulté les statuts de plusieurs services, je ne sais pas si c’est de ça que tu parles.

root@stemy:~# systemctl status networking.service
● networking.service - Raise network interfaces
   Loaded: loaded (/lib/systemd/system/networking.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Tue 2018-07-03 22:57:47 CEST; 6min ago
     Docs: man:interfaces(5)
  Process: 286 ExecStart=/sbin/ifup -a --read-environment (code=exited, status=1/FAILURE)
  Process: 260 ExecStartPre=/bin/sh -c [ "$CONFIGURE_INTERFACES" != "no" ] && [ -n "$(ifquery --read-environment --lis
 Main PID: 286 (code=exited, status=1/FAILURE)

Jul 03 22:57:46 stemy.me ifup[286]: than a configuration issue please read the section on submitting
Jul 03 22:57:46 stemy.me ifup[286]: bugs on either our web page at www.isc.org or in the README file
Jul 03 22:57:46 stemy.me ifup[286]: before submitting a bug.  These pages explain the proper
Jul 03 22:57:46 stemy.me ifup[286]: process and the information we find helpful for debugging..
Jul 03 22:57:46 stemy.me ifup[286]: exiting.
Jul 03 22:57:46 stemy.me ifup[286]: ifup: failed to bring up usb0
Jul 03 22:57:47 stemy.me systemd[1]: networking.service: Main process exited, code=exited, status=1/FAILURE
Jul 03 22:57:47 stemy.me systemd[1]: Failed to start Raise network interfaces.
Jul 03 22:57:47 stemy.me systemd[1]: networking.service: Unit entered failed state.
Jul 03 22:57:47 stemy.me systemd[1]: networking.service: Failed with result 'exit-code'.
root@stemy:~#

   root@stemy:~# systemctl status php7.0-fpm.service
● php7.0-fpm.service - The PHP 7.0 FastCGI Process Manager
   Loaded: loaded (/lib/systemd/system/php7.0-fpm.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Tue 2018-07-03 22:57:56 CEST; 12min ago
     Docs: man:php-fpm7.0(8)
  Process: 574 ExecStart=/usr/sbin/php-fpm7.0 --nodaemonize --fpm-config /etc/php/7.0/fpm/php-fpm.conf (code=exited, s
 Main PID: 574 (code=exited, status=78)

Jul 03 22:57:47 stemy.me systemd[1]: Starting The PHP 7.0 FastCGI Process Manager...
Jul 03 22:57:56 stemy.me php-fpm7.0[574]: [03-Jul-2018 22:57:56] ERROR: [pool piratebox_admin] cannot get uid for user
Jul 03 22:57:56 stemy.me php-fpm7.0[574]: [03-Jul-2018 22:57:56] ERROR: FPM initialization failed
Jul 03 22:57:56 stemy.me systemd[1]: php7.0-fpm.service: Main process exited, code=exited, status=78/n/a
Jul 03 22:57:56 stemy.me systemd[1]: Failed to start The PHP 7.0 FastCGI Process Manager.
Jul 03 22:57:56 stemy.me systemd[1]: php7.0-fpm.service: Unit entered failed state.
Jul 03 22:57:56 stemy.me systemd[1]: php7.0-fpm.service: Failed with result 'exit-code'.
root@stemy:~#

root@stemy:~# systemctl status php5-fpm.service
● php5-fpm.service - The PHP FastCGI Process Manager
   Loaded: loaded (/lib/systemd/system/php5-fpm.service; disabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Tue 2018-07-03 22:58:19 CEST; 13min ago
  Process: 1085 ExecStart=/usr/sbin/php5-fpm --nodaemonize --fpm-config /etc/php5/fpm/php-fpm.conf (code=exited, statu
  Process: 743 ExecStartPre=/usr/lib/php5/php5-fpm-checkconf (code=exited, status=0/SUCCESS)
 Main PID: 1085 (code=exited, status=78)

Jul 03 22:57:51 stemy.me systemd[1]: Starting The PHP FastCGI Process Manager...
Jul 03 22:58:19 stemy.me php5-fpm[1085]: [03-Jul-2018 22:58:19] ERROR: [pool piratebox_admin] cannot get uid for user 
Jul 03 22:58:19 stemy.me php5-fpm[1085]: [03-Jul-2018 22:58:19] ERROR: FPM initialization failed
Jul 03 22:58:19 stemy.me systemd[1]: php5-fpm.service: Main process exited, code=exited, status=78/n/a
Jul 03 22:58:19 stemy.me systemd[1]: Failed to start The PHP FastCGI Process Manager.
Jul 03 22:58:19 stemy.me systemd[1]: php5-fpm.service: Unit entered failed state.
Jul 03 22:58:19 stemy.me systemd[1]: php5-fpm.service: Failed with result 'exit-code'.
root@stemy:~#

#4

Merci pour les infos.
On va commencer par la couche basse.
Est-ce que la configuration IP est bonne et est-ce que tu ping ta passerelle ? Côté fichier /etc/hosts, tout est ok? Est-ce que tu as les ports en écoute, vérification local avec netstat -ltunp
Test extérieur avec
https://ports.yunohost.org
En local, est-ce que tu peux faire un :
curl https://localhost/yunohost/sso

@++

martoni


#5

Voilà les résultats

stem@P35-DS3R:~$ ping stemy.me
PING stemy.me (80.67.181.213) 56(84) bytes of data.
From vpn.neutrinet.be (80.67.181.3) icmp_seq=1 Time to live exceeded
From vpn.neutrinet.be (80.67.181.3) icmp_seq=2 Time to live exceeded
From vpn.neutrinet.be (80.67.181.3) icmp_seq=3 Time to live exceeded
From vpn.neutrinet.be (80.67.181.3) icmp_seq=4 Time to live exceeded
^C
--- stemy.me ping statistics ---
4 packets transmitted, 0 received, +4 errors, 100% packet loss, time 3001ms

stem@P35-DS3R:~$

127.0.1.1       olinux
127.0.1.1       olinux
127.0.1.1       olinux
127.0.1.1       olinux
127.0.1.1       olinux
127.0.1.1       olinux
127.0.0.1       localhost
::1             localhost ip6-localhost ip6-loopback
ff02::1         ip6-allnodes
ff02::2         ip6-allrouters

root@stemy:~# netstat -ltunp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:5269            0.0.0.0:*               LISTEN      1044/lua5.1         
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN      754/dnsmasq         
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      640/sshd            
tcp        0      0 127.0.0.1:5432          0.0.0.0:*               LISTEN      399/postgres        
tcp        0      0 127.0.0.1:61209         0.0.0.0:*               LISTEN      724/python3         
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      1738/master         
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      1073/nginx: master  
tcp        0      0 0.0.0.0:4190            0.0.0.0:*               LISTEN      1401/dovecot        
tcp        0      0 0.0.0.0:993             0.0.0.0:*               LISTEN      1401/dovecot        
tcp        0      0 127.0.0.1:6787          0.0.0.0:*               LISTEN      562/python          
tcp        0      0 127.0.0.1:11332         0.0.0.0:*               LISTEN      997/rspamd: main pr 
tcp        0      0 127.0.0.1:11333         0.0.0.0:*               LISTEN      997/rspamd: main pr 
tcp        0      0 0.0.0.0:389             0.0.0.0:*               LISTEN      823/slapd           
tcp        0      0 192.168.1.6:5349        0.0.0.0:*               LISTEN      621/turnserver      
tcp        0      0 127.0.0.1:5349          0.0.0.0:*               LISTEN      621/turnserver      
tcp        0      0 192.168.1.6:5349        0.0.0.0:*               LISTEN      621/turnserver      
tcp        0      0 127.0.0.1:5349          0.0.0.0:*               LISTEN      621/turnserver      
tcp        0      0 127.0.0.1:11334         0.0.0.0:*               LISTEN      997/rspamd: main pr 
tcp        0      0 0.0.0.0:5222            0.0.0.0:*               LISTEN      1044/lua5.1         
tcp        0      0 192.168.1.6:5350        0.0.0.0:*               LISTEN      621/turnserver      
tcp        0      0 127.0.0.1:5350          0.0.0.0:*               LISTEN      621/turnserver      
tcp        0      0 192.168.1.6:5350        0.0.0.0:*               LISTEN      621/turnserver      
tcp        0      0 127.0.0.1:5350          0.0.0.0:*               LISTEN      621/turnserver      
tcp        0      0 127.0.0.1:5766          0.0.0.0:*               LISTEN      621/turnserver      
tcp        0      0 127.0.0.1:9001          0.0.0.0:*               LISTEN      633/node            
tcp        0      0 127.0.0.1:5290          0.0.0.0:*               LISTEN      1044/lua5.1         
tcp        0      0 0.0.0.0:587             0.0.0.0:*               LISTEN      1738/master         
tcp        0      0 127.0.0.1:6379          0.0.0.0:*               LISTEN      646/redis-server 12 
tcp        0      0 127.0.0.1:5582          0.0.0.0:*               LISTEN      1044/lua5.1         
tcp        0      0 0.0.0.0:143             0.0.0.0:*               LISTEN      1401/dovecot        
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      1073/nginx: master  
tcp6       0      0 :::5269                 :::*                    LISTEN      1044/lua5.1         
tcp6       0      0 :::53                   :::*                    LISTEN      754/dnsmasq         
tcp6       0      0 :::22                   :::*                    LISTEN      640/sshd            
tcp6       0      0 ::1:5432                :::*                    LISTEN      399/postgres        
tcp6       0      0 :::25                   :::*                    LISTEN      1738/master         
tcp6       0      0 :::443                  :::*                    LISTEN      1073/nginx: master  
tcp6       0      0 :::4190                 :::*                    LISTEN      1401/dovecot        
tcp6       0      0 :::993                  :::*                    LISTEN      1401/dovecot        
tcp6       0      0 ::1:11332               :::*                    LISTEN      997/rspamd: main pr 
tcp6       0      0 ::1:11333               :::*                    LISTEN      997/rspamd: main pr 
tcp6       0      0 :::389                  :::*                    LISTEN      823/slapd           
tcp6       0      0 ::1:5349                :::*                    LISTEN      621/turnserver      
tcp6       0      0 ::1:5349                :::*                    LISTEN      621/turnserver      
tcp6       0      0 ::1:11334               :::*                    LISTEN      997/rspamd: main pr 
tcp6       0      0 :::5222                 :::*                    LISTEN      1044/lua5.1         
tcp6       0      0 ::1:5350                :::*                    LISTEN      621/turnserver      
tcp6       0      0 ::1:5350                :::*                    LISTEN      621/turnserver      
tcp6       0      0 :::3306                 :::*                    LISTEN      892/mysqld          
tcp6       0      0 ::1:5290                :::*                    LISTEN      1044/lua5.1         
tcp6       0      0 :::587                  :::*                    LISTEN      1738/master         
tcp6       0      0 ::1:5582                :::*                    LISTEN      1044/lua5.1         
tcp6       0      0 :::143                  :::*                    LISTEN      1401/dovecot        
tcp6       0      0 :::80                   :::*                    LISTEN      1073/nginx: master  
udp        0      0 192.168.1.6:5349        0.0.0.0:*                           621/turnserver      
udp        0      0 192.168.1.6:5349        0.0.0.0:*                           621/turnserver      
udp        0      0 127.0.0.1:5349          0.0.0.0:*                           621/turnserver      
udp        0      0 127.0.0.1:5349          0.0.0.0:*                           621/turnserver      
udp        0      0 192.168.1.6:5350        0.0.0.0:*                           621/turnserver      
udp        0      0 192.168.1.6:5350        0.0.0.0:*                           621/turnserver      
udp        0      0 127.0.0.1:5350          0.0.0.0:*                           621/turnserver      
udp        0      0 127.0.0.1:5350          0.0.0.0:*                           621/turnserver      
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           314/avahi-daemon: r 
udp        0      0 0.0.0.0:34041           0.0.0.0:*                           17053/host          
udp        0      0 0.0.0.0:53              0.0.0.0:*                           754/dnsmasq         
udp        0      0 0.0.0.0:68              0.0.0.0:*                           483/dhclient        
udp        0      0 0.0.0.0:36490           0.0.0.0:*                           314/avahi-daemon: r 
udp6       0      0 ::1:5349                :::*                                621/turnserver      
udp6       0      0 ::1:5349                :::*                                621/turnserver      
udp6       0      0 ::1:5350                :::*                                621/turnserver      
udp6       0      0 ::1:5350                :::*                                621/turnserver      
udp6       0      0 :::5353                 :::*                                314/avahi-daemon: r 
udp6       0      0 :::60149                :::*                                314/avahi-daemon: r 
udp6       0      0 :::53                   :::*                                754/dnsmasq         
root@stemy:~#

De l’extérieur, aucun port n’est accessible.

    root@stemy:~# curl https://localhost/yunohost/sso
    curl: (60) SSL certificate problem: unable to get local issuer certificate
    More details here: https://curl.haxx.se/docs/sslcerts.html

    curl performs SSL certificate verification by default, using a "bundle"
     of Certificate Authority (CA) public keys (CA certs). If the default
     bundle file isn't adequate, you can specify an alternate file
     using the --cacert option.
    If this HTTPS server uses a certificate signed by a CA represented in
     the bundle, the certificate verification probably failed due to a
     problem with the certificate (it might be expired, or the name might
     not match the domain name in the URL).
    If you'd like to turn off curl's verification of the certificate, use
     the -k (or --insecure) option.

    root@stemy:~# curl -k https://localhost/yunohost/sso
    <html>
    <head><title>302 Found</title></head>
    <body bgcolor="white">
    <center><h1>302 Found</h1></center>
    <hr><center>nginx</center>
    </body>
    </html>
    root@stemy:~#

Voilà


#6

Bonjour,

Quels sont les éléments entre le wan et le lan pour accéder depuis l’extérieur ?
Pourrais-tu vérifier les configurations routing + port et leurs activation ?
Côté applicatif, tes services semblent en écoute et on accède à yunohost depuis le serveur.
Pour le test https://ports.yunohost.org, tout est rouge ou certains en vert ?

@++

martoni


#7

Un VPN

Comment dois-je faire ça ?

Ils sont tous en rouge.


#8

Bonjour,

Il faudrait checker ton VPN, le serveur qui l’héberge ou voir avec la société qui te fourni le service.
Déjà, tu le ping maintenant, si tu l’as mis en place côté VPN client sur ton serveur yunohost, vois ta configuration et les règles du VPN.
Autrement, écrit au support de l’offre de ton VPN.

@++

martoni


#9

Le serveur VPN répond bien quand je le ping.

Ce que je ne comprends pas, c’est comment le problème a pu apparaître soudainement alors que tout fonctionnait jusque-là sans que je n’aie rien fait.

Une info en plus: impossible de démarrer le service vpn, ça fait 10 minutes qu’il est bloqué dessus.

Ça m’embête beaucoup parce que vu l’usage que j’en ai, le dépannage est plus qu’urgent.


#10

Il n’y a pas eu de mise à jour récente d’effectuée sur le système? J’ai eu des soucis en passant à la dernière version de Debian : Stretch

D’après les logs fournis, il y a un problème de démarrage de php-fpm :

Je ne connais pas le fonctionnement de la brique internet et si c’est lié à ton problème
J’ai eu un problème similaire et tu sembles avoir des connaissances en informatique, essais de regarder ce post pour t’en inspirer : 502 Bad Gateway error depuis la migration vers la V3


#11

Salut,

Sans réseau ça pue …

Et je ne comprends pas pourquoi «usb0»:

Est-ce que tu peux fournir la sortie de # ip a ?


#12

Voilà

root@stemy:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 02:03:08:c1:3f:b4 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.6/24 brd 192.168.1.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::3:8ff:fec1:3fb4/64 scope link 
       valid_lft forever preferred_lft forever
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 02:e1:b0:12:74:00 brd ff:ff:ff:ff:ff:ff
    inet 10.0.242.1/24 scope global wlan0
       valid_lft forever preferred_lft forever
    inet6 fe80::e1:b0ff:fe12:7400/64 scope link 
       valid_lft forever preferred_lft forever
root@stemy:~#

#13

pas de vpn

Est-ce que tu peux # tail -50 /var/log/openvpn-client.log et nous fournir la sortie pour avoir une vue sur les 50 dernières lignes du journal d’openvpn client?

pas de php-fpm (5 ou 7)

Dans les deux cas de php-fpm il semblerait que l’application piratebox pose problème.

Donc…

  • soit il faut essayer de la désinstaller, quitte à la réinstaller plus tard (avec ou sans backup en fonction de ce que tu en fais).
  • soit il faut juste essayer de faire fonctionnes php-fpm sans piratebox en veillant à mettre de côté les fichiers faisant référence à piratebox et qui se trouveraient dans /etc/php5/fpm/pool.d/ et dans /etc/php/7.0/fpm/pool.d.

Pour mettre de côté tu peux par exemple faire # mv /etc/php5/fpm/pool.d/piratebox.conf /root/piratebox.conf.php5 pour peu que le fichiers a déplacer temporairement soit bien piratebox.conf. Et faire pareil pour ce qui est de php7.

Ensuite tenter # yunohost service start php5-fpm et # yunohost service start php5-fpm et vérifier si les services ont démarré avec # systemctl status php5-fpm.service et # systemctl status php7-fpm.service.

Ça ne résoudra pas le problème avec l’application piratebox mais ça permettra peut-être de faire démarrer php-fpm.


#14

Bon, j’ai essayé une demi-douzaine de fois de le démarrer mais ça bloque à chaque fois.Soit il tente de démarrer synapse en boucle sans y parvenir, du coup la séquence de boot est au point mort, soit il démarre mais me met «connexion refusée» quand je tente de me connecter en ssh.

J’ai l’impression que c’est de pire en pire,


#15

Bon, j’ai dû mette la carte SD dans mon PC, puisque même le ssh local ne marche plus.

Log openvpn

Quant à ta solution, elle n’a pas du tout fonctionné, aucun changement.


#16

pas de vpn

Dans le log open vpn le message est assez clair Sat Jul 7 08:48:21 2018 WARNING: Your certificate has expired! ce qui est étrange puisque la dernière version de neutrinet_ynh prend en compte le renouvellement du certificat ssl.

Par contre, à ma connaissance, cela n’a pas encore été testé sur stretch et si je ne me trompe pas, le fait qu’il y ait php7-fpm sur ta brique c’est que la mise à niveau a été faite non?

Si l’accès réseau revient, que ssh fonctionne et que la brique est connectée à Internet il y a un guide pour le renouvellement du certificat.

pas de php-fpm

Par contre c’est bien dommage que la piste piratebox ne fonctionne pas parce que ça me semblait un bon angle. Quelles sont les sorties de # systemctl status php5-fpm.service et # systemctl status php7-fpm.service avec l’application piratebox mise de côté?


#17

Il y a du nouveau: le serveur mail fonctionne de nouveau et le portail est à nouveau accessible.

Par contre, nextcloud me retourne une erreur 502 et Synapse ne fonctionne toujours pas.

Autre bizarrerie: malgré l’évolution de la situation, j’ai toujours les mêmes messages d’erreur au démarrage.


#18

Petit bilan: toutes les applications fonctionnent, sauf piratebox (erreur 502 mais je m’y attendais) et synapse (erreur 502).

php5 et php7 fonctionnent bien tous les deux.


#19

Update. J’ai dû redémarrer le serveur et de nouveaux problèmes sont apparus. Seules les applis de serveur mail, Hextris, Neutrinet, Riot et yunosearx fonctionnent, absolument toutes les autres me retournent une erreur 502.


#20

Il faudrait donner plus de détails, par exemple le nom des applis qui ne fonctionnent pas.

En attendant je vais essayer de deviner et miser sur le fait que les applis qui ne fonctionnent pas sont des applis PHP et donc qui dépendent des services php-fpm (pour PHP v5 et/ou PHP v7).
Que donnent les commandes suivantes ?

sudo systemctl status php7.0-fpm
sudo systemctl status php5-fpm