Join Log in
Score:3
avatar Server

Server become unreachable and ask for a htaccess

om flag
Dlazzy

I'm currently running an Ubuntu 20.04 server on a Gigabyte BRIX (GB-BACE-3000), it works well except the network since few days.

After a while (few hours after powering up) I can't reach the server using SSH, it throw a connection refused error.

I also host a local website on it, that I access by editing my /etc/hosts. When the SSH become unavailable, the website also ask for a htaccess! Since there no htaccess at all on this server I don't understand.

This is almost a fresh install of the server, only nginx, mariadb are running. UFW is inactive, iptables have no rules.

Services like network are running, I don't see any errors, no logs (local check).

Nginx server block for the local website (most simple vhost...) :

server {
  listen 80;

  server_name my-website.lo;

  root /var/www/html/my-website.lo;
  index index.html;
}

The nginx.conf is the default one. The sshd_config is also the default one.

Do you think this can be an hardware issue? Is there is any more logs I can check?

UPDATE:

Here is the full nginx -T output. The barebone-test.lo is only for a test website (auto reload every 5 seconds), to know when the server network go down.

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
# configuration file /etc/nginx/nginx.conf:
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
    worker_connections 768;
    # multi_accept on;
}

http {

    ##
    # Basic Settings
    ##

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    # server_tokens off;

    # server_names_hash_bucket_size 64;
    # server_name_in_redirect off;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    ##
    # SSL Settings
    ##

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
    ssl_prefer_server_ciphers on;

    ##
    # Logging Settings
    ##

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    ##
    # Gzip Settings
    ##

    gzip on;

    # gzip_vary on;
    # gzip_proxied any;
    # gzip_comp_level 6;
    # gzip_buffers 16 8k;
    # gzip_http_version 1.1;
    # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

    ##
    # Virtual Host Configs
    ##

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
}


#mail {
#   # See sample authentication script at:
#   # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
# 
#   # auth_http localhost/auth.php;
#   # pop3_capabilities "TOP" "USER";
#   # imap_capabilities "IMAP4rev1" "UIDPLUS";
# 
#   server {
#       listen     localhost:110;
#       protocol   pop3;
#       proxy      on;
#   }
# 
#   server {
#       listen     localhost:143;
#       protocol   imap;
#       proxy      on;
#   }
#}

# configuration file /etc/nginx/modules-enabled/50-mod-http-image-filter.conf:
load_module modules/ngx_http_image_filter_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-http-xslt-filter.conf:
load_module modules/ngx_http_xslt_filter_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-mail.conf:
load_module modules/ngx_mail_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-stream.conf:
load_module modules/ngx_stream_module.so;

# configuration file /etc/nginx/mime.types:

types {
    text/html                             html htm shtml;
    text/css                              css;
    text/xml                              xml;
    image/gif                             gif;
    image/jpeg                            jpeg jpg;
    application/javascript                js;
    application/atom+xml                  atom;
    application/rss+xml                   rss;

    text/mathml                           mml;
    text/plain                            txt;
    text/vnd.sun.j2me.app-descriptor      jad;
    text/vnd.wap.wml                      wml;
    text/x-component                      htc;

    image/png                             png;
    image/tiff                            tif tiff;
    image/vnd.wap.wbmp                    wbmp;
    image/x-icon                          ico;
    image/x-jng                           jng;
    image/x-ms-bmp                        bmp;
    image/svg+xml                         svg svgz;
    image/webp                            webp;

    application/font-woff                 woff;
    application/java-archive              jar war ear;
    application/json                      json;
    application/mac-binhex40              hqx;
    application/msword                    doc;
    application/pdf                       pdf;
    application/postscript                ps eps ai;
    application/rtf                       rtf;
    application/vnd.apple.mpegurl         m3u8;
    application/vnd.ms-excel              xls;
    application/vnd.ms-fontobject         eot;
    application/vnd.ms-powerpoint         ppt;
    application/vnd.wap.wmlc              wmlc;
    application/vnd.google-earth.kml+xml  kml;
    application/vnd.google-earth.kmz      kmz;
    application/x-7z-compressed           7z;
    application/x-cocoa                   cco;
    application/x-java-archive-diff       jardiff;
    application/x-java-jnlp-file          jnlp;
    application/x-makeself                run;
    application/x-perl                    pl pm;
    application/x-pilot                   prc pdb;
    application/x-rar-compressed          rar;
    application/x-redhat-package-manager  rpm;
    application/x-sea                     sea;
    application/x-shockwave-flash         swf;
    application/x-stuffit                 sit;
    application/x-tcl                     tcl tk;
    application/x-x509-ca-cert            der pem crt;
    application/x-xpinstall               xpi;
    application/xhtml+xml                 xhtml;
    application/xspf+xml                  xspf;
    application/zip                       zip;

    application/octet-stream              bin exe dll;
    application/octet-stream              deb;
    application/octet-stream              dmg;
    application/octet-stream              iso img;
    application/octet-stream              msi msp msm;

    application/vnd.openxmlformats-officedocument.wordprocessingml.document    docx;
    application/vnd.openxmlformats-officedocument.spreadsheetml.sheet          xlsx;
    application/vnd.openxmlformats-officedocument.presentationml.presentation  pptx;

    audio/midi                            mid midi kar;
    audio/mpeg                            mp3;
    audio/ogg                             ogg;
    audio/x-m4a                           m4a;
    audio/x-realaudio                     ra;

    video/3gpp                            3gpp 3gp;
    video/mp2t                            ts;
    video/mp4                             mp4;
    video/mpeg                            mpeg mpg;
    video/quicktime                       mov;
    video/webm                            webm;
    video/x-flv                           flv;
    video/x-m4v                           m4v;
    video/x-mng                           mng;
    video/x-ms-asf                        asx asf;
    video/x-ms-wmv                        wmv;
    video/x-msvideo                       avi;
}

# configuration file /etc/nginx/sites-enabled/barebone-test.lo:
server {
  listen 80;

  server_name barebone-test.lo;

  root /var/www/html/barebone-test.lo;
  index index.html;
}

# configuration file /etc/nginx/sites-enabled/default:
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##

# Default server configuration
#
server {
    listen 80 default_server;
    listen [::]:80 default_server;

    # SSL configuration
    #
    # listen 443 ssl default_server;
    # listen [::]:443 ssl default_server;
    #
    # Note: You should disable gzip for SSL traffic.
    # See: https://bugs.debian.org/773332
    #
    # Read up on ssl_ciphers to ensure a secure configuration.
    # See: https://bugs.debian.org/765782
    #
    # Self signed certs generated by the ssl-cert package
    # Don't use them in a production server!
    #
    # include snippets/snakeoil.conf;

    root /var/www/html;

    # Add index.php to the list if you are using PHP
    index index.html index.htm index.nginx-debian.html;

    server_name _;

    location / {
        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
        try_files $uri $uri/ =404;
    }

    # pass PHP scripts to FastCGI server
    #
    #location ~ \.php$ {
    #   include snippets/fastcgi-php.conf;
    #
    #   # With php-fpm (or other unix sockets):
    #   fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
    #   # With php-cgi (or other tcp sockets):
    #   fastcgi_pass 127.0.0.1:9000;
    #}

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht {
    #   deny all;
    #}
}


# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
#   listen 80;
#   listen [::]:80;
#
#   server_name example.com;
#
#   root /var/www/example.com;
#   index index.html;
#
#   location / {
#       try_files $uri $uri/ =404;
#   }
#}

Also when Nginx is running, lsof -Pi :80 return:

nginx   975     root    6u  IPv4  32176      0t0  TCP *:80 (LISTEN)
nginx   975     root    7u  IPv6  32177      0t0  TCP *:80 (LISTEN)
nginx   976 www-data    6u  IPv4  32176      0t0  TCP *:80 (LISTEN)
nginx   976 www-data    7u  IPv6  32177      0t0  TCP *:80 (LISTEN)
nginx   977 www-data    6u  IPv4  32176      0t0  TCP *:80 (LISTEN)
nginx   977 www-data    7u  IPv6  32177      0t0  TCP *:80 (LISTEN)

And lsof -Pi :443 return nothing. Finally, when Nginx is stopped both commands does not throw any output. Next time the server become unreachable, I will stop Nginx from physical access and then check if my test website is always asking for login and password or showing a connection refused since the webserver is stopped.

122
0 + 0
ssh
kz flag
MrWhite
"the website also ask for a htaccess!" - How does the website "ask for htaccess"?!
1
Reply
om flag
Dlazzy
When I say "htaccess", I mean the website is asking for login and password like: https://www.lansweeper.com/wp-content/uploads/2015/02/enabling-or-disabling-web-browser-login-prompts-1.jpg (image found on google)
0
Reply
om flag
Dlazzy
omg yes sorry @djdomi and @MrWhite , I should not mention `.htaccess` you are right. Anyway with a curl it return a *401*. Don't know why since the website is working few minutes/hours and then throw this! (without doing anything on website, or server)
0
Reply
djdomi avatar
za flag
djdomi
don't use generic pictures. Use curl to verify the headers - verify if Apache or similar is going into that because nginx doesn't care about .htaccess files. It only accepts an authfile as Variable in the Config. And if this is not present, then i believe at least near 99% a other Web server is joining the party.
0
Reply
djdomi avatar
za flag
djdomi
please show us the full nginx -T, moreover stop the Webservers daemon for 5 minute and try lsof -Pi :80 and lsof -Pi :443 if the response stay empty and furthermore try accessing the site if its still available, if yes then theres something wrong
0
Reply
kz flag
MrWhite
Being prompted for login/password doesn't necessarily have anything to do with `.htaccess`. HTTP Authentication (in the browser) is triggered if the server responds with a 401 status and an appropriate `WWW-Authenticate` header. Mentioning `.htaccess` in this context is just misleading. (Even on Apache, you don't _need_ `.htaccess` to trigger a login/password prompt.)
2
Reply
om flag
Dlazzy
@djdomi I've updated my post to avoid spamming comments area
1
Reply
Nikita Kipriyanov avatar
za flag
Nikita Kipriyanov
When you lose access via SSH, this must be accounted in the logs somehow. Did you tried to find this out?
0
Reply
om flag
Dlazzy
@NikitaKipriyanov Unfortunately I've check in `/var/log/auth.log` and nothing open when trying a SSH connection (in case of unreachable server)
0
Reply
Nikita Kipriyanov avatar
za flag
Nikita Kipriyanov
If the connection to SSH was refused, there couldn't be any authentication attempts. You need to read other logs aroud the presumably break time. Do you have any firewall and autobanning features, e.g. fail2ban?
0
Reply
om flag
Dlazzy
Absolutely no firewall like ufw or f2b. About other logs to be honest I don't know where to search. From Nginx logs to SSH logs I don't know if there is any possible logs elsewhere :/
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.