I am trying to run nginx as a reverse proxy server on my Microsoft Windows
Server 2016 Standard computer.
I previously have used Microsoft IIS and Apache Tomcat on this computer to
serve webpages on port 80 and port 8080 respectively.
However, I want to have some of my websites use SSL and be accessed
using HTTPS.
So, I decided to install the nginx web server software on
the computer. I planned to using it as a reverse proxy server which
would receive both insecure HTML and secure HTTPS webpage requests and
then proxy them to the appropriate software webservers on the same
computer.
I changed all the IIS sites that had been using port 80 to use port 81
instead.
I then wrote the nginx.conf configuration file which listens on port 80
for each of
my server_names and then proxy the page requests to the appropriate
software webserver.
Once that works, I plan to install the SSL certificates in nginx and
process secure
HTMLS requests as well.
But nginx fails to start on the computer. It produces the following
error message.
bind() to 0.0.0.0:80 failed (10013: An attempt was made to access
a socket in a way
forbidden by its access permissions)
Because the message appears to indicate that there is a conflict using
port 80 decided
to see which tasks were using port 80. To do so, I opened a command
window with
administrative privileges and ran the following command:
netstat -ano | findstr :80
I then examined the output for entries with a state of "LISTENING" and a
local address
of "0.0.0.0:80" or ":::80" (IPv6). The output's "PID" column provided
the process ID
(PID) of the process using port 80.
I then used Task Manager to find the process names associated with that
PIDs.
I found that port 80 is being used by both task "System" by user
"SYSTEM" for "NT Kernel and System"
with a PID of 4 and also for task "System Idle Process" by user "SYSTEM"
for
"Percentage of time the processor is idle" with a PID of 0.
I then tried to open nginx on my Windows 11 pro home desktop computer.
It opened successfully
and functioned doing reverse proxying as I desired. For comparison
sake, I looked at the
tasks using port 80 as I had on my windows server. On the desktop, the
only task using port
80 is nginx.
I then changed the nginx listening directives on the Windows Server
computer to listen on
port 90 rather than port 80. After this change on the MS Windows Server
2016 nginx
succeeded in starting and performed reverse proxying successfully.
This seems to indicate that the problem is with a conflict in the use of
port 80 rather than in my
nginx configuration.
However, remote website users browse to my website pages using the
default port of 80 rather than port 90.
How can I make the system work?
For completeness I am copying the nginx.conf file listening on port 80
below.
# directives in the 'main' context
worker_processes 1;
events { # events context/block
# configuration of connection processing
}
http { # http context specific to HTTP affecting all virtual servers
server_names_hash_bucket_size 64; # avoids error message for
multiple server_Name entries
server { # configuration of yogisource HTTP virtual port 80 server
listen 80;
server_name yogisource.com www.yogisource.com;
location / {
proxy_pass http://yogisource.com:81/;
} # end of location block
} # end of yogisource server block
server { # configuration of clearwaterescapes HTTP virtual port 80
server
listen 80;
server_name clearwaterescapes.com www.clearwaterescapes.com;
location / {
# send local host requests of the form
http://clearwaterescapes.com to
# http://clearwaterescapes.com:8080/vo/Clearwater
proxy_pass http://clearwaterescapes.com:8080/vo/Clearwater/;
} # end of location block
location /camp/ {
proxy_pass
http://clearwaterescapes.com:8080/vo/Clearwater/Camp/?Prop=2;
} # end of location block
# // http://clearwaterescapes.com:81/Clearwater/Camp/camprental.pdf
works ...
# The following Nginx location directives sends clearwaterescapes.com
urls
# containing case insensitive "camp" or "house" to ClearwaterEscapes on
# port 81 where to be served by the Microsoft IIS server
location ~* ^/camp/ {
set $proxy_pass_url http://ClearwaterEscapes.com:81/camp/;
proxy_pass $proxy_pass_url;
# proxy_pass http://ClearwaterEscapes.com:81/camp/ ;
} # end of location block
location ~* ^/House/ {
set $proxy_pass_url http://ClearwaterEscapes.com:81/house/;
proxy_pass $proxy_pass_url;
} # end of location block
} # end of ClearwaterEscapes server block
server { # configuration of freshpondrentals HTTP virtual port 80
server
listen 80;
server_name freshpondrentals.com www.freshpondrentals.com;
location / {
# send local host requests of the form
http://freshpondrentals.com to
# http://freshpondrentals.com:8080/vo/camb
proxy_pass http://freshpondrentals.com:8080/vo/camb/;
} # end of location block
location /StudioApartment/ {
# send local host requests of the form
# http://freshpondrentals.com/camb/StudioApartment
# to
# http://freshpondrentals.com:8080/vo/camb/StudioApartment
proxy_pass
http://freshpondrentals.com:8080/vo/camb/StudioApartment/index.jsp/;
} # end of location block
} # end of freshpondrentals server block
server { # configuration of oppsprops HTTP virtual port 80 server
listen 80;
server_name oppsprops.com www.oppsprops.com;
# listen 443 ssl;
# ssl_certificate "C:/nginx/conf/ssl/certs/oppsprops.com.crt";
# ssl_certificate_key "C:/nginx/conf/ssl/keys/oppsprops.com.key";
#
# location / {
# proxy_pass http://oppsprops.com:81/;
# } # end of location block
location ~ /.jsp$ {
set $proxy_pass_url http://oppsprops.com:8080;
proxy_pass $proxy_pass_url;
} # end of location block
location / {
proxy_pass http://oppsprops.com:8080/;
} # end of location block
} # end of oppsprops server block
} # end of http block
> insecure HTML and secure HTTPS webpage requests
Did you mean to say insecure HTTP and secure HTTPS webpage requests?
> process secure HTMLS requests as well
Did you mean to say process secure HTTPS requests as well?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20240203/37f11409/attachment.htm>
Hello!
> I found that port 80 is being used by both task "System" by user
"SYSTEM" for "NT Kernel and System"
with a PID of 4 and also for task "System Idle Process" by user "SYSTEM"
for
"Percentage of time the processor is idle" with a PID of 0.
This is typically the Web Deployment Agent Service (MsDepSvc) (this often
uses PID4) or Host Network Service - both stoppable from from services.msc
Let us know how you get on!
On Sat, 3 Feb 2024 at 18:51, Victor Oppenheimer <victor at camb.com> wrote:
> I am trying to run nginx as a reverse proxy server on my Microsoft Windows
> Server 2016 Standard computer.
>
> I previously have used Microsoft IIS and Apache Tomcat on this computer to
> serve webpages on port 80 and port 8080 respectively.
>
> However, I want to have some of my websites use SSL and be accessed
> using HTTPS.
>
> So, I decided to install the nginx web server software on
> the computer. I planned to using it as a reverse proxy server which
> would receive both insecure HTML and secure HTTPS webpage requests and
> then proxy them to the appropriate software webservers on the same
> computer.
>
> I changed all the IIS sites that had been using port 80 to use port 81
> instead.
> I then wrote the nginx.conf configuration file which listens on port 80
> for each of
> my server_names and then proxy the page requests to the appropriate
> software webserver.
>
> Once that works, I plan to install the SSL certificates in nginx and
> process secure
> HTMLS requests as well.
>
> But nginx fails to start on the computer. It produces the following
> error message.
> bind() to 0.0.0.0:80 failed (10013: An attempt was made to access
> a socket in a way
> forbidden by its access permissions)
>
> Because the message appears to indicate that there is a conflict using
> port 80 decided
> to see which tasks were using port 80. To do so, I opened a command
> window with
> administrative privileges and ran the following command:
> netstat -ano | findstr :80
>
> I then examined the output for entries with a state of "LISTENING" and a
> local address
> of "0.0.0.0:80" or ":::80" (IPv6). The output's "PID" column provided
> the process ID
> (PID) of the process using port 80.
>
> I then used Task Manager to find the process names associated with that
> PIDs.
>
> I found that port 80 is being used by both task "System" by user
> "SYSTEM" for "NT Kernel and System"
> with a PID of 4 and also for task "System Idle Process" by user "SYSTEM"
> for
> "Percentage of time the processor is idle" with a PID of 0.
>
> I then tried to open nginx on my Windows 11 pro home desktop computer.
> It opened successfully
> and functioned doing reverse proxying as I desired. For comparison
> sake, I looked at the
> tasks using port 80 as I had on my windows server. On the desktop, the
> only task using port
> 80 is nginx.
>
> I then changed the nginx listening directives on the Windows Server
> computer to listen on
> port 90 rather than port 80. After this change on the MS Windows Server
> 2016 nginx
> succeeded in starting and performed reverse proxying successfully.
>
> This seems to indicate that the problem is with a conflict in the use of
> port 80 rather than in my
> nginx configuration.
>
> However, remote website users browse to my website pages using the
> default port of 80 rather than port 90.
>
> How can I make the system work?
>
> For completeness I am copying the nginx.conf file listening on port 80
> below.
>
> # directives in the 'main' context
> worker_processes 1;
> events { # events context/block
> # configuration of connection processing
> }
>
> http { # http context specific to HTTP affecting all virtual servers
> server_names_hash_bucket_size 64; # avoids error message for
> multiple server_Name entries
>
> server { # configuration of yogisource HTTP virtual port 80 server
> listen 80;
> server_name yogisource.com www.yogisource.com;
>
> location / {
> proxy_pass http://yogisource.com:81/;
> } # end of location block
> } # end of yogisource server block
>
> server { # configuration of clearwaterescapes HTTP virtual port 80
> server
> listen 80;
> server_name clearwaterescapes.com www.clearwaterescapes.com;
>
> location / {
> # send local host requests of the form
> http://clearwaterescapes.com to
> # http://clearwaterescapes.com:8080/vo/Clearwater
> proxy_pass http://clearwaterescapes.com:8080/vo/Clearwater/;
> } # end of location block
>
> location /camp/ {
> proxy_pass
> http://clearwaterescapes.com:8080/vo/Clearwater/Camp/?Prop=2;
> } # end of location block
>
> # // http://clearwaterescapes.com:81/Clearwater/Camp/camprental.pdf
> works ...
>
> # The following Nginx location directives sends clearwaterescapes.com
> urls
> # containing case insensitive "camp" or "house" to ClearwaterEscapes on
> # port 81 where to be served by the Microsoft IIS server
>
> location ~* ^/camp/ {
> set $proxy_pass_url http://ClearwaterEscapes.com:81/camp/;
> proxy_pass $proxy_pass_url;
> # proxy_pass http://ClearwaterEscapes.com:81/camp/ ;
> } # end of location block
>
> location ~* ^/House/ {
> set $proxy_pass_url http://ClearwaterEscapes.com:81/house/;
> proxy_pass $proxy_pass_url;
> } # end of location block
>
> } # end of ClearwaterEscapes server block
>
> server { # configuration of freshpondrentals HTTP virtual port 80
> server
> listen 80;
> server_name freshpondrentals.com www.freshpondrentals.com;
>
> location / {
> # send local host requests of the form
> http://freshpondrentals.com to
> # http://freshpondrentals.com:8080/vo/camb
>
> proxy_pass http://freshpondrentals.com:8080/vo/camb/;
> } # end of location block
>
> location /StudioApartment/ {
> # send local host requests of the form
> # http://freshpondrentals.com/camb/StudioApartment
> # to
> # http://freshpondrentals.com:8080/vo/camb/StudioApartment
> proxy_pass
> http://freshpondrentals.com:8080/vo/camb/StudioApartment/index.jsp/;
> } # end of location block
>
> } # end of freshpondrentals server block
>
> server { # configuration of oppsprops HTTP virtual port 80 server
> listen 80;
> server_name oppsprops.com www.oppsprops.com;
>
> # listen 443 ssl;
> # ssl_certificate "C:/nginx/conf/ssl/certs/oppsprops.com.crt";
> # ssl_certificate_key "C:/nginx/conf/ssl/keys/oppsprops.com.key";
> #
> # location / {
> # proxy_pass http://oppsprops.com:81/;
> # } # end of location block
>
> location ~ /.jsp$ {
> set $proxy_pass_url http://oppsprops.com:8080;
> proxy_pass $proxy_pass_url;
> } # end of location block
>
> location / {
> proxy_pass http://oppsprops.com:8080/;
> } # end of location block
> } # end of oppsprops server block
>
> } # end of http block
>
>
>
>
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> https://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20240203/37d6beef/attachment-0001.htm>
Jeremy,
Thank you. I tried to stopping the Web Deployment Agency Service and
ran a test that seemed to work! I will test it more extensively
tomorrow. and let you know
Do you know if there are adverse consequences to changing it's start up
type to "Manual".
Best,
Victor
On 2/3/2024 5:27 PM, Jeremy Cocks via nginx wrote:
>
> Hello!
>
> > I found that port 80 is being used by both task "System" by user
> "SYSTEM" for "NT Kernel and System"
> with a PID of 4 and also for task "System Idle Process" by user "SYSTEM"
> for
> "Percentage of time the processor is idle" with a PID of 0.
>
> This is typically the Web Deployment Agent Service (MsDepSvc) (this
> often uses PID4) or Host Network Service - both stoppable from from
> services.msc
>
> Let us know how you get on!
>
>
> On Sat, 3 Feb 2024 at 18:51, Victor Oppenheimer <victor at camb.com> wrote:
>
> I am trying to run nginx as a reverse proxy server on my Microsoft
> Windows
> Server 2016 Standard computer.
>
> I previously have used Microsoft IIS and Apache Tomcat on this
> computer to
> serve webpages on port 80 and port 8080 respectively.
>
> However, I want to have some of my websites use SSL and be accessed
> using HTTPS.
>
> So, I decided to install the nginx web server software on
> the computer. I planned to using it as a reverse proxy server which
> would receive both insecure HTML and secure HTTPS webpage requests and
> then proxy them to the appropriate software webservers on the same
> computer.
>
> I changed all the IIS sites that had been using port 80 to use
> port 81
> instead.
> I then wrote the nginx.conf configuration file which listens on
> port 80
> for each of
> my server_names and then proxy the page requests to the appropriate
> software webserver.
>
> Once that works, I plan to install the SSL certificates in nginx and
> process secure
> HTMLS requests as well.
>
> But nginx fails to start on the computer. It produces the following
> error message.
> bind() to 0.0.0.0:80 <http://0.0.0.0:80> failed (10013: An
> attempt was made to access
> a socket in a way
> forbidden by its access permissions)
>
> Because the message appears to indicate that there is a conflict
> using
> port 80 decided
> to see which tasks were using port 80. To do so, I opened a command
> window with
> administrative privileges and ran the following command:
> netstat -ano | findstr :80
>
> I then examined the output for entries with a state of "LISTENING"
> and a
> local address
> of "0.0.0.0:80 <http://0.0.0.0:80>" or ":::80" (IPv6). The
> output's "PID" column provided
> the process ID
> (PID) of the process using port 80.
>
> I then used Task Manager to find the process names associated with
> that
> PIDs.
>
> I found that port 80 is being used by both task "System" by user
> "SYSTEM" for "NT Kernel and System"
> with a PID of 4 and also for task "System Idle Process" by user
> "SYSTEM"
> for
> "Percentage of time the processor is idle" with a PID of 0.
>
> I then tried to open nginx on my Windows 11 pro home desktop
> computer.
> It opened successfully
> and functioned doing reverse proxying as I desired. For comparison
> sake, I looked at the
> tasks using port 80 as I had on my windows server. On the
> desktop, the
> only task using port
> 80 is nginx.
>
> I then changed the nginx listening directives on the Windows Server
> computer to listen on
> port 90 rather than port 80. After this change on the MS Windows
> Server
> 2016 nginx
> succeeded in starting and performed reverse proxying successfully.
>
> This seems to indicate that the problem is with a conflict in the
> use of
> port 80 rather than in my
> nginx configuration.
>
> However, remote website users browse to my website pages using the
> default port of 80 rather than port 90.
>
> How can I make the system work?
>
> For completeness I am copying the nginx.conf file listening on
> port 80
> below.
>
> # directives in the 'main' context
> worker_processes 1;
> events { # events context/block
> # configuration of connection processing
> }
>
> http { # http context specific to HTTP affecting all virtual
> servers
> server_names_hash_bucket_size 64; # avoids error message for
> multiple server_Name entries
>
> server { # configuration of yogisource HTTP virtual port 80 server
> listen 80;
> server_name yogisource.com <http://yogisource.com>
> www.yogisource.com <http://www.yogisource.com>;
>
> location / {
> proxy_pass http://yogisource.com:81/;
> } # end of location block
> } # end of yogisource server block
>
> server { # configuration of clearwaterescapes HTTP virtual
> port 80
> server
> listen 80;
> server_name clearwaterescapes.com
> <http://clearwaterescapes.com> www.clearwaterescapes.com
> <http://www.clearwaterescapes.com>;
>
> location / {
> # send local host requests of the form
> http://clearwaterescapes.com to
> # http://clearwaterescapes.com:8080/vo/Clearwater
> proxy_pass http://clearwaterescapes.com:8080/vo/Clearwater/;
> } # end of location block
>
> location /camp/ {
> proxy_pass
> http://clearwaterescapes.com:8080/vo/Clearwater/Camp/?Prop=2;
> } # end of location block
>
> # //
> http://clearwaterescapes.com:81/Clearwater/Camp/camprental.pdf
> works ...
>
> # The following Nginx location directives sends
> clearwaterescapes.com <http://clearwaterescapes.com>
> urls
> # containing case insensitive "camp" or "house" to
> ClearwaterEscapes on
> # port 81 where to be served by the Microsoft IIS server
>
> location ~* ^/camp/ {
> set $proxy_pass_url http://ClearwaterEscapes.com:81/camp/
> <http://ClearwaterEscapes.com:81/camp/>;
> proxy_pass $proxy_pass_url;
> # proxy_pass http://ClearwaterEscapes.com:81/camp/
> <http://ClearwaterEscapes.com:81/camp/> ;
> } # end of location block
>
> location ~* ^/House/ {
> set $proxy_pass_url http://ClearwaterEscapes.com:81/house/
> <http://ClearwaterEscapes.com:81/house/>;
> proxy_pass $proxy_pass_url;
> } # end of location block
>
> } # end of ClearwaterEscapes server block
>
> server { # configuration of freshpondrentals HTTP virtual
> port 80
> server
> listen 80;
> server_name freshpondrentals.com
> <http://freshpondrentals.com> www.freshpondrentals.com
> <http://www.freshpondrentals.com>;
>
> location / {
> # send local host requests of the form
> http://freshpondrentals.com to
> # http://freshpondrentals.com:8080/vo/camb
>
> proxy_pass http://freshpondrentals.com:8080/vo/camb/;
> } # end of location block
>
> location /StudioApartment/ {
> # send local host requests of the form
> # http://freshpondrentals.com/camb/StudioApartment
> # to
> # http://freshpondrentals.com:8080/vo/camb/StudioApartment
> proxy_pass
> http://freshpondrentals.com:8080/vo/camb/StudioApartment/index.jsp/;
> } # end of location block
>
> } # end of freshpondrentals server block
>
> server { # configuration of oppsprops HTTP virtual port 80 server
> listen 80;
> server_name oppsprops.com <http://oppsprops.com>
> www.oppsprops.com <http://www.oppsprops.com>;
>
> # listen 443 ssl;
> # ssl_certificate "C:/nginx/conf/ssl/certs/oppsprops.com.crt";
> # ssl_certificate_key "C:/nginx/conf/ssl/keys/oppsprops.com.key";
> #
> # location / {
> # proxy_pass http://oppsprops.com:81/;
> # } # end of location block
>
> location ~ /.jsp$ {
> set $proxy_pass_url http://oppsprops.com:8080;
> proxy_pass $proxy_pass_url;
> } # end of location block
>
> location / {
> proxy_pass http://oppsprops.com:8080/;
> } # end of location block
> } # end of oppsprops server block
>
> } # end of http block
>
>
>
>
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> https://mailman.nginx.org/mailman/listinfo/nginx
>
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> https://mailman.nginx.org/mailman/listinfo/nginx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20240203/f0525f6c/attachment-0001.htm>