Error starting - port 443: [Errno 13] - Centos 6 Minimal

Dev Community Apps & Creations
1

Hi All,

 

I'm currently getting a "WebServer: Failed to connect to HTTPS on 127.0.0.1 port 443: [Errno 13] Permission denied" if 'enable_webserver_ssl=True' in Settings.cfg, that prevents PlexConnect starting.

 

I'm having trouble on a Minimal Centos 6.5 and Centos 6.6 servers.

 

PMS version is 0.9.11.4, PlexConnect version is 0.4-1.el6.noarch. Client will be ATV 3. The PMS has a static IP, and PlexConnect is being installed on the same machine as the PMS.

 

PMS works fine with the build via a broswer.

 

Note: I'm currently having this problem within VMWare Virtual Machines. The VM network has been setup with a bridged connection, so the VM's have their own IP on the network.

<span style="color:rgb(34,34,34);font-family:'Helvetica Neue', Arial, Verdana, sans-serif;font-size:14px;">I don't get an error if '</span><span style="color:rgb(34,34,34);font-family:Menlo;font-size:11px;">enable_webserver_ssl=False'</span><span style="color:rgb(34,34,34);font-family:'Helvetica Neue', Arial, Verdana, sans-serif;font-size:14px;">&nbsp;in Settings.cfg, in fact I can download the Certificate via Ethernet as documented </span><a data-ipb='nomediaparse' href='https://github.com/iBaa/PlexConnect/wiki/Install-Guide-Certificate-via-Ethernet'>here</a><span style="color:rgb(34,34,34);font-family:'Helvetica Neue', Arial, Verdana, sans-serif;font-size:14px;">.</span>

 

<span style="color:rgb(34,34,34);font-family:'Helvetica Neue', Arial, Verdana, sans-serif;font-size:14px;">Below is the PlexConnect.log</span>

[plex@pmsc66 ~]$ more PlexConnect.log
13:24:16 PlexConnect: started: 13:24:16
13:24:16 PlexConnect: Version: 0.5-dev
13:24:16 PlexConnect: Python: 2.7.8 (default, Jul  3 2014, 18:29:03) 
[GCC 4.4.7 20120313 (Red Hat 4.4.7-4)]
13:24:16 PlexConnect: Host OS: linux2
13:24:16 PlexConnect: PILBackgrounds: Is PIL installed? False
13:24:16 Settings: getsetting enable_plexconnect_autodetect=False
13:24:16 Settings: getsetting ip_plexconnect=127.0.0.1
13:24:16 PlexConnect: IP_self (from settings): 127.0.0.1
13:24:16 Settings: getsetting hosttointercept=trailers.apple.com
13:24:16 ATVSettings: init class CATVSettings
13:24:16 ATVSettings: load settings
13:24:16 Settings: getsetting enable_dnsserver=False
13:24:16 WebServer: started: 13:24:16
13:24:16 Settings: getsetting port_webserver=8080
13:24:16 WebServer: ***
13:24:16 WebServer: WebServer: Serving HTTP on 127.0.0.1 port 8080.
13:24:16 WebServer: ***
13:24:16 Settings: getsetting enable_webserver_ssl=True
13:24:16 WebServer: started: 13:24:16
13:24:16 Settings: getsetting port_ssl=443
13:24:16 Settings: getsetting certfile=/etc/pki/plexconnect/trailers.pem
13:24:16 Settings: getsetting certfile=/etc/pki/plexconnect/trailers.pem
13:24:16 WebServer: Failed to connect to HTTPS on 127.0.0.1 port 443: [Errno 13] Permission denied
13:24:16 PlexConnect: WebServer_SSL not alive. Shutting down.
13:24:16 PlexConnect: Shutting down.
13:24:17 WebServer: Shutting down (HTTP).
13:24:17 ATVSettings: save settings
13:24:17 PlexConnect: shutdown
13:24:17 ATVSettings: save settings
13:24:17 PlexConnect: shutdown

It appears that there is a permission error and that something else is running on 443. But I'm confused with what and how. The joy of trying this for the first time.

 

Results of 'lsof -i -P' :

[plex@pmsc66 ~]$ sudo service plexconnect stop
Stopping PlexConnect:                                      [FAILED]
[plex@pmsc66 ~]$ sudo service plexconnect status
python2.7 is stopped
[plex@pmsc66 ~]$ sudo lsof -i -P |grep :443
httpd   1164   root    6u  IPv6   9814      0t0  TCP *:443 (LISTEN)
httpd   1167 apache    6u  IPv6   9814      0t0  TCP *:443 (LISTEN)
httpd   1168 apache    6u  IPv6   9814      0t0  TCP *:443 (LISTEN)
httpd   1171 apache    6u  IPv6   9814      0t0  TCP *:443 (LISTEN)
httpd   1172 apache    6u  IPv6   9814      0t0  TCP *:443 (LISTEN)
httpd   1173 apache    6u  IPv6   9814      0t0  TCP *:443 (LISTEN)
httpd   1174 apache    6u  IPv6   9814      0t0  TCP *:443 (LISTEN)
httpd   1175 apache    6u  IPv6   9814      0t0  TCP *:443 (LISTEN)
httpd   1176 apache    6u  IPv6   9814      0t0  TCP *:443 (LISTEN)
[plex@pmsc66 ~]$

The certificates are available to the plex user, as I was able to download the profile using the Certificates via Ethernet.

 

My Plex Media Server install on minimal Centos is documented here (sorry it is very detailed):

 

I have followed the PlexConnect Redhat install guide here.

 

I have reproduced the problem on clean Centos 6.5 and 6.6 installs with the same problem.

 

While troubleshooting I disable iptables.

 

My Settings.cfg is:

[PlexConnect]
enable_plexgdm = True
ip_pms = 127.0.0.1
port_pms = 32400
enable_dnsserver = False
port_dnsserver = 53
ip_dnsmaster = 127.0.0.1
prevent_atv_update = False
enable_plexconnect_autodetect = False
ip_plexconnect = 127.0.0.1
hosttointercept = trailers.apple.com
port_webserver = 8080
enable_webserver_ssl = True
port_ssl = 443
certfile = /etc/pki/plexconnect/trailers.pem
loglevel = High
logpath = /var/log/plexconnect

My PlexConnect httpd plexconnect.conf file is:

NameVirtualHost *:80
NameVirtualHost *:443

<VirtualHost *:80>

ServerName trailers.apple.com

ServerAlias secure.marketwatch.com

ProxyRequests Off

ProxyPreserveHost On

BrowserMatch “^(iTunes-)?AppleTV” appletv


ErrorLog logs/plexconnect-error_log
CustomLog logs/plexconnect-access_log combined

<Proxy *>
    Order deny,allow
    Deny from all
    Allow from env=appletv
</Proxy>

ProxyPass / http://localhost:8080/ nocanon
ProxyPassReverse / http://localhost:8080/




<VirtualHost *:443>

ServerName trailers.apple.com

ServerAlias secure.marketwatch.com

ProxyRequests Off

ProxyPreserveHost On

BrowserMatch “^(iTunes-)?AppleTV” appletv


SSLEngine on
SSLProxyEngine On
SSLProtocol all -SSLv2
SSLCertificateFile /etc/pki/plexconnect/trailers.cer
SSLCertificateKeyFile /etc/pki/plexconnect/trailers.key

ErrorLog logs/plexconnect-error_log
CustomLog logs/plexconnect-access_log combined

<Proxy *>
    Order deny,allow
    Deny from all
    Allow from env=appletv
</Proxy>

ProxyPass / http://localhost:8080/ nocanon
ProxyPassReverse / http://localhost:8080/

When I go to 'https://192.168.1.100' (example IP of my PMS), in a browser on another PC, I get a: 

Forbidden

You don’t have permission to access / on this server.


Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

I get the same error above when I try 'http://192.168.1.100'.

 

However if I go to 'http://192.168.1.100:443' I get the follow (expected error as it is a SSL port) that contains a reference to trailers.apple.com. 

Bad Request

Your browser sent a request that this server could not understand.

Reason: You’re speaking plain HTTP to an SSL-enabled server port.

Instead use the HTTPS scheme to access this URL, please.

Hint: https://trailers.apple.com/

I'm just wondering if anyone knows what is not right? or what things can I  check.

 

Thanks in advance

 

 

2

You need to set enable_webserver_ssl=False, as Apache is doing the SSL translation for PlexConnect.  PlexConnect will listen on port 8080 so it can run as a normal user without superuser privileges.

As for the Forbidden message, that's expected.  The Apache virtual host config only allows browsers that match AppleTVs (for additional security).

ip_pms should be set to 192.168.1.100 in Settings.cfg

3

Thanks, that makes sense.

4

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.