mod_websocket icon indicating copy to clipboard operation
mod_websocket copied to clipboard

Published 20 hours ago verified publisher icon nori0428

Permission denied error when trying to connect to socket.

Open Trinadh1729 opened this issue 7 years ago • 0 comments

Issue: When lighttpd is run as "lighttpd" user. I could not work with websockets. Am getting permission denied error. (errno: 13)

log:

Jan 15 07:42:40 (none) lighttpd[1077]: (mod_websocket.c.340) /tcp_proxy is match WebSocket extension: ^\/tcp_proxy\/* 
Jan 15 07:42:40 (none) lighttpd[1077]: (mod_websocket_handshake.c.98) allowed origins are not specified 
Jan 15 07:42:40 (none) lighttpd[1077]: (mod_websocket.c.534) works as WebSocket-TCP Proxy 
Jan 15 07:42:40 (none) lighttpd[1077]: (mod_websocket.c.545) WebSocket Version = 13 
Jan 15 07:42:40 (none) lighttpd[1077]: (mod_websocket.c.552) will recv text data from backend 
Jan 15 07:42:40 (none) lighttpd[1077]: (mod_websocket.c.151) try to connect backend -> 127.0.0.1 : 10000 
Jan 15 07:42:40 (none) lighttpd[1077]: (mod_websocket.c.156) fail to connect

websocket.conf:

server.modules += ( "mod_websocket" )
websocket.server = (
                     # WebSocket-TCP Proxy
                     "^\/tcp_proxy\/*" => ( "host" => "127.0.0.1",
                                       "port" => 10000,
                                       "proto" => "tcp" )
                   )
websocket.ping_interval = 5 # send PING per 5 secs
websocket.timeout = 30      # disconnect a client when not to recv PONG for 30 secs
websocket.debug = 4         # LOG_DEBUG

lighttpd.conf:

var.log_root    = "/var/log"
var.server_root = "/opt/lighttpd/public"
var.state_dir   = "/tmp"
var.home_dir    = "/var/lib/lighttpd"
var.conf_dir    = "/etc/lighttpd"

var.socket_dir  = home_dir + "/sockets"

server.modules += (
  "mod_rewrite",
  "mod_setenv",
)

include "conf.d/websocket.conf"

server.modules += ( "mod_fastcgi" )
fastcgi.debug = 1

fastcgi.server += (
                  "/srv/" =>
                     ((
                       "socket" => "/tmp/sysser.socket",
                       "bin-path" => "/opt/lighttpd/bin/sysser.fcgi",
                       "max-procs" => 1,
                       "check-local" => "disable"
                     )),
                  )

fastcgi.server += (
        "/rest/1.0" =>
        ((
                "socket" => "/tmp/restapi.socket",
                "bin-path" => "/opt/lighttpd/bin/restapi.fcgi",
                "max-procs" => 1,
                "check-local" => "disable"
        )),
)


server.modules += ( "mod_cgi" )
$HTTP["request-method"] =~ "(GET|POST)" {
$HTTP["url"] =~ "^/cgi/" {
   cgi.assign = ( ".cgi" => "" )
}

server.port = 80
$SERVER["socket"] == "[::]:80" {
server.use-ipv6 = "enable"
}

server.username  = "lighttpd"
server.groupname = "lighttpd"

server.document-root = server_root

server.pid-file = "/var/run/lighttpd.pid"

server.event-handler = "linux-sysepoll"

server.max-fds = 2048

server.stat-cache-engine = "simple"

$HTTP["url"] =~ "\.*$" {
  setenv.add-response-header = (
    "X-Content-Type-Options" => "nosniff",
    "X-XSS-Protection" => "1; mode=block"
 )
}

I am running tcpserver on port 10000. https://www.cs.cmu.edu/afs/cs/academic/class/15213-f99/www/class26/tcpserver.c

Nothing fancy, am trying to verify the echo from websocket on console. I am doing the following on client side:

 <script>
     var ws;                                                                                    
     var data = "";                                                                                    
     window.onload = function() {                                                                      
       ws = new WebSocket('ws://192.168.1.1/tcp_proxy');      
       data = "Hello from websocket";                                          
       ws.onopen = function(e) { 
                                  console.log("ws.onopen called");
                                  ws.send(data + '\n'); 
                                  console.log("sent");
                             };                
       ws.onmessage = function(e) { console.log("ws.onmessage " + e.data); };
       console.log("sending [" + data + "] on web-socket");
       ws.onclose = function() { console.log("ws.onclose called"); };                                        
    }; 
 </script>

Could you let me know what is wrong here ?

Note: If lighttpd is run as root user, i have no issues. Issue happens only when lighttpd is run as "lighttpd" user.

Strace when lighttpd is run as "root" user:

socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 16
fcntl64(16, F_GETFL)                    = 0x2 (flags O_RDWR)
fcntl64(16, F_SETFL, O_RDWR|O_NONBLOCK) = 0
connect(16, {sa_family=AF_INET, sin_port=htons(10000), sin_addr=inet_addr("127.0.0.1")}, 16) = -1 EINPROGRESS (Operation now in progress)
poll([{fd=16, events=POLLOUT}], 1, 5000) = 1 ([{fd=16, revents=POLLOUT}])
getsockopt(16, SOL_SOCKET, SO_ERROR, [0], [4]) = 0
gettimeofday({1312273, 200491}, NULL)   = 0
send(3, "<27>Jan 16 04:31:13 lighttpd[426"..., 90, MSG_NOSIGNAL) = 90
setsockopt(16, SOL_TCP, TCP_NODELAY, [1], 4) = 0
setsockopt(15, SOL_TCP, TCP_NODELAY, [1], 4) = 0
epoll_ctl(7, EPOLL_CTL_ADD, 16, {EPOLLIN|EPOLLERR|EPOLLHUP, {u32=16, u64=16}}) = 0

Strace when lighttpd is run as "lighttpd" user:

send(3, "<27>Jan 16 04:35:34 lighttpd[546"..., 102, MSG_NOSIGNAL) = 102
socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = -1 EACCES (Permission denied)
gettimeofday({1312534, 511756}, NULL)   = 0
send(3, "<27>Jan 16 04:35:34 lighttpd[546"..., 126, MSG_NOSIGNAL) = 126
gettimeofday({1312534, 512078}, NULL)   = 0
send(3, "<27>Jan 16 04:35:34 lighttpd[546"..., 74, MSG_NOSIGNAL) = 74

Thanks & Regards, Trinadh

Trinadh1729 avatar Sep 13 '17 13:09 Trinadh1729