UniFi manager for Ubiquiti - cannot access https://localhost:8443/

audiomuze · 2018-02-03 22:12:12

Running 4.14.15-1-ARCH

I installed unifi 5.6.30-1 from AUR without any issues.

systemctl status unifi and systemctl status mongodb return the following respectively:

● unifi.service - Ubiquiti UniFi Server
   Loaded: loaded (/usr/lib/systemd/system/unifi.service; enabled; vendor preset: disabled)
   Active: active (running) since Sat 2018-02-03 11:28:25 GMT; 10h ago
 Main PID: 1106 (java)
    Tasks: 867 (limit: 4915)
   CGroup: /system.slice/unifi.service
           └─1106 /usr/bin/java -jar /usr/lib/unifi/lib/ace.jar start

Feb 03 11:28:25 ryzen java[1106]:         at org.apache.log4j.LogManager.<clinit>(LogManager.java:127)
Feb 03 11:28:25 ryzen java[1106]:         at org.apache.log4j.Logger.getLogger(Logger.java:104)
Feb 03 11:28:25 ryzen java[1106]:         at com.ubnt.service.B.oooo.o00000(Unknown Source)
Feb 03 11:28:25 ryzen java[1106]:         at com.ubnt.service.B.oooo.<clinit>(Unknown Source)
Feb 03 11:28:25 ryzen java[1106]:         at com.ubnt.ace.Launcher.<clinit>(Unknown Source)
Feb 03 11:28:26 ryzen java[1106]: WARNING: An illegal reflective access operation has occurred
Feb 03 11:28:26 ryzen java[1106]: WARNING: Illegal reflective access by org.springframework.cglib.core.ReflectUtils$2 (file:/usr/lib/unifi/lib/spring-core-3.2.8.RELEASE.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.Protecti
Feb 03 11:28:26 ryzen java[1106]: WARNING: Please consider reporting this to the maintainers of org.springframework.cglib.core.ReflectUtils$2
Feb 03 11:28:26 ryzen java[1106]: WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
Feb 03 11:28:26 ryzen java[1106]: WARNING: All illegal access operations will be denied in a future release

● mongodb.service - High-performance, schema-free document-oriented database
   Loaded: loaded (/usr/lib/systemd/system/mongodb.service; enabled; vendor preset: disabled)
   Active: active (running) since Sat 2018-02-03 11:28:25 GMT; 10h ago
 Main PID: 1105 (mongod)
    Tasks: 23 (limit: 4915)
   CGroup: /system.slice/mongodb.service
           └─1105 /usr/bin/mongod --quiet --config /etc/mongodb.conf

Feb 03 11:28:25 ryzen systemd[1]: Started High-performance, schema-free document-oriented database.

So as far as I can ascertain everything that should be running is up.

However, when attempting to access https://localhost:8443/ I get an invalid certificate message:

Your connection is not private
Attackers might be trying to steal your information from 192.168.1.103 (for example, passwords, messages or credit cards). Learn more
NET::ERR_CERT_AUTHORITY_INVALID
 
Automatically send some system information and page content to Google to help detect dangerous apps and sites. Privacy Policy
This server could not prove that it is 192.168.1.103; its security certificate is not trusted by your computer's operating system. This may be caused by a misconfiguration or an attacker intercepting your connection.

If I elect to continue anyway the browser goes into wait mode and that's the end of it.

/opt/unifi/logs is empty
/var/log/mongodb/mongod.log contains:

2018-02-03T11:28:25.454+0000 I CONTROL  [initandlisten] MongoDB starting : pid=1105 port=27017 dbpath=/var/lib/mongodb 64-bit host=ryzen
2018-02-03T11:28:25.454+0000 I CONTROL  [initandlisten] db version v3.6.2
2018-02-03T11:28:25.454+0000 I CONTROL  [initandlisten] git version: 489d177dbd0f0420a8ca04d39fd78d0a2c539420
2018-02-03T11:28:25.454+0000 I CONTROL  [initandlisten] OpenSSL version: OpenSSL 1.1.0g  2 Nov 2017
2018-02-03T11:28:25.454+0000 I CONTROL  [initandlisten] allocator: tcmalloc
2018-02-03T11:28:25.454+0000 I CONTROL  [initandlisten] modules: none
2018-02-03T11:28:25.454+0000 I CONTROL  [initandlisten] build environment:
2018-02-03T11:28:25.454+0000 I CONTROL  [initandlisten]     distarch: x86_64
2018-02-03T11:28:25.454+0000 I CONTROL  [initandlisten]     target_arch: x86_64
2018-02-03T11:28:25.454+0000 I CONTROL  [initandlisten] options: { config: "/etc/mongodb.conf", net: { bindIp: "127.0.0.1" }, storage: { dbPath: "/var/lib/mongodb" }, systemLog: { destination: "file", logAppend: true, path: "/var/log/mongodb/mongod.log", quiet: true } }
2018-02-03T11:28:25.455+0000 I -        [initandlisten] Detected data files in /var/lib/mongodb created by the 'wiredTiger' storage engine, so setting the active storage engine to 'wiredTiger'.
2018-02-03T11:28:25.455+0000 I STORAGE  [initandlisten] 
2018-02-03T11:28:25.455+0000 I STORAGE  [initandlisten] ** WARNING: Using the XFS filesystem is strongly recommended with the WiredTiger storage engine
2018-02-03T11:28:25.455+0000 I STORAGE  [initandlisten] **          See http://dochub.mongodb.org/core/prodnotes-filesystem
2018-02-03T11:28:25.455+0000 I STORAGE  [initandlisten] wiredtiger_open config: create,cache_size=15571M,session_max=20000,eviction=(threads_min=4,threads_max=4),config_base=false,statistics=(fast),log=(enabled=true,archive=true,path=journal,compressor=snappy),file_manager=(close_idle_time=100000),statistics_log=(wait=0),verbose=(recovery_progress),
2018-02-03T11:28:25.605+0000 I STORAGE  [initandlisten] WiredTiger message [1517657305:605122][1105:0x7f9403693a80], txn-recover: Main recovery loop: starting at 6/768
2018-02-03T11:28:25.691+0000 I STORAGE  [initandlisten] WiredTiger message [1517657305:691094][1105:0x7f9403693a80], txn-recover: Recovering log 6 through 7
2018-02-03T11:28:25.741+0000 I STORAGE  [initandlisten] WiredTiger message [1517657305:741203][1105:0x7f9403693a80], txn-recover: Recovering log 7 through 7
2018-02-03T11:28:25.821+0000 I CONTROL  [initandlisten] 
2018-02-03T11:28:25.822+0000 I CONTROL  [initandlisten] ** WARNING: Access control is not enabled for the database.
2018-02-03T11:28:25.822+0000 I CONTROL  [initandlisten] **          Read and write access to data and configuration is unrestricted.
2018-02-03T11:28:25.822+0000 I CONTROL  [initandlisten] 
2018-02-03T11:28:25.822+0000 I CONTROL  [initandlisten] 
2018-02-03T11:28:25.822+0000 I CONTROL  [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'.
2018-02-03T11:28:25.822+0000 I CONTROL  [initandlisten] **        We suggest setting it to 'never'
2018-02-03T11:28:25.822+0000 I CONTROL  [initandlisten] 
2018-02-03T11:28:25.841+0000 I FTDC     [initandlisten] Initializing full-time diagnostic data capture with directory '/var/lib/mongodb/diagnostic.data'
2018-02-03T11:28:25.842+0000 I NETWORK  [initandlisten] waiting for connections on port 27017

Any ideas where to look next??

Last edited by audiomuze (2018-02-03 22:16:38)

audiomuze · 2018-02-04 20:16:14

Anyone, no thoughts or clues?

fukawi2 · 2018-02-04 23:20:53

Please don't bump.

What is the output of `ss -tnlp | column -t`, `ip a s` and `iptables-save`?

audiomuze · 2018-02-05 08:18:39

Thanks for assisting, much appreciated.

After restarting this morning I checked status of mongodb and unifi, seems nothing's changed:

$ systemctl status unifi mongodb
● unifi.service - Ubiquiti UniFi Server
   Loaded: loaded (/usr/lib/systemd/system/unifi.service; enabled; vendor preset: disabled)
   Active: active (running) since Mon 2018-02-05 07:46:08 GMT; 37min ago
 Main PID: 1152 (java)
    Tasks: 867 (limit: 4915)
   CGroup: /system.slice/unifi.service
           └─1152 /usr/bin/java -jar /usr/lib/unifi/lib/ace.jar start

● mongodb.service - High-performance, schema-free document-oriented database
   Loaded: loaded (/usr/lib/systemd/system/mongodb.service; enabled; vendor preset: disabled)
   Active: active (running) since Mon 2018-02-05 07:46:08 GMT; 37min ago
 Main PID: 1150 (mongod)
    Tasks: 23 (limit: 4915)
   CGroup: /system.slice/mongodb.service
           └─1150 /usr/bin/mongod --quiet --config /etc/mongodb.conf

Re your asks:

$ ss -tnlp | column -t
State   Recv-Q  Send-Q  Local            Address:Port  Peer  Address:Port
LISTEN  0       128     0.0.0.0:22       0.0.0.0:*           
LISTEN  0       128     127.0.0.1:27017  0.0.0.0:*           
LISTEN  0       128     [::]:22          [::]:*              
LISTEN  0       100     *:8443           *:*                 
LISTEN  0       100     *:8843           *:*                 
LISTEN  0       100     *:8880           *:*                 
LISTEN  0       100     *:8080           *:*

$ ip a s
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp10s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 70:85:c2:5a:f9:ea brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.103/24 brd 192.168.1.255 scope global enp10s0
       valid_lft forever preferred_lft forever
3: wlp9s0: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN group default qlen 1000
    link/ether a6:ca:6d:64:85:bb brd ff:ff:ff:ff:ff:ff

/proc/net/ip_tables_names is empty.

Last edited by audiomuze (2018-02-05 08:28:28)

fukawi2 · 2018-02-05 22:17:16

Well nothing stands out to me there sorry. The only times I've seen similar behaviour with Unifi Controller in the past it was mongodb having a cry over something, but I found that in the logs and your logs look clean.

Arch Linux

#1 2018-02-03 22:12:12

UniFi manager for Ubiquiti - cannot access https://localhost:8443/

#2 2018-02-04 20:16:14

Re: UniFi manager for Ubiquiti - cannot access https://localhost:8443/

#3 2018-02-04 23:20:53

Re: UniFi manager for Ubiquiti - cannot access https://localhost:8443/

#4 2018-02-05 08:18:39

Re: UniFi manager for Ubiquiti - cannot access https://localhost:8443/

#5 2018-02-05 22:17:16

Re: UniFi manager for Ubiquiti - cannot access https://localhost:8443/

Board footer