HTTP status page is not displayed in IRRd 4.3.0
Closed this issue · 4 comments
I am trying to upgrade to 4.3.0 in a test environment.
After the upgrade, the HTTP status page does not appear.
When I start the irrd service, irrd-http-server-manager and irrd-http-server-listener are not started.
I do not use https, do I need to run nginx?
$ systemctl status irrd
● irrd.service - IRRD4 Service
Loaded: loaded (/usr/lib/systemd/system/irrd.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2023-08-04 11:04:02 JST; 7min ago
Main PID: 1886429 (irrd)
Tasks: 23 (limit: 307810)
Memory: 2.4G
CGroup: /system.slice/irrd.service
tq1886429 /home/irrd/irrd-venv/bin/python3.7 /home/irrd/irrd-venv/bin/irrd --foreground --config=/home/>
tq1886434 irrd-whois-server-listener
tq1886435 irrd-preload-store-manager
tq1886439 irrd-whois-worker
tq1886441 irrd-whois-worker
tq1886443 irrd-whois-worker
tq1886445 irrd-whois-worker
tq1886447 irrd-whois-worker
tq1886448 irrd-whois-worker
tq1886453 irrd-whois-worker
tq1886456 irrd-whois-worker
tq1886459 irrd-whois-worker
mq1886466 irrd-whois-worker
8月 04 11:04:02 irrd1.jpix.ad.jp systemd[1]: Started IRRD4 Service.
$ cat /home/irrd/irrd.yaml
irrd:
database_url: 'postgresql://irrd:irrd@localhost:5432/irrd'
redis_url: 'unix:///var/run/redis/redis.sock'
piddir: /home/irrd/
user: irrd
group: irrd
access_lists:
http_database_status:
- '127.0.0.1'
- '192.168.0.0/16'
server:
http:
status_access_list: http_database_status
interface: '::0'
port: 80
whois:
interface: '::0'
max_connections: 10
port: 43
compatibility:
inetnum_search_disabled: true
auth:
gnupg_keyring: /home/irrd/gnupg-keyring/
email:
from: example@example.com
smtp: localhost
log:
logfile_path: /var/log/irrd/irrd.log
level: DEBUG
rpki:
roa_source: null
sources_default:
- RADB
sources:
RADB:
authoritative: false
keep_journal: true
import_serial_source: 'ftp://ftp.radb.net/radb/dbase/RADB.CURRENTSERIAL'
import_source: 'ftp://ftp.radb.net/radb/dbase/radb.db.gz'
import_timer: 3600
nrtm_host: whois.radb.net
nrtm_port: 43
object_class_filter:
- as-set
- aut-num
- filter-set
- inet-rtr
- key-cert
- mntner
- peering-set
- route
- route6
- route-set
- rtr-set
execution environment
CentOS Linux release 8.2.2004 (Core)
Python 3.7.7
postgres (PostgreSQL) 10.14
Redis server v=5.0.3 sha=00000000:0 malloc=jemalloc-5.1.0 bits=64 build=28849dbea6f07cc8
Do the log files around startup reveal anything? Do they show any lines for uvicorn (the web server)?
The log recorded "[uvicorn.error#ERROR] [Errno 13] Permission denied".
Is there any prospect for improvement of this phenomenon?
Is there any prospect for improvement of this phenomenon?
Missed that previous comment. Binding to a privileged port for HTTP is unsupported, as there is no reason to: if the HTTP interface is available to users or admins, it is recommended to use an HTTPS proxy in front. If it is not accessible, there is no need to run it on a privileged port.