Question

Ubuntu 20.04 Droplet "Port 80 in use" SSL Error?

Posted May 23, 2021 325 views
ApacheCloud ComputingUbuntu 20.04DigitalOcean Droplets

Hi, I’m following a Video on YouTube…

https://www.youtube.com/watch?v=S6S5JF6Gou0

I have an Ubuntu 20.04 Droplet. With a Floating IP. Is connected to Digital Ocean Nameservers. No problem. SSH connects on Termius. The Domain was purchased from Namecheap. 1 year free with my GitHub Student Pack. I also have an SSL from Namecheap. Free for a year. The SSL is installed on my Droplet. It works. My Domain connects. On a web browser. It converts http to https. And it shows an Apache page. I’m using Apache. On my Droplet.

I installed GoPhish. Like the video. GoPhish on my Droplet. When I try to run gophish, I get an error. The error is below…

"Starting admin server at https://0.0.0.0:1724"
time="2021-05-23T02:59:54Z" level=info msg="Background Worker Started Successfully - Waiting for Campaigns"
time="2021-05-23T02:59:54Z" level=info msg="Starting IMAP monitor manager"
time="2021-05-23T02:59:54Z" level=info msg="Starting new IMAP monitor for user admin"
time="2021-05-23T02:59:54Z" level=info msg="Starting phishing server at https://0.0.0.0:80"
time="2021-05-23T02:59:54Z" level=fatal msg="listen tcp 0.0.0.0:80: bind: address already in use"

That’s with Apache running. I shut down apache2. And got this (port 80 is fine..)

"Starting admin server at https://0.0.0.0:1724"
time="2021-05-23T03:02:04Z" level=info msg="Background Worker Started Successfully - Waiting for Campaigns"
time="2021-05-23T03:02:04Z" level=info msg="Starting IMAP monitor manager"
time="2021-05-23T03:02:04Z" level=info msg="Starting new IMAP monitor for user admin"
time="2021-05-23T03:02:04Z" level=info msg="Starting phishing server at https://0.0.0.0:80"

Then I entered my Droplets IP. (Floating or not.) And port 1724. Like the Video. From my config.json. It times out and doesn’t connect. In the Browser. No Landing Page.

Also, this is my second Digital Ocean Droplet. The first destroyed 6 months ago. I had gophish installed correctly. Connected to IP and Port. The only difference is, I didn’t have an SSL. Never installed. So, I’m guessing the SSL is the problem???

Here’s my config.json file…

{
        "admin_server": {
                "listen_url": "0.0.0.0:1724",
                "use_tls": true,
                "cert_path": "gophish_admin.crt",
                "key_path": "gophish_admin.key"
        },
        "phish_server": {
                "listen_url": "0.0.0.0:80",
                "use_tls": true,
                "cert_path": "redteamserver.me.crt",
                "key_path": "redteamserver.me.key"
        },
        "db_name": "sqlite3",
        "db_path": "gophish.db",
        "migrations_prefix": "db/db_",
        "contact_address": "",
        "logging": {
                "filename": "",
                "level": ""
        }
}

Actual .crt and .key. From Namecheap. Download.

So, how do I run GoPhish? With Port 80/443? Can I use any random Port? In config.json? Or how do I run both? Apache and Gophish? At the same time? Domain and Remote IP? Digital Ocean IP. Both.

AND is my SSL the problem? Please take a look and reply. With instructions. Thanks

edited by MattIPv4

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
1 answer

Hi there @michaelheld4,

As the GoPhish server also listens on port 80 as well as Apache this is why you got the error initially. You can not have more than service listening one port, this is why after stopping Apache, you were able to start the GoPhish service.

What I would suggest is disabling Apache so that the next time you restart the Droplet, the Apache service would not start and cause problems due to the conflicting port:

systemctl disable apache2

Regarding the SSL problem, at the moment in your GoPhish configuration, you have only port 80 specified, this is the HTTP port. In order to use HTTPS, you also need to define port 443 in there.

You should be able to do this with the following:

...
        "phish_server" : {
                "listen_url" : "0.0.0.0:443",
                "use_tls" : true,
                "cert_path" : "[DOMAIN].crt",
                "key_path": "[DOMAIN].key"
        },
...

Let me know how it goes.

Regards,
Bobby

  • Hi, I’m back. I added https:// to my server. And disabled Apache. Now, when I try to connect to gophish it times out. No connection. I tried my Default Droplet IP and Floating IP. Won’t connect. No GoPhish. I tried “My Droplet IPv4” Port 443. My browser says “404 page not found.” The server reacts to input while using IP:443. I think it says the TLS Cert isn’t good. Port 1724 (from the Video) times out. No “404 page not found.” I’m attaching a screenshot. And the error… Please reply. Thanks

    time="2021-05-26T05:17:05Z" level=info msg="Starting admin server at https://0.0.0.0:1724"
    time="2021-05-26T05:17:05Z" level=info msg="Background Worker Started Successfully - Waiting for Campaigns"
    time="2021-05-26T05:17:05Z" level=info msg="Starting IMAP monitor manager"
    time="2021-05-26T05:17:05Z" level=info msg="Starting new IMAP monitor for user admin"
    time="2021-05-26T05:17:05Z" level=info msg="Starting phishing server at https://0.0.0.0:443"
    2021/05/26 05:18:07 http: TLS handshake error from 94.140.9.96:54170: remote error: tls: unknown certificate
    time="2021-05-26T05:18:07Z" level=info msg="94.140.9.96 - - [26/May/2021:05:18:07 +0000] \"GET / HTTP/2.0\" 404 19 \"\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66\""
    2021/05/26 05:18:20 http: TLS handshake error from 94.140.9.96:55072: remote error: tls: unknown certificate
    time="2021-05-26T05:18:20Z" level=info msg="94.140.9.96 - - [26/May/2021:05:18:20 +0000] \"GET / HTTP/2.0\" 404 19 \"\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66\""
    2021/05/26 05:20:46 http: TLS handshake error from 94.140.9.96:64918: remote error: tls: unknown certificate
    time="2021-05-26T05:20:46Z" level=info msg="94.140.9.96 - - [26/May/2021:05:20:46 +0000] \"GET / HTTP/2.0\" 404 19 \"\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66\""
    time="2021-05-26T05:20:53Z" level=info msg="94.140.9.96 - - [26/May/2021:05:20:53 +0000] \"GET / HTTP/2.0\" 404 19 \"\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66\""
    

    https://drive.google.com/file/d/1MXtNBAj2jOi_PTjTKMyViXlNpvzN_RFM/view?usp=sharing)

    edited by MattIPv4
    • Hi there,

      Regarding the timeout, is port 443 open for incoming connections via your firewall?

      The SSL warning will show up in case that you are using a self-signed certificate. To prevent the SSL warnings, you could use Let’s Encrypt. You could follow the steps here with GoPhish.

      Regards,
      Bobby