Webinterface keeps running after Stopping Uhttpd

Hey Everyone,

i am currently using OpenWrt 23.05.0 on my TP-Link TL-WDR3600 v1.

I have the phenomenon that the Webinterface keeps running after stopping the UHTTPd. Even if i type
/etc/init.d/uhttpd stop
and
Service uhttpd stop.

Can you help me where the Problem is?

After configuring the router i do not more need the interface at the moment so i want to shut it down.

Many Thanks

Marco

This statement is based on ...?

Disable service?

Going online and Seeing the working interface.

Yes Service is disabled.

http or hhttps?

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/uhttpd
cat /etc/config/dhcp
cat /etc/config/firewall

Thanks for the help so far. Attached are the requested Files :slight_smile:

root@OpenWRT:~# ubus call system board
{
        "kernel": "5.15.134",
        "hostname": "OpenWRT",
        "system": "Atheros AR9344 rev 2",
        "model": "TP-Link TL-WDR3600 v1",
        "board_name": "tplink,tl-wdr3600-v1",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "23.05.0",
                "revision": "r23497-6637af95aa",
                "target": "ath79/generic",
                "description": "OpenWrt 23.05.0 r23497-6637af95aa"
root@Strahlerouter:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fddf:abef:ccb2::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0.1'
        option ipv6 '0'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '10.10.0.254'
        option netmask '255.255.255.0'
        list dns '1.1.1.1'
        list dns '8.8.8.8'
        list dns '9.9.9.9'
        option delegate '0'

config device
        option name 'eth0.2'
        option macaddr 'x'

config interface 'wan'
        option device 'eth0.2'
        option proto 'dhcp'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0t 2 3t 4 5'
        option vid '1'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '0t 1'
        option vid '2'

config switch_vlan
        option device 'switch0'
        option vlan '3'
        option vid '20'
        option ports '0t 2t 3t 4t 5t 1t'
        option description 'DXNET'

config switch_vlan
        option device 'switch0'
        option vlan '4'
        option vid '30'
        option ports '0t 2t 3t 4t 5t 1t'
        option description 'IOTNET'

config switch_vlan
        option device 'switch0'
        option vlan '5'
        option vid '40'
        option ports '0t 2t 3t 4t 5t 1t'
        option description 'GAST'

config switch_vlan
        option device 'switch0'
        option vlan '6'
        option ports '0t 2t 3t 4t 5t 1t'
        option vid '50'
        option description 'BACKBONE'

config device
        option type 'bridge'
        option name 'br-iot'
        list ports 'eth0.30'
        option macaddr 'x'

config device
        option type 'bridge'
        option name 'br-gast'
        list ports 'eth0.40'
        option macaddr 'x'

config device
        option type 'bridge'
        option name 'br-dxnet'
        list ports 'eth0.20'
        option macaddr 'x'

config device
        option name 'eth0.1'
        option type '8021q'
        option ifname 'eth0'
        option vid '1'
        option macaddr 'x'

config device
        option name 'eth0.20'
        option type '8021q'
        option ifname 'eth0'
        option vid '20'
        option macaddr 'x'

config device
        option name 'eth0.30'
        option type '8021q'
        option ifname 'eth0'
        option vid '30'
        option macaddr 'x'

config device
        option name 'eth0.40'
        option type '8021q'
        option ifname 'eth0'
        option vid '40'
        option macaddr 'x'

config device
        option name 'eth0.50'
        option type '8021q'
        option ifname 'eth0'
        option vid '50'
        option macaddr 'x'

config interface 'DXNET'
        option proto 'static'
        option device 'br-dxnet'
        option ipaddr '10.20.0.254'
        option netmask '255.255.255.0'
        list dns '1.1.1.1'
        list dns '8.8.8.8'

config interface 'IOT'
        option proto 'static'
        option device 'br-iot'
        option ipaddr '10.30.0.253'
        option netmask '255.255.253.0'

config interface 'GAST'
        option proto 'static'
        option device 'br-gast'
        option ipaddr '10.40.0.254'
        option netmask '255.255.255.0'

config interface 'BACKBONE'
        option proto 'static'
        option device 'eth0.50'
        option ipaddr '10.50.0.254'
        option netmask '255.255.255.0'

config interface 'ZerotierVPN'
        option proto 'none'
        option device 'ztxxxxxx'
root@Strahlerouter:~# cat /etc/config/uhttpd
# Server configuration
config uhttpd main

        # HTTP listen addresses, multiple allowed
        list listen_http        0.0.0.0:80
        list listen_http        [::]:80

        # HTTPS listen addresses, multiple allowed
        list listen_https       0.0.0.0:443
        list listen_https       [::]:443

        # Redirect HTTP requests to HTTPS if possible
        option redirect_https   0

        # Server document root
        option home             /www

        # Reject requests from RFC1918 IP addresses
        # directed to the servers public IP(s).
        # This is a DNS rebinding countermeasure.
        option rfc1918_filter 1

        # Maximum number of concurrent requests.
        # If this number is exceeded, further requests are
        # queued until the number of running requests drops
        # below the limit again.
        option max_requests 3

        # Maximum number of concurrent connections.
        # If this number is exceeded, further TCP connection
        # attempts are queued until the number of active
        # connections drops below the limit again.
        option max_connections 100

        # Certificate and private key for HTTPS.
        # If no listen_https addresses are given,
        # the key options are ignored.
        option cert             /etc/uhttpd.crt
        option key              /etc/uhttpd.key

        # CGI url prefix, will be searched in docroot.
        # Default is /cgi-bin
        option cgi_prefix       /cgi-bin

        # List of extension->interpreter mappings.
        # Files with an associated interpreter can
        # be called outside of the CGI prefix and do
        # not need to be executable.
#       list interpreter        ".php=/usr/bin/php-cgi"
#       list interpreter        ".cgi=/usr/bin/perl"

        # List of prefix->Lua handler mappings.
        # Any request to an URL beneath the prefix
        # will be dispatched to the associated Lua
        # handler script. Lua support is disabled when
        # no handler mappings are specified. Lua prefix
        # matches have precedence over the CGI prefix.
        list lua_prefix         "/cgi-bin/luci=/usr/lib/lua/luci/sgi/uhttpd.lua"

        # List of prefix->ucode handler mappings.
        # Any request to an URL beneath the prefix
        # will be dispatched to the associated ucode
        # handler script. Ucode support is disabled when
        # no handler mappings are specified. Ucode prefix
        # matches have precedence over the CGI prefix.
#       list ucode_prefix               "/ucode/example=/usr/share/example.uc"

        # Specify the ubus-rpc prefix and socket path.
#       option ubus_prefix      /ubus
#       option ubus_socket      /var/run/ubus/ubus.sock

        # CGI/Lua timeout, if the called script does not
        # write data within the given amount of seconds,
        # the server will terminate the request with
        # 504 Gateway Timeout response.
        option script_timeout   60

        # Network timeout, if the current connection is
        # blocked for the specified amount of seconds,
        # the server will terminate the associated
        # request process.
        option network_timeout  30

        # HTTP Keep-Alive, specifies the timeout for persistent
        # HTTP/1.1 connections. Setting this to 0 will disable
        # persistent HTTP connections.
        option http_keepalive   20

        # TCP Keep-Alive, send periodic keep-alive probes
        # over established connections to detect dead peers.
        # The value is given in seconds to specify the
        # interval between subsequent probes.
        # Setting this to 0 will disable TCP keep-alive.
        option tcp_keepalive    1

        # Basic auth realm, defaults to local hostname
#       option realm    OpenWrt

        # Configuration file in busybox httpd format
#       option config   /etc/httpd.conf

        # Do not follow symlinks that point outside of the
        # home directory.
#       option no_symlinks      0

        # Do not produce directory listings but send 403
        # instead if a client requests an url pointing to
        # a directory without any index file.
#       option no_dirlists      0

        # Do not authenticate any ubus-rpc requests against
        # the ubus session/access procedure.
        # This is dangerous and should be always left off
        # except for development and debug purposes!
#       option no_ubusauth      0

        # For this instance of uhttpd use the listed httpauth
        # sections to require Basic auth to the specified
        # resources.
#       list httpauth prefix_user


# Defaults for automatic certificate and key generation
config cert defaults

        # Validity time
        option days             730

        # key type: rsa or ec
        option key_type         ec

        # RSA key size
        option bits             2048

        # EC curve name
        # Curve names vary between px5g-{wolfssl,mbedtls} and openssl
        # P-256 or P-384 are guaranteed to work
        option ec_curve         P-256

        # Location
        option country          ZZ
        option state            Somewhere
        option location         Unknown

        # Common name
        option commonname       'OpenWrt'

# config httpauth prefix_user
#       option prefix /protected/url/path
#       option username user
#       option password 'plaintext_or_md5_or_$p$user_for_system_user'
root@Strahlerouter:~# cat /etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'x'
        option expandhosts '1'
        option cachesize '1000'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option localservice '1'
        option ednspacket_max '1232'
        option sequential_ip '1'

config dhcp 'lan'
        option interface 'lan'
        option start '1'
        option limit '5'
        option leasetime '12h'
        option dhcpv4 'server'
        option dynamicdhcp '0'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config dhcp 'DXNET'
        option interface 'DXNET'
        option start '1'
        option limit '3'
        option leasetime '12h'
        option ignore '1'

config dhcp 'IOT'
        option interface 'IOT'
        option start '1'
        option limit '20'
        option leasetime '12h'
        option force '1'

config dhcp 'GAST'
        option interface 'GAST'
        option start '1'
        option limit '50'
        option leasetime '12h'

config dhcp 'BACKBONE'
        option interface 'BACKBONE'
        option start '1'
        option limit '2'
        option leasetime '1h'

config host
        option name 'HN-iPhone14'
        option dns '1'
        option mac 'B
        option ip '10.10.0.3'

config host
        option name 'HN-iPad'
        option dns '1'
        option mac '1
        option ip '10.10.0.4'

config host
        option name 'HN-TC'
        option dns '1'
        option mac '0'
        option ip '10.10.0.5'

config host
        option name 'HN-GamingPC-Adapter'
        option dns '1'
        option mac '0
        option ip '10.10.0.1'

config host
        option name 'IOT-WZ-GB-1'
        option dns '1'
        option mac '3
        option ip '10.30.0.1'

config host
        option name 'IOT-WZ-GB-2'
        option dns '1'
        option mac '9
        option ip '10.30.0.2'

config host
        option name 'IOT-WZ-GB-3'
        option dns '1'
        option mac '9
        option ip '10.30.0.3'

config host
        option name 'IOT-WZ-Fernseher'
        option dns '1'
        option mac 'B
        option ip '10.30.0.10'

config host
        option name 'IOT-SZ-GB-1'
        option dns '1'
        option mac '9
        option ip '10.30.1.1'

config host
        option name 'IOT-WZ-TC'
        option dns '1'
        option mac '0
        option ip '10.30.0.11'

config host
        option name 'IOT-BZ-WL'
        option dns '1'
        option mac '9
        option ip '10.30.2.1'

config host
        option name 'IOT-SZ-WL-1'
        option dns '1'
        option mac '9
        option ip '10.30.1.4'

config host
        option name 'IOT-WZ-Verstaerker'
        option dns '1'
        option mac '0
        option ip '10.30.0.12'
root@Strahlerouter:~# cat /etc/config/firewall

config defaults
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option synflood_protect '1'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'lan'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        list network 'wan'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config zone
        option name 'DXNET'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        list network 'DXNET'

config zone
        option name 'IOT'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        list network 'IOT'

config zone
        option name 'GAST'
        option input 'DROP'
        option output 'ACCEPT'
        option forward 'REJECT'
        list network 'GAST'

config zone
        option name 'BACKBONE'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        list network 'BACKBONE'

config zone 'vpn'
        option name 'ZerotierVPN'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        list device 'ztfp6aotps'
        list network 'ZerotierVPN'

config forwarding 'lan_vpn'
        option src 'lan'
        option dest 'ZerotierVPN'

config redirect
        option target 'DNAT'
        option src 'wan'
        option src_dport '9993'
        option name 'Zerotier 9993'
        list proto 'udp'

config rule
        option name 'Allow-Ping-ZT'
        option family 'ipv4'
        list proto 'icmp'
        option src 'ZerotierVPN'
        option target 'ACCEPT'

config rule
        option name 'Allow-SSH-ZT'
        option src 'ZerotierVPN'
        option dest_port '22'
        option target 'ACCEPT'
        option family 'ipv4'
        list proto 'udp'

config rule
        option name 'Allwo-ZT-HTTP'
        list proto 'tcp'
        option src 'ZerotierVPN'
        option dest_port '80'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-ZT-HTTPS'
        list proto 'tcp'
        option src 'ZerotierVPN'
        option dest_port '443'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Gast-DNS'
        option src 'GAST'
        option dest_port '53'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Gast-DHCP'
        list proto 'udp'
        option src 'GAST'
        option dest_port '67-68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Gast Internet'
        list proto 'tcp'
        option src 'GAST'
        option dest 'wan'
        option dest_port '80 433'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'IOT-DNS'
        option src 'IOT'
        option dest_port '53'
        option target 'ACCEPT'
        option family 'ipv4'
        list proto 'tcp'
        list proto 'udp'

config rule
        option name 'IOT-DHCP'
        list proto 'udp'
        option src 'IOT'
        option dest_port '67-68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'IOT-Internet'
        option src 'IOT'
        option dest 'wan'
        option dest_port '443'
        option target 'ACCEPT'
        list proto 'tcp'

config forwarding
        option src 'DXNET'
        option dest 'wan'

config forwarding
        option src 'lan'
        option dest 'IOT'

Are you sure that the service is still running? It could be that you're seeing browser caching in action.

What is the output of the follwing:

/etc/init.d/uhttpd stop
service | grep http
netstat -plnt | grep http
root@Strahlerouter:~# /etc/init.d/uhttpd stop
Command failed: Not found

root@Strahlerouter:~# service | grep http
/etc/init.d/uhttpd                disabled         stopped
root@Strahlerouter:~# netstat -plnt | grep http
root@Strahlerouter:~#

I can fully browse around the Webinterface. I also cleared the Cache of the browser.

What's the output of netstat -plnt | grep 443?

Did you replace the web server with some other package? The fact that there is no uhttpd and nothing listening from that service suggests that if there is actually a running server, it is not the default state.

root@Strahlerouter:~# netstat -plnt | grep 443
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      1781/uci.conf -g da
tcp        0      0 :::443                  :::*                    LISTEN      1781/uci.conf -g da

the only thing can remeber was getting a new Luci theme. But not more

Post the output of the ps command too.

Do you mean
netstat -ps | grep http?

No, just ps.

root@Strahlerouter:~# ps
  PID USER       VSZ STAT COMMAND
    1 root      2000 S    /sbin/procd
    2 root         0 SW   [kthreadd]
    3 root         0 IW<  [slub_flushwq]
    4 root         0 IW<  [netns]
    8 root         0 IW<  [mm_percpu_wq]
    9 root         0 SW   [rcu_tasks_trace]
   10 root         0 SW   [ksoftirqd/0]
   11 root         0 IW<  [inet_frag_wq]
   12 root         0 SW   [oom_reaper]
   13 root         0 IW<  [writeback]
   14 root         0 SW   [kcompactd0]
   21 root         0 IW<  [kblockd]
   22 root         0 IW<  [blkcg_punt_bio]
   23 root         0 SW   [watchdogd]
   24 root         0 SW   [kswapd0]
   33 root         0 IW<  [kthrotld]
   44 root         0 SW   [spi0]
  275 root         0 IW<  [mld]
  278 root         0 IW<  [ipv6_addrconf]
  279 root         0 IW<  [kstrp]
  292 root         0 IW   [kworker/0:5-eve]
  294 root         0 IW<  [kworker/0:1H-kb]
  305 root         0 SW   [irq/16-keys]
  306 root         0 SW   [irq/17-keys]
  459 root         0 SW   [scsi_eh_0]
  460 root         0 IW<  [scsi_tmf_0]
  462 root         0 SW   [usb-storage]
  477 root         0 SW   [jbd2/sda1-8]
  478 root         0 IW<  [ext4-rsv-conver]
  550 ubus      1584 S    /sbin/ubusd
  551 root      1056 S    /sbin/askfirst /usr/libexec/login.sh
  553 root         0 SWN  [jffs2_gcd_mtd4]
  592 root      1208 S    /sbin/urngd
  690 root         0 IW<  [cfg80211]
  906 logd      1480 S    /sbin/logd -S 64
  960 root      3812 S    /sbin/rpcd -s /var/run/ubus/ubus.sock -t 30
 1422 root      2908 S    {hostapd} /sbin/ujail -t 5 -n hostapd -U network -G
 1423 root      2908 S    {wpa_supplicant} /sbin/ujail -t 5 -n wpa_supplicant
 1426 network   5968 S    /usr/sbin/wpa_supplicant -n -s -g /var/run/wpa_suppl
 1427 network   6280 S    /usr/sbin/hostapd -s -g /var/run/hostapd/global
 1489 root      2260 S    /sbin/netifd
 1602 root      1756 S    /usr/sbin/odhcpd
 1665 root      1376 S    /usr/sbin/crond -f -c /etc/crontabs -l 5
 1718 root      2616 S    /usr/sbin/uwsgi --ini /etc/uwsgi/emperor.ini
 1781 root      7448 S    nginx: master process /usr/sbin/nginx -c /etc/nginx/
 1783 root         0 IW<  [kworker/0:2H]
 1841 root      7872 R    nginx: worker process
 2031 root     34180 S    /usr/bin/zerotier-one -p9993 /var/lib/zerotier-one_S
 2355 root      1372 S    udhcpc -p /var/run/udhcpc-eth0.2.pid -s /lib/netifd/
 2396 root      2908 S    {ntpd} /sbin/ujail -t 5 -n ntpd -U ntp -G ntp -C /et
 2418 ntp       1372 S    /usr/sbin/ntpd -n -N -S /usr/sbin/ntpd-hotplug -p 0.
 2571 root      1268 S    /usr/sbin/dropbear -F -P /var/run/dropbear.1.pid -s
 2833 root         0 SW   [hwrng]
21946 root         0 IW   [kworker/u2:2-ph]
21957 root      3464 S    /usr/sbin/uwsgi --set die-on-idle=true --ini /etc/uw
21958 root      3436 S    /usr/sbin/uwsgi --set die-on-idle=true --ini /etc/uw
22074 root      1288 S    /usr/sbin/dropbear -F -P /var/run/dropbear.1.pid -s
22147 root      1376 S    -ash
22745 root         0 IW   [kworker/0:0]
22922 root         0 IW   [kworker/u2:0-ev]
23347 root         0 IW   [kworker/u2:1-ph]
23581 root      3228 S    /usr/sbin/uwsgi --set die-on-idle=true --ini /etc/uw
23582 root      3228 S    /usr/sbin/uwsgi --set die-on-idle=true --ini /etc/uw
23862 root      2908 S    {dnsmasq} /sbin/ujail -t 5 -n dnsmasq -u -l -r /bin/
23863 dnsmasq   1740 S    /usr/sbin/dnsmasq -C /var/etc/dnsmasq.conf.cfg01411c
23917 root      1380 R    ps

Default nginx config covers luci too. You either zero those files or pedantically make rest into well named vhosts.

1 Like

... which makes it an user error, and not an Openwrt error.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.