-1

Well, the problem is simple. I have the site based on apache and trying to execute cron job at this site from the same server. Let's say my site http://example.com and cronjob is 

/usr/bin/curl http://example.com/cron.php

It does not work, error is "curl: (7) couldn't connect to host".

Why this could happen?

P.S. The site is working fine and accessible from any other external machine/client.

Here is an output of iptables -S

-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 2222 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited

Ping failed: (ping example.com) - here I've used my server domain, of course:

134 packets transmitted, 0 received, 100% packet loss, time 136759ms

Verbose curl -v :

* About to connect() to myserver.com port 443 (#0)
*   Trying x.x.x.x... Connection timed out
* couldn't connect to host
* Closing connection #0
curl: (7) couldn't connect to host

x.x.x.x is a external IP of my host.

Result of traceroute myserver.com

traceroute to myserver.com (x.x.x.x), 30 hops max, 60 byte packets
 1  * * *
 2  * * *
 3  * * *
 4  * * *
 5  * * *
 6  * * *
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *
Epsiloncool
  • 105

3 Answers3

2

Not quite the answer to your current problem, but it will render the whole issue moot since you're trying to trigger the script from the same host running your site anyway:

When you need to run PHP scripts from cron you're generally better of running them from the PHP command line interface rather than making a web request to the script. Depending on the location of your PHP binary change your batch job to:

/usr/bin/php -q -f /path/to/cron.php

That allows you to:

  • Place your batch jobs outside of web root.
  • Run your batch job under a different effective UID rather than the UID of your webserver.
  • Avoid timeouts (and other restrictions) imposed by your web server.
  • Circumvent any number of issues when the DNS name of your site does not point to a local IP-address on your server.
  • Avoid the overhead of setting up a TCP and/or TLS connection.

and more.

HBruijn
  • 84,206
  • 24
  • 145
  • 224
1

Take a good look at the actual running iptables configuration 

ipatables -L -vn

and ensure that nothing is blocking the source IP of the system running he curl/ping commands - take appropriate action.

If there is nothing there then something upstream, between the systems may be blocking. As ping is being blocked I guess you could try mtr

mtr -4 example.com

It may show a site blocking you.

Are you sure that the IP address of example.com is correct too ?

user9517
  • 117,122
1

I realized it is a "hairpin DNS" issue. Best solution I guess to configure NAT to not shortcut request to my own external IP to local IP... but still my provider not did it and I temporary fixed it by 

nano /etc/hosts

added a line

y.y.y.y   myserver.com

where y.y.y.y is my LOCAL address.

Epsiloncool
  • 105