How to open port 9000 for remote PHP Xdebug to local PHPStorm

Hi,

I'm trying to set up the remote Xdebug with my PHPStorm. Everything works fine on another project but connecting to an Apache 2.2 server. I can't just seem to get it to work with the Nginx server and it seems like there is nothing being sent from the server. So I'm thinking it could be the port.

How do I go about this? What commands can I use to find out the open ports and if so how do I open it to just my local IP for security for outbound and inbound traffic?

I'm not sure if this will resolve it but it could be a possibility I'm thinking. I read a bunch of posts on setting up the remote Xdebug to work with PHPStorm and the Nginx server but it's not working. Reaching out to the tech support at Jetbrains too.

Any help is appreciated. Blessings<><,
Victor
Victor KimuraSEO, Web DeveloperAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jan SpringerCommented:
iptables --list -n

see if you are blocking by default and only permitting certain protocols/ports.

if that's the case, you need to allow that port.
0
gr8gonzoConsultantCommented:
1. There's a chance that your ISP may block inbound network connections to your IP address, especially if you're on a home-type of internet connection. If that's the case, you're pretty much out of luck - you would need to talk to your ISP about how to enable that. Otherwise, you can have all your ports open and nothing will ever reach you.

2. If your ISP -does- allow direct, inbound traffic to you, then the next thing to check is your firewall/router. You would need to configure your router so that incoming packets to port 9000 were routed to your internal IP address inside your local network (NAT). This is assuming that you do not hook your computer directly up to the internet connection, but rather your computer is connected to a network and the internet connection goes to a router in front of that network (which is usually the case). Configuring your router is going to be up to you - they're all different, so you'll need to find out how to configure forwarding rules on your router.

3. Your outbound traffic shouldn't be a problem - if you can connect to any web site, then you can connect to your server on port 80.
0
gr8gonzoConsultantCommented:
Also, for clarification, you need to understand that xdebug remote debugging works by your IDE sending a request to the server on port 80, then the server tries to connect back to your public IP address on port 9000. If it can't connect to you that way, the remote debugging will not work.

The command that Jan provided is for Linux, but if you're running PHPStorm on Windows, then you probably are not blocking port 9000 unless you have some software firewall running that is blocking all ports except for the ones you allow.

Also, don't use xdebug.remote_host, use xdebug.remote_connect_back. That way, if your public IP changes, you won't have to change the config. It's just a more flexible option.
0
Acronis Data Cloud 7.8 Enhances Cyber Protection

A closer look at five essential enhancements that benefit end-users and help MSPs take their cloud data protection business further.

Jan SpringerCommented:
It's listed with Linux Network Security.  Have to presume that it's *nix related.
0
gr8gonzoConsultantCommented:
I presumed that at first for the same reason, but then it sounded like the OP might not have had a clear understanding on the flow of traffic and thus which ports on which side were involved. That's why I added the clarification comment.
0
Jan SpringerCommented:
The author should also be running wireshark or tcpdump to monitor the traffic conversation.
0
Victor KimuraSEO, Web DeveloperAuthor Commented:
@gr8gonzo. I don't think it's the port that is closed by my ISP because I'm using the same ISP (from my home office) to another remote server using Xdebug on port 9000 and it works. The other server is using Apache. The problem I have is with another server using Nginx.

@Jan. Yes, using Linux. The Apache is using Centos 5.6 I think. The newer server is Ubuntu 14.04.1 with Nginx 1.6.2.

sudo iptables --list -n
[sudo] password for forge:
Chain INPUT (policy DROP)
target     prot opt source               destination
fail2ban-ssh  tcp  --  0.0.0.0/0            0.0.0.0/0            multiport dports 22
ufw-before-logging-input  all  --  0.0.0.0/0            0.0.0.0/0
ufw-before-input  all  --  0.0.0.0/0            0.0.0.0/0
ufw-after-input  all  --  0.0.0.0/0            0.0.0.0/0
ufw-after-logging-input  all  --  0.0.0.0/0            0.0.0.0/0
ufw-reject-input  all  --  0.0.0.0/0            0.0.0.0/0
ufw-track-input  all  --  0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy DROP)
target     prot opt source               destination
ufw-before-logging-forward  all  --  0.0.0.0/0            0.0.0.0/0
ufw-before-forward  all  --  0.0.0.0/0            0.0.0.0/0
ufw-after-forward  all  --  0.0.0.0/0            0.0.0.0/0
ufw-after-logging-forward  all  --  0.0.0.0/0            0.0.0.0/0
ufw-reject-forward  all  --  0.0.0.0/0            0.0.0.0/0
ufw-track-forward  all  --  0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ufw-before-logging-output  all  --  0.0.0.0/0            0.0.0.0/0
ufw-before-output  all  --  0.0.0.0/0            0.0.0.0/0
ufw-after-output  all  --  0.0.0.0/0            0.0.0.0/0
ufw-after-logging-output  all  --  0.0.0.0/0            0.0.0.0/0
ufw-reject-output  all  --  0.0.0.0/0            0.0.0.0/0
ufw-track-output  all  --  0.0.0.0/0            0.0.0.0/0

Chain fail2ban-ssh (1 references)
target     prot opt source               destination
RETURN     all  --  0.0.0.0/0            0.0.0.0/0

Chain ufw-after-forward (1 references)
target     prot opt source               destination

Chain ufw-after-input (1 references)
target     prot opt source               destination
ufw-skip-to-policy-input  udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:137
ufw-skip-to-policy-input  udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:138
ufw-skip-to-policy-input  tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:139
ufw-skip-to-policy-input  tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:445
ufw-skip-to-policy-input  udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:67
ufw-skip-to-policy-input  udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:68
ufw-skip-to-policy-input  all  --  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type BROADCAST

Chain ufw-after-logging-forward (1 references)
target     prot opt source               destination
LOG        all  --  0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK]                      "

Chain ufw-after-logging-input (1 references)
target     prot opt source               destination
LOG        all  --  0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK]                      "

Chain ufw-after-logging-output (1 references)
target     prot opt source               destination

Chain ufw-after-output (1 references)
target     prot opt source               destination

Chain ufw-before-forward (1 references)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0            icmptype 3
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0            icmptype 4
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0            icmptype 11
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0            icmptype 12
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0            icmptype 8
ufw-user-forward  all  --  0.0.0.0/0            0.0.0.0/0

Chain ufw-before-input (1 references)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
ufw-logging-deny  all  --  0.0.0.0/0            0.0.0.0/0            ctstate INVALID
DROP       all  --  0.0.0.0/0            0.0.0.0/0            ctstate INVALID
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0            icmptype 3
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0            icmptype 4
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0            icmptype 11
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0            icmptype 12
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0            icmptype 8
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp spt:67 dpt:68
ufw-not-local  all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     udp  --  0.0.0.0/0            224.0.0.251          udp dpt:5353
ACCEPT     udp  --  0.0.0.0/0            239.255.255.250      udp dpt:1900
ufw-user-input  all  --  0.0.0.0/0            0.0.0.0/0

Chain ufw-before-logging-forward (1 references)
target     prot opt source               destination

Chain ufw-before-logging-input (1 references)
target     prot opt source               destination

Chain ufw-before-logging-output (1 references)
target     prot opt source               destination

Chain ufw-before-output (1 references)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
ufw-user-output  all  --  0.0.0.0/0            0.0.0.0/0

Chain ufw-logging-allow (0 references)
target     prot opt source               destination
LOG        all  --  0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW]                      "

Chain ufw-logging-deny (2 references)
target     prot opt source               destination
RETURN     all  --  0.0.0.0/0            0.0.0.0/0            ctstate INVALID limit: avg 3/min burst 10
LOG        all  --  0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK]                      "

Chain ufw-not-local (1 references)
target     prot opt source               destination
RETURN     all  --  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL
RETURN     all  --  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type MULTICAST
RETURN     all  --  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type BROADCAST
ufw-logging-deny  all  --  0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10
DROP       all  --  0.0.0.0/0            0.0.0.0/0

Chain ufw-reject-forward (1 references)
target     prot opt source               destination

Chain ufw-reject-input (1 references)
target     prot opt source               destination

Chain ufw-reject-output (1 references)
target     prot opt source               destination

Chain ufw-skip-to-policy-forward (0 references)
target     prot opt source               destination
DROP       all  --  0.0.0.0/0            0.0.0.0/0

Chain ufw-skip-to-policy-input (7 references)
target     prot opt source               destination
DROP       all  --  0.0.0.0/0            0.0.0.0/0

Chain ufw-skip-to-policy-output (0 references)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0

Chain ufw-track-forward (1 references)
target     prot opt source               destination

Chain ufw-track-input (1 references)
target     prot opt source               destination

Chain ufw-track-output (1 references)
target     prot opt source               destination
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            ctstate NEW
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            ctstate NEW

Chain ufw-user-forward (1 references)
target     prot opt source               destination

Chain ufw-user-input (1 references)
target     prot opt source               destination
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:22
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:22
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:80
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:80
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:443
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:443

Chain ufw-user-limit (0 references)
target     prot opt source               destination
LOG        all  --  0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 5 LOG flags 0 level 4 prefix "[UFW LIMIT B                     LOCK] "
REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable

Chain ufw-user-limit-accept (0 references)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0

Chain ufw-user-logging-forward (0 references)
target     prot opt source               destination

Chain ufw-user-logging-input (0 references)
target     prot opt source               destination

Chain ufw-user-logging-output (0 references)
target     prot opt source               destination

Chain ufw-user-output (1 references)
target     prot opt source               destination

Open in new window


I'm getting a bunch of  non-descript ips. How come?

Yes, I was using wireshark from my Windows (where my IDE is). When I was using the Apache server I could see the port 9000 connections. But nothing from the Nginx server.
0
Jan SpringerCommented:
netstat -an | grep 9000

make sure you're listening on that port
0
gr8gonzoConsultantCommented:
Okay, so if the same Windows computer is able to do the debugging on a different server, then it clears up a lot of the probable issues. Again, the only thing you have to worry about with port 9000 is the INBOUND traffic from the Linux server to your Windows workstation (where the IDE is). The workstation is what is listening on port 9000, not the server.

The fact that it works with another server means that you don't have ISP blocking issues and that the inbound network route is correct.

Nginx and Apache aren't really going to play a part in all of this. They are only the web servers that relay the initial web page request to PHP. It is PHP that takes that request, relays the request to the Xdebug extension, and the Xdebug extension then takes its current config, and tries to connect back to your workstation.

So if you can hit the web page normally, then Nginx vs. Apache has nothing to do with the problem. The outbound request from your workstation to the server goes across port 80, so if you can see the web page, then you can pass along the request to PHP/Xdebug.

That means it's likely a configuration issue with the Xdebug extension itself. I would suggest comparing the php.ini files between the two servers and pay attention to the configuration lines that start with "xdebug.". Also, if you do make any changes to the php.ini file, you'll have to restart the web server (or if you're using FastCGI, reload the instance).

I'd also suggest making sure that the xdebug extension itself is being loaded properly. Just create a single PHP page that has these two lines:

<?php
phpinfo();

...and then hit that web page in your browser. The resulting page SHOULD mention xdebug as an extension that is loaded. If it doesn't, then that could be the problem.
0
gr8gonzoConsultantCommented:
@Jan - As I mentioned before, the OP is confusing the sides of the fence. Xdebug works by listening on port 9000 on the client. Client sends a crafted web page request to port 80 on the server, which hosts a special xdebug extension. The extension processes the request and connects back to the client on port 9000. That is what establishes the debugging session. The client is Windows, the server is Linux.
0
Victor KimuraSEO, Web DeveloperAuthor Commented:
@gr8gonzo, yes, thank you. @Jan. Thank you too. Both of you. :)

I found out that it was my xdebug.ini setting. I didn't set the xdebug.so location. Don't know why I didn't see that.

Just for others who come across this. I'm using the VPS from Digital Ocean.

sudo vim /etc/php5/fpm/conf.d/20-xdebug.ini:

zend_extension=/usr/lib/php5/20131226/xdebug.so
xdebug.profiler_output_dir=/tmp
xdebug.profiler_output_name=cachegrind.out.%p
xdebug.profiler_enable_trigger=1
xdebug.profiler_enable=0
xdebug.remote_enable=1
xdebug.remote_host=127.0.0.1 70.79.153.23
xdebug.remote_port=9001, 7869, 10000/16
xdebug.remote_handler=dbgp
xdebug.remote_autostart=0

Then do:
sudo service php5-fpm restart
sudo nginx -s reload

Other stuff you may need to do or know:

sudo vim /etc/php5/fpm/php.ini

If you can't find the xdebug.so then do:
sudo find /usr/lib/php5 -name 'xdebug.so'

or

$ sudo find / -name 'xdebug.so'
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Victor KimuraSEO, Web DeveloperAuthor Commented:
Thank you, both. The tips were helpful to me. Father God bless<><
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Servers

From novice to tech pro — start learning today.