I'm running my own gitlab server on Oracle Cloud
and its Domain handled by Cloudflare
But my gitlab ssh cloning doesn't work at all.
(as far as I can remember, HTTP 413 curl 22 The requested URL returned error: 413)
(And It also happened port 22 network unreachable error)
I think other process hold 22 port, so I tried to change gitlab ssh port to other port.
Changed gitlab.rb (gitlab_shell_ssh_port to other)
Open Oracle Cloud VCN port,
Open Ubuntu Firewall(ufw allow and also tried iptables)
And Add other port on sshd (/etc/ssh/ssh_config)
disable cloudflare DNS Proxy to DNS only.
but It doesn't work and even port is inaccessible.
more than that nothing listen on that port.
what should I do more on this?
Related
I have local computer and remote server. Remote server is isolated and is only accessible with this computer. I want to connect to site from server, let it be https://example.com/site
I tried to make a tunnel via ssh -R 6761:example.com:80 remote-server. But when I am trying to use wget http://localhost:6761/site on the remote server - it doesn't work and show 404 whilst wget http://example.com/site working well on local computer.
What I am doing wrong?
You cannot tunnel HTTP that way.
The name of the server you are trying to reach will be included in the request (the Host header), but it will most likely only listen to example.com, not localhost.
You will need to set up a HTTP Proxy (Forward Proxy) on your local machine and tell your http client(s) to use that. (How depends on the client.)
I'm developing some webhook required direct access public domain to internal machine, thinking use SSH tunnel to forward data, or got alternative solution?
Hosting server & development machine are in same network
192.168.1.2/24 (Hosting server)
2nd machine is virtual mapping using forticlient firewall without static or dynamic IP in visible in hosting server, so is 1 way initial communication right now.
In this case possible to setup SSH tunnel forward all traffic from 192.168.1.2:80 to handle in development machine port 8080?
How to ssh syntax look like?
Thanks.
This could be done by setting up an SSH tunnel to the remote machine:
ssh -L localhost:80:localhost:8080 development-system
Every request to port 80 on the hosting-server is now forwarded to port 8080 on the development-system.
Please note, that the port 80 on the hosting-server could only be used, when you start the SSH command as root. Also note that the port 80 is only accessible from the hosting-server. To access the port 80 on the hosting-server from everywhere use the following:
ssh -L 80:localhost:8080 development-system
Be sure that you want that.
A good introduction to the topic could be found at
https://www.ssh.com/ssh/tunneling/example
https://unix.stackexchange.com/questions/115897/whats-ssh-port-forwarding-and-whats-the-difference-between-ssh-local-and-remot
There's a stackoverflow question # Github (SSH) via public WIFI, port 22 blocked, about blocked port 22, but the solution given there: port 443 is also failing for me.
All my connections to the internet go through the Institute proxy server, and it blocks all non-standard ports. I know for a fact that port 80 and port 8080 are both allowed, and all my github transactions through the https route work perfectly.
How to solve this issue?
ssh -T -p 443 git#ssh.github.com
ssh: connect to host ssh.github.com port 443: Connection refused
My proxy server is : http://10.3.100.207:8080/
I found a simple solution to my problem. Since https works perfectly for my setup and proxy, I found a way to force git to use https instead of ssh, whenever it encounters ssh urls, by executing the following 2 git config commands:
git config --global url."https://github.com/".insteadOf git#github.com:
git config --global url."https://".insteadOf git://
This solved the problem for me.
Source: https://github.com/npm/npm/issues/5257
Your problem is that your connection is not going through the institute proxy server, which from your description looks like a basic HTTP proxy. Git -- and ssh -- don't know about the proxy. You have several options:
Access github using https, and let git know about the proxy server by setting the http.proxy configuration option. There are instructions for doing that here.
Configure ssh to make use of the proxy. This will require a tool like corkscrew that can forward tcp connections through an http proxy (if the proxy supports the CONNECT method). There is some useful documentation on that topic here.
I'm trying to get Apache working on a GCE instance.
Following GCE's Quickstart guide, I did the following:
Created instance "my-instance" in "my-project" (CentOS image)
Installed httpd, verified it's running
Added the following firewall rule:
gcutil addfirewall http2 --description="Incoming http allowed." --allowed="tcp:http"
and did the same for HTTPS and ICMP
Verified through gce gui that these rules were added to default network
I can ping my instance's IP address but I can't get an HTTP response. I've tried through the browser, from a curl command - no dice. And it works fine when on localhost so I know Apache is returning the index.html page.
When I use curl from a remote host, the error is:
curl: (7) Failed connect to (instance ip addr):80; Connection refused
Thoughts?
I did some experiments to replicate this. In short, I believe HTTP port 80 may be blocked by iptables firewall rules on the local Centos instance. This appears to be the default behavior.
I have a GCE firewall rule setup to allow port 80 traffic to all instances. I created a centos based image via the Cloud Console (which is indeed using the v1 API). Logged in via SSH and started a web server on port 80. I was not able to hit the web server from my laptop. However I was also not able to hit it from another instance in my project. This lead me to suspect a firewall local to the instance rather than Compute Engine's firewall.
I ran this command (which drops the default reject of all ports for testing - this is unsafe to do for machines which are directly exposed to the internet):
$ sudo iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited
After running that, I was able to hit my webserver from both another instance and my laptop. Note that this change is lost after restarting the instance. I don't know the correct procedure for changing the default firewall rules on Centos.
Please try a similar experiment on your instances, especially try to hit the web server from another Compute Engine instance, since service level firewalls do not block traffic between instances on the same network.
I want to connect to remote amazon aws service(EC2 instance) , and I would like to be able to ssh to it from my laptop while using the campus provided network (which has cyberoam firewall). However, they have pretty much every port blocked and ssh won't work. Is there anything i can do? does ssh run through port 80? I don't really know what to do .
All it says is :
ssh_exchange_identification: read: Software caused connection abort
ssh works elsewhere.
You can set your SSH server to use port 80 (or 443 if 80 is used for a webserver). Just check the configuration file of your ssh server for more details!