I'm hosting Odoo on AWS and need to connect from my local machine. I am using AWS Certificate Manager instead of using a local .pem file ( no SSL configuration done on Apache as I am using AWS CM).
My odoo application works well, If I type https://myodoosite.com it works well.
What I need is to connect to the Postgresql DB on myodoosite.com
I can connect to the Postgresql DB from within the myodoosite.com server by uisng the command $psql -U postgres odoo_prod
Does anyone have an idea how to achieve this?
WHen I connect from my local, it says " Is the server running at myodoosite.com accepting TCP/IP connections on port 5432? "
Thank you for your replies.
Did I understand correctly your situation:
Odoo, Apache and PostgreSQL in one or multiple EC2 instances in AWS.
Load Balancer with SSL termination (using certificate from Certificate Manager) that exposes only your Odoo/Apache http service.
You probably have firewall rules in security groups preventing the PostgreSQL traffic in tcp port 5432. You need to open port 5432 to be accessible from your onpremise IP-address. You can do this by enabling the predefined PostgreSQL type in PostgreSQL EC2 instance's Security Group and set your IP address in the source address. Please note that this way the database is accessible for all traffic coming from that IP or IP range. So if you use shared IP this could be a problem.
Another easy and secure way to connect to PostgreSQL is to tunnel the traffic from your workstation with ssh. This is usable if you already have ssh port open and you do not want to open PostgreSQL port to public internet.
Related
I have an AWS environment where
for each client, there is a dedicated ec2 windows instance.
There is NO active directory; each ec2 instance is like in its own workgroup.
Each instance is deployed on its own dedicated VPC, security group etc.
Clients use RDP to connect from their site to the ec2 instances whenever required over port 3389.
The clients' ip addresses are known upfront and we open port 3389 to allow RDP connection.
Now we want to introduce the RDP using SSL (port 443)
The typical guides from Amazon and other books walk thru setting up a RD Gateway in a SEPARATE ec2 instance and use that as the jump box.
https://docs.aws.amazon.com/quickstart/latest/rd-gateway/architecture.html#best-practices
This is all good except that,
I do not want to have an additional ec2 within each VPC.
(I understand that there are other options to have a centralized RD Gateway in its own vpc and then using VPC peering etc. But I don't want to go that route for various reasons).
So, my question is:
Is it possible to setup the RD gateway directly on the ec2 instance to
which I ultimately want to RDP into ? and use SSL(port 443) for
connecting thru RDP?
Thanks in advance.
I tried this out successfully. I created an EC2 windows 2016 server.
I installed RD gateway using the powershell command.
Install-WindowsFeature RDS-Gateway -IncludeManagementTools
Then I launched the RD gateway manager.
configured the CAP and RAP to allow my Remote Desktop Users to access any resource.
Used the ssl certificate which I created using certroot in linux.
From aws console, opened the port 443 in the security group to allow connections from my public to the ec2 instance. (No other ports were opened).
From my local computer, I setup a RDP connection such that:
The RD Gateway server setting had the RD gateway server name (ex. poc.mydomain.com)
This should match the ssl certificate.
The remote computer name was specified as "localhost" (implying that the same server needs to be connected to).
After providing the right credentials, I was connected the the ec2 instance using RDP.
I want to use R Server constructed on a Ubuntu system on the Alibaba Cloud to do some elastic computing. The data is on the office computer, which has a firewall to prevent information leaking. I want to update the data to the cloud server for analysis.
I tried WINscp. It won't connect to the server (Connection timeout). I also tried PuTTY, which didn't work, either.
Could this be because of the Firewall?
Since you mentioned that your office has firewall rules in place to prevent data leaking, it is possible that your office firewall has blocked outbound traffic to port 22 (SSH), which is required to connect to your Ubuntu ECS instance running on Alibaba Cloud.
You should try to connect to your Ubuntu ECS instance from other locations without your office's firewall and see if it works.
Alibaba Cloud's ECS instance allows in-bound traffic access to port 22 by default based on their product page as below.
Source: Default security group rules
The security group created by
the system has only rules for access over all ICMP ports, TCP Port 22,
and TCP Port 3389, of which,
All ICMP ports are used by network devices, including routers, to send
error messages and operational information.
TCP Port 22 is used to connect to a Linux instance using SSH.
TCP Port 3389 is used to remotely connect to a Windows instance using Windows Remote Desktop.
I am trying to run an application locally that uses a database, webservices etc in another network so I am trying to tunnel through a computer with access. However web services are used over two (possibly more) ips and I can't map one port to multiple ips or is there a way to achieve this?
Can you reconfigure the web services client to access one of the services on another port? For example, if you open an ssh tunnel using something like:
ssh -L8080:ws1host:8080 -L8081:ws2host:8080 user#remotehost
Then you can access the remote ws1host:8080 on 127.0.0.1:8080 and the remote ws2host:8080 on 127.0.0.1:8081
I want to make my site available world wide. Im using xampp server for hosting. I have no access to any kind of servers and modems. Situation is shown below:
My site server has local ip assigned by wifi router and it runs Windows 8.
Remember I have no access on any kind of servers and modems so port port-forwarding is impossible (out of my scope).
Its actually difficult, but not impossible.
One way, I would approach this is:
I would host a page on internet.
Then take request and store it in database.
One of my program will always be running from my computer.
Then check for request and curl the request to localhost. For this you may use Node.js (taking data from database using GET method and curl it to localhost).
This is the best I could think of. And I am working on it, when the code is ready I'll make it open source and notify you :)
But still, it's difficult, as you need to put user's request to sleep for 2 seconds and then transferring it.
Its slow, but may work out for you.
Disadvantages:
Program will be very slow and memory usage will be more.
Breaking may happen many times.
High bandwidth wastage
If not encrypted, MIM (Men in Middle) may possible.
Advantages:
Indirect method of hosting
Need not to worry about your code being lost.
I am looking forward for a better alternative and I would like to keep this question for bounty once again.
If you cannot open the necessary ports within your LAN you will require access to an external server. However, the external server does not need to host any code, e.g.
Create a Linux based ec2 instance using Amazon's free tier.
Install a package to redirect remote to local ports:
a. using socat:
Install socat using your distributions package manager
Connect via SSH: ssh -N -R 42500:127.0.0.1:80 -o ServerAliveInterval=60 ubuntu#xxx.xxx.xxx.xxx -N -R 8080:localhost:80 "socat TCP-LISTEN:8080,fork TCP:127.0.0.1:42500"
b. using a webserver and reverse proxy:
Install apache or nginx and any required reverse proxy modules and configure your VirtualHost to proxy requests to a local port, e.g. :8080 -> 127.0.0.1:42500
Connect via SSH: ssh -N -R 42500:127.0.0.1:80 -o ServerAliveInterval=60 ubuntu#xxx.xxx.xxx.xxx
Your machine is now reachable via the ec2 instance http://xxx.xxx.xxx.xxx:8080/.
I occasionally use this technique when debugging web service callbacks.
Update 17-02-2014
If you are a Windows user you will need to install a third-party tool to support ssh. Options include:
cygwin
git bash
PuTTY
PuTTY is the easiest choice if you are not familiar with *nix tools. To configure remote port forwarding in PuTTY expand the following setting: Connection -> SSH -> Tunnels. Given the previously described scenario, populate Source port as 42500, Desination as 127.0.0.1:80 and tick the Remote option. (You may also need to add the path to a PuTTY compatible private key in the Connection -> SSH -> Auth tab depending on your server configuration.
To test you have successfully forwarded a port, execute the command netstat -lnt on your server. You will see output similar to:
tcp 0 0 127.0.0.1:42500 0.0.0.0:* LISTEN
Finally you can test with curl http://127.0.0.1:42500. You will see the output of your own machines web root running on port 80.
if you don't have a public IP address and cannot use port forwarding it is impossible to host the site
As people have said you need a public IP address. However, even if you did you should not use xampp as a public server, as it is designed for development and therefore has some security settings disabled.
I would recommend buying some shared web hosting, and uploading it to that. (you can get cheap hosting if you google 'shared web hosting', plus free .tk domains are avaliable: http://www.dot.tk/)
Do your company has any vpn network?
If it does and you have access to the vpn network, you can include your server to the vpn network and your guest will only need to login to your company vpn network then access your site like in a local network without using port forwarding. And since your data is very confidential, I assume that using vpn will also help to increase the security of your data.
Please correct me if I'm wrong.
Thank You.
What you are asking is not possible without port forwarding.
Lets break it into steps.
To host your site locally you will need a IP that is static so that
users can access it specifically.
You will need a domain so that it can be converted into user friendly name.
A 24x7 Internet Connection is must! You added a Wifi Router in your Diagram and most of today's router are capable of port forwarding.
What i will do in your scenario is:
Instead of using XAMP, i will install WAMP because i am more familiar with it and easy to configure.(totally personal preference)
Then i would set my server "ONLINE".(Google how to set WAMP server online)
Forward port "80" from router settings to my local computer ip address.(mostly it is tagged as "Virtual Server","Firewall","Port Forwarding",etc vary router to router in settings)
Suppose you have a local ip "192.168.1.3" and global/router IP "254.232.123.232" then you would redirect all the HTTP request done towards router to your local IP.
[[[[254.232.123.232]]]] --+ :80 +-- --------->192.168.1.3
That is good for now, but then you will need to tackle dynamic IP problem of router. But don't worry, thanks to some free sites that will be easy!
Go to no-ip.org -> Setup Account -> and create a entry, just a subdomain for now to test whether everything is working fine.(subdomain like mysite.no-ip.org, later purchase a real Domain)
Input your IP address there(Router IP) and download its application which will automatically update their server if your local IP changes.
Wait for some minutes and Voila! Your site is live.
I am newbie to servers. I am trying to connect to Amazon EC2 micro instance using Connect Using a Java-Based (SSH) Client but I am getting an error Connection timed outas shown below in the image.
Also I am getting timeout message only when I try to SSH via wireless internet connection, in case of a wired connection could SSH into the instance.
I could not zero out where is the error is?
I figured out what the problem is here. You must allow your specific IP address or IP address range for inbound SSH traffic in the security group you have associated with the instance you're trying to connect to. Create a new inbound TCP rule for SSH with your IP address (or IP address range) and the attendant CIDR Subnet Mask and after that you should be able to connect using Java SSH or any SSH client.
Do you have a local SSH client that you can use to attempt to connect to the instance? If so, does that work?
Did you remember to ensure that your IP address (or netblock) is allowed to send traffic to TCP port 22 in your security group for the instance that you just deployed? You can check this by going running the 'ec2-describe-group' command from the EC2 Toolkit, or by using Amazon's Console and heading to EC2 -> Security Groups and viewing the security group assigned to that instance.