public ip of container instance not accessible - azure-container-instances

I created an azure container instance az container create with these flags:
--dns-name-label my-protocol-api-containerinstance --ports 80 --ip-address=public --os-type=windows
And after creating it, tried to hit the fqdn as well as the public ip. Both return 404 not found error.

Related

Cannot access the application via node ip and node port

I have to deploy an application via Helm by supplying a VM Ip address and node port. Its a BareMetal Kubernetes cluster. The kubernetes cluster has ingress controller installed (as node port, this value is supplied in helm command). The problem is: I am receiving a 404 not found error if I access the applciation as:
curl http://{NODE_IP}:{nodeport}/path
there is no firewall. I have "allow all ingresss traffic" policy. But not sure what is wrong. I have now tried anything possible but cannot find the root cause.

How to retrieve client IP within a Docker container running Apache on AWS Elastic Container Service?

I have a Docker server running Apache 2.4.25 (Debian) PHP 7.3.5.
This container is "hosted" within an Amazon Elastic Container Service.
The default AWS EC2s are sat behind an AWS application load balancer.
I want to be able to obtain, in PHP, the users/clients IP address.
My presumption based on my limited knowledge is that this IP address will need to be handed from the ALB, to the EC2, then to the Docker container, and finally for Apache to pick up.
I have tried to shorten the stack by attempting to obtain the IP within a Docker container running on my local machine, however still I wasn't able to find a way for Docker to fetch and pass through my IP to Apache.
I know typically you'd have the X-Forwarded header from the ALB, but I have not been able to work out how Docker can take this and pass it through to Apache.
I expected to have the client IP in $_SERVER['REMOTE_ADDR'] or $_SERVER['X_FORWARDED'].
Within the AWS hosted Docker containers
$_SERVER['REMOTE_ADDR'] contains an IP within the VPC subnet
$_SERVER['X_FORWARDED'] does not exist

AWS EC2 Public IP vs Private IP

I am new to using EC2 and have a question which hopefully is easy to answer - I have a public IP and DNS and a private IP and DNS for my EC2 instance. From my laptop workstation , I can ping public-IP , no problem. When I ssh to the public-ip from my laptop ssh ubuntu#public-ip this takes me to the private ip prompt ubuntu#private-ip. I believe the Network Address Translator is coming in the way and translating the public IP to the private IP and ssh's me in to the private IP. An ifconfig there shows me the private ip as expected. The problem is now I cannot do a ping laptop IP from the EC2 instance private IP as expected.
P:S. Here is an excerpt from the amazon.com that may be relevant here:
Each instance that receives a public IP address is also given an external DNS hostname; for example, ec2-203-0-113-25.compute-1.amazonaws.com. We resolve an external DNS hostname to the public IP address of the instance outside the network of the instance, and to the private IPv4 address of the instance from within the network of the instance. The public IP address is mapped to the primary private IP address through network address translation (NAT). For more information about NAT, see RFC 1631: The IP Network Address Translator (NAT).
What I want, is to be able to ssh to the public IP ( the prompt should show ubuntu#public IP instead of ubuntu#private IP ) so I can ping back and forth between my laptop and the EC2 instance.
Any help is greatly appreciated.
best
Rohan
The ping issue is unrelated to what you see.
What you see is always -- without exception -- how EC2 works, with public IP addessses. The instance is only aware of its own private IP, and the infrastructure handles an automatic 1:1 NAT between private and public addresses.
I touched on this in Why do we need private subnets in VPC?
If you can't ping the laptop, the problem is most likely on the laptop end.
Try to ping 8.8.8.8 from your EC2 instance. Or ping stackoverflow.com. Ping anything that is known to be pingable.
Alternately, use a remote looking glass, like this one to ping your laptop. Does it work?
If pinging from the instance to any destination doesn't work, then the only other explanation that comes to mind is that you might have changed the instance's outbound security group settings without understanding the implications of the change... or you've done something with iptables that wasn't what you intended... but I assume you would have mentioned these.
For SSH to private ip you should be in the private network of your VPC it can be done via VPN

SSH into EC2 binding to private IP, not public IP

I've got an EC2 instance which has been set up to access a secure server via a VPN. The second server will only respond to calls that are bound to the EC2 server's public IP address.
I'm successfully using ssh to access the EC2 instance from my laptop...
ssh -i mypem.pem ubuntu#ec2-my-public-ip-address.eu-west-1.compute.amazonaws.com
but my command line sets up as:
ubuntu#my-private-ip-address:~$
So, when I try and run a piece of java code on the EC2 server, which makes a call to the secure server via the VPN it is failing because it is using the private IP address as its identifier. The java code can't be provided here, because it is for a secure service, but it has been extensively tested with other examples and on EC2 and we know that there isn't a problem here.
I'm trying to see if there's a way to ensure that any code I execute from the EC2 server uses my public IP address rather than the private IP address is this possible?
The private IP address is the only IP address that an EC2 instance knows about.
The public IP address is translated to/from the private IP by the EC2 network infrastructure using automatic static NAT, so the instance is never actually aware of it.
Check ifconfig and you will notice that the public IP is nowhere to be seen.
Yet, if you $ curl ipv4.icanhazip.com (or any other "what is my IP?" service), you'll find that your instance's public IP address will always be returned as the address seen by the external service.
Using the private IP internally automatically causes the public IP address to be used when you access the Internet.
You can connect ssh or ftp tools with EC2 instance private IP.
1) You need to create an Elastic IP. Navigate to EC2 service > Network Security.
2) Associate this Elastic IP with EC2 instance private ip.
3) Update inbound rules in security group of your EC2 instance. Add SSH port 22 with source "My IP" option.
Now you can use terminal:
ssh ec2-user#<elastic ip>
Make user you have installed your EC2 key pair certificate. If not run following:
ssh-add -K <.pem file>

Unable to Access my own website from the Server console

I am having a weird issue hosting my web application. I am able to access the website from any other computer (from outside the network and from within the network) but unable to
access it from the Server!! (using the browser )
The details are as follows
Windows Server 2003
IIS 6.0
The system has got a private IP and a public ip
Accessing by Domain name/Public IP from external and intranet clients works fine.
Accessing by Private IP from the intranet clients works fine
Accessing by PrivateIP or localhost works from the server
Accessing by Public IP or Domain name from the server doesn't work!!
As an extra troubleshooting, I did
telnet localhost 443 - works
telnet publicip 443 - doesn't work
Maybe public IP isn't routeable from your server.
Verify what happens when you try to access publicip:
tracert publicip
Check your network settings:
ipconfig /all
Check your socket listenings:
netstat -a -n
Local firewall rules?
Also, there's always the issue of server loopback, wherein a server cannot resolve a named reference to itself from within the server. Most commonly occurs on intranets, or on SharePoint sites, I've noticed.
The problem was with our DNS settings. We recently changed from Public IP to Private IP and the DNS reply was somewhat messed up when we tried opening it from the Server!!.
Thanks for your answers!