Mixpanel is using "SoftLayer" which blocks all the request from IPs coming from Iran. Is there a workaround to redirect these request to IPs in another country to be able to bypass their filter and send the data to Mixpanel?
There are multiple ways depending on your configuration and platform
what is your hosting? If its shared then your options are limited but if you deployed your application on a dedicated server or VPS you can route your traffic via transparent proxies or through a vpn tunnel. And there are many services for that either!
for example Squid is a well-documented and easy to use service for that! But keep in mind that it works better on linux! you can read these articles for configuring a transparent proxy with squid: On Ubuntu, On CentOS
But given the circumstances I recommend using an open-source analytical system such as:
Matomo (formerly known as Piwik)
Open Web Analytics
Heap (a famous iranian event site (Evand) was using Heap)
You can connect through a VPN tunnel. It works the way that you connect to a computer somewhere else (in your case in another country) and then you connect from that computer to the rest of the internet. So from the rest of the internet it looks like you're somewhere else.
You can check out ProtonVPN, they have VPN tunnels through a bunch of countries.
Related
I have a nodeJS web application with Express running on a Digital Ocean droplet.The nodeJs application provides back-end API's. I have two react front-ends that utilise the API's with different domains. The front-ends can be hosted on the same server, but my developer tells me I should use another server to host the front-ends, such as cloudflare.
I have read that nginX can enable hosting multiple sites on the same server (i.e. host my front-ends on same server) but unsure if this is good practice as I then may not be able to use cloudflare.
In terms of security could someone tell me If I need nginx, and my options please?
Thanks
This is a way too open-ended question but I will try to answer it:
In terms of security could someone tell me If I need nginx, and my
options please?
You will need Nginx (or Apache) on any scenario. With one server or multiple. Using Express or not. Express is only an application framework to build routes. But you still need a service that will respond to network requests. This is what Nginx and Apache do. You could avoid using Nginx but then your users would have to make the request directly to the port where you started Express. For example: http://my-site.com:3000/welcome. In terms of security you would better hide the port number and use a Nginx's reverse proxy so that your users will only need to go to http://my-site.com/welcome.
my developer tells me I should use another server to host the
front-ends, such as cloudflare
Cloudflare does not offer hosting services as far as I know. It does offer CDN to host a few files but not a full site. You would need another Digial Ocean instance to do so. In a Cloudflare's forum post I found: "Cloudflare is not a host. Cloudflare’s basic service is a DNS provider, where you simply point to your existing host.".
I have read that nginX can enable hosting multiple sites on the same
server
Yes, Nginx (and Apache too) can host multiple sites. With different names or the same. As domains (www.my-backend.com, www.my-frontend.com) or subdomains (www.backend.my-site.com, www.my-site.com) in the same server.
... but unsure if this is good practice
Besides if it is a good or bad practice, I think it is very common. A few valid reasons to keep them in separated servers would be:
Because you want that if the front-end fails the back-end API continues to work.
Because you want to balance network traffic.
Because you want to keep them separated.
It is definitively not a bad practice if both applications are highly related.
I have set up a LAMP server on a Raspberry Pi on my home network. I would like to expose the pi to the internet by opening up ports 22 and 80 on my router so i can ssh into it as well as use any web services i set up on it.
This is a little pet project I'm using to learn more about networking, server setup and linux in general - with only a cheap RPi which i can wipe and start again easily anything goes wrong. I do plan to put it on a separate subnet to the other devices on the home network, just in case.
(Yes, i know this is a little much for a raspberry pi - this is just a learning exercise and a proof of concept before i throw money at this to build a rig for it)
My understanding is that SSH is already secure, so i don't have to worry about my username and password being seen across the web when i want a terminal session.
My concern is that if i send anything to a web service (such as a wordpress or phpmyadmin password) it'll be clear to see on the web. How can i stop this?
My plan was SSL, but from what I've read, an SSL certificate needs a domain name for a certificate to be issued by most places. When all I'll be doing is pointing to a static IP from my ISP on the devices I'll be using.
The other use i have planned for it is as a mysql server for my kodi boxes to use for the library data so my devices can share data (the videos live on another server running windows). So other devices on a local network need to be allowed access to mysql easily without the silly level of security the internet-side requires. I assume this will be easily possable alongside my other use cases as I'd not be opening the port for it on the router and the only things that would access msql are local network devices, and services on the mysql host itself
Are any of my assumptions or conclusions wrong?
Are there any better ways to achieve what I'm after than what I'm describing?
Is there a preferred way to interact with the Pi if i just wanted it to set off a specific script? (say send a wake-on-lan packet to a specific computer)
Is there a way for me to have the web server onllly communicate with specific devices that i have the appropriate keys/certificates loaded onto so that i can be certain that I'm the only one with access?
Are any of my assumptions or conclusions wrong?
Using a username/password combo for SSH is probably secure enough, but it's generally more secure to use a public/private SSH key pair.
Your assumptions about MySQL seem sound. Just make sure to have some authentication on the server just in case you have a nosey houseguest on your WiFi. :)
Are there any better ways to achieve what I'm after than what I'm
describing?
A couple options that come to mind:
You could generate a self-signed certificate for the web server and then manually copy that onto your client devices. I think this would allow you to get around the requirement for a domain name.
You could set up a secure VPN into your home network. This way you wouldn't have to expose your web/SSH servers to the world.
Is there a way for me to have the web server only communicate with
specific devices that i have the appropriate keys/certificates loaded
onto so that i can be certain that I'm the only one with access?
The VPN option mentioned earlier would allow you to do this.
You could restrict access to the Apache server to only devices with specific client certificates: https://stackoverflow.com/a/24543642/2384183
I created an api using SLIM framework, but the services are not accessible to public as they are limited to localhost. how to host the services on a realtime server, so that, they can be accessible from anywhere?
please some one help me
This question requires more detail in order to answer properly.
If you are hosting your API on a windows server, then it is likely you have configured some kind of "WAMP" stack, correct? Or maybe serving PHP through IIS? This are important questions because we need to know what port you have bound your web application server to, which leads us to the next question...
Where are you hosting the server which is running the application which bound to what port?
Ultimately, a public, external IP will need to be either:
a. NAT'ed to the internal IP of your web server instanced
b. Port-forwarded to the internal IP of the server running your web application
Still, we are making a lot of assumptions here because getting a web application "accessible from anywhere" will require different work depending on your environment.
Here is the most basic example:
You are at home, running this API on your Windows workstation and will like to be able to hit it from a remote location.
Ensure Windows firewall allows inbound traffic to the port on which your application is running (probably port 80/HTTP, maybe 443/HTTPS).
Log into your ISP's router and configure port-forwarding to ensure inbound traffic on, say, port 80, is routed to the internal IP of the workstation running the API.
That's all there is to it.
Keep in mind that this also assumes that your ISP even allows you to expose your own web server to the internet on port 80 (or 443). Also, since we know nothing about your environment, this is all pure conjecture. Please provide more information you would like a real answer.
The most traditional way to host Slim Framework, would be through Apache. Install Apache and be sure you have the proper network settings to allow inbound connections, but more information about your setup could be needed for proper guidance.
http://httpd.apache.org/docs/2.4/platform/windows.html
When Apache is installed and working, you need to set Rewrite rules on the URL, information on that can be found on http://docs.slimframework.com/routing/rewrite/.
Your question on the verge of off topic, it probaly is, but read up on what questions can be asked and not, here on Stackoverflow, hope i could help.
I'm interested in using Fiddler to inspect HTTP(S) API traffic on my home network. I want two networks/routers; "Normal" and "Fiddler". I want the devices to easily connect to either network. I do not want to manually configure/unconfigure proxy settings when moving devices between normal and Fiddler proxy network. I just want to select a new access point and have the device work. How can this be done? Will some kind of port-forwarding on the "fiddler" router suffice?
After several weeks of experimentation and discussion, my conclusion is that neither Fiddler nor Charles Proxy support transparent proxy which is key to making a simple router setup work. OTOH, mitmproxy does work well. mitmproxy runs on OS/X and Linux. For Windows there are two options, mitmdump is a UI-less version of mitmproxy, and mitmweb (available but not presently released) has a very promising UI.
Indeed you easily configure a router to gateway to a mitm system. From there mitm will show http requests and responses. If you want to see HTTPS, you'll simply need to have the device accept an mitm certificate. Do so by visiting the special domain name http://mitm.it and follow instructions.
For a more detailed discussion see Best Way to Inspect HTTP(S) APIs of Many Devices
I wrote up the procedure for configuring a router to proxy client traffic to a transparent proxy. Works great with MitmProxy. The beauty of this approach is that you can simply connect a client device, wired or wireless, to the router and HTTP(S) traffic will be displayed by MitmProxy. No need to fiddle with each device's proxy settings. You simply choose the router's network, when done you flip back to the usual router.
Best Way to Inspect HTTP(S) API Traffic in a Multi-Platform Multi-Device Environment
http://fiddlerbook.com/fiddler/help/hookup.asp --- have you checked this? I think this helps.
Trying to figure out the best way to easily connect a bunch of client machines running WCF service to a LAMP server on a wide area network....
Currently just set up set up each client with DynDNS, and port forwarding at the router... Absolutely not the best situation for deployment.
Ideally would like to have a simple program they run which automatically connects them to the LAMP server....
Can anyone point me in the right direction?
Should I be looking at Reverse SSH, Windows Azure AppFabric ServiceBus?
This is one the scenarios that Service Bus relay was created for. With the relay, a sort of tunnel is established via ServiceBus between your WCF services and your clients, independently of where each party is deployed (as long as both have internet access, that is).
This article has a tutorial on an scenario that's very similar to what you describe:
http://www.windowsazure.com/en-us/develop/net/tutorials/hybrid-solution/
A reverse proxy would certainly be relevant here.
There are a number of ways to provide this. You mention using a LAMP stack so I'm assuming that you are using Apache as a web server.
You need a couple of optional Apache modules. Proxy and Reverse Proxy.
Typically you would assign a virtual "folder" to each actual app:
https://server/app1
https://server/app2
The reverse proxy would forward requests through to the actual, internal server/port:
https://server/app1 -> http://localhost:8000/
https://server/app2 -> http://localhost:8001/
(or whatever configuration you want)