UPD Provider's fault
I think I have read all the instructions and have done everything I could, but it still doesn't work :(
List of things I have done so far:
in httpd.conf file of the Apache server:
ServerName 192.168.0.102:8080
...
# onlineoffline tag - don't remove
Require all granted
...
Listen 0.0.0.0:8080
Listen [::0]:8080
Then I have the following result:
C:\Users\Sam>netstat -na | find ":8080"
TCP 0.0.0.0:8080 0.0.0.0:0 LISTENING
TCP [::]:8080 [::]:0 LISTENING
So, I guess, no firewall interruptions..
Then I have forwarded the thing in my TL-WR842ND router as follows:
In DHCP I set static local IP of 192.168.0.102 to my MAC and forwarded port 8080 to that IP. Then I rebooted the router but the port is still closed.
I can access WAMP though localhost:8080, through 192.168.0.102:8080, but cannot access remotely through the public IP. I also tried to set DMZ to 192.168.0.102 but that also had no impact. I called my provider and they said that they allow port forwarding and the problem must be on my side. pls help :(
Turns out, I have a common IP address with multiple other users and I have to pay extra to my provider in order to be able to expose services to the outside. I believe that is called a non-routable IP address.
You can read about it here
Related
I Have configured Both Apache and Wildfly to use AJP in order to achieve the Proxy so i can produce Access-logs
Acccess Logs are Enabled from management profile of Wildfly
Port is listening on 8009
Apache has a Virtual Host listening on port 80
configured with the ProxyPass command.
Access Pattern is configured
and the result is receiving logs that have been proxied but not the original client ip is diplayed but only the loopback of 127.0.0.1
So am asking about a way to reveal the client Ip that requests the Apache Server.
syntax is okay and %a does display the 127.0.0.1
Thanks!
I have tried multiple access patterns (%a,%h,{i,xxx}...
I have tried both X-Forward-For ,X-Forwarded-For on Apache PreserveHost On etc..
I have tried tcpdump the port 8009 receiving 0 packets on the monitoring
I have read several questions here and still nothing is working.
I am trying to access my test site from a remote computer (either network or wan but i need wan eventually)
I just re-downloaded the newest XAMPP for windows 10.
I can go to localhost (also the other 3 names I setup in the host file to redirect to localhost) and of course 127.0.0.1 (localhost).
If I try and use my ip address of the computer or someone else trys my ip address on their computer, we get page cant be found (from chrome)
If I check apache access logs I see nothing about an access attempt.
Netstat -a shows these two records
TCP 0.0.0.0:80
TCP 0.0.0.0:443
TCP [::]:80
TCP [::]:443
I have gone to Windows Firewall -> Advanced Settings -> Inbound rule. Here it shows that appache has 2 rules, one for UDP and one for TCP allowing all ports.
I have gone to my rounter and port forwarded 80 & 443 (which is what xampp is running on) and still nothing
I even have put my computer in a DMZ. I also turned off the windows firewall. (all back on after testing of course this is dangerous).
Xampp has no locationmatch in xampp-http.conf like other questions.
My vhost file has the directory setup like this:
<Directory "C:/Users/username/Desktop/git repos/stats-website">
AllowOverride All
Order Allow,Deny
Allow from all
Require all granted
</Directory>
This is my testing rig and I am now testing an API that is being accessed externally before I send it to the production server. I have been at this for 2 days and out of all possibilities
UPDATE
I have solved the issue somewhat. I can now get to it from everything except localhost or 127.0.0.1
In httpd.conf I changed it from just Listen 80 to Listen pcipaddress:80. I thought listen 80 defaulted to binding on more than just localhost
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#
Listen 192.168.1.241:80
#Listen 80
How do I do it so it works both localhost and also remote connections?
I have the following setup:
one public IP
2 different domain names pointing to the same IP above: domain1.com and domain2.com
2 different ssl certificates: one for domain1.com and one for domain2.com
2 physical machines on the same LAN (192.168.1.10 and 192.168.1.20) running Apache2 and debian 8.5
I tested both servers indipendently forwarding the 443 port traffic to either of the machines. They work nicely.
Now, I am forwarding all port 443 requests arriving to the public IP to the first server at 192.168.1.10 and I would like this server to act as a https server for https://domain1.com and redirect the requests for https://domain2.com to address 192.168.1.20
I have tried to configure a reverse proxy in the first machine. It does redirect the requests for domain2 to the machine at 192.168.1.20 BUT it serves the certificate for domain1.
How can I configure reverse proxy as to present the right certificate for each one of my servers?
thank you in advance.
julia
Easiest "solution" (well, workaround) would be to use a single certificate that contains both hostnames. If you cannot do that, then you need to configure Apache SNI, like so: SSL with Virtual Hosts Using SNI
As some suggested I tried to use the Apache2 reverse proxy.
This somehow works but you have to install all the certificates on the machine running Apache2. Thus the trafic on the lan is no longer https which does not satisfy my requirement.
The solution is to use haproxy. This package can be set up as a pass through for https. There are many examples of such applications on the internet. It does exactly what I am asking for: I can host many https servers on a lan behind a nat router with one single public IP. The trafic is sent by haproxy as https to the indicated server on the LAN. If anyone is interested, I will be glad to share my config file solving precisely the problem I set out in my question.
To Robert M:
here is my configuration to be added at the end of the default haproxy.cfg file:
frontend ft_https
mode tcp
option tcplog
bind *:443
tcp-request inspect-delay 5s
tcp-request content accept if { req.ssl_hello_type 1 }
acl domain1_com req.ssl_sni -m end domain1.com # all url ending with domain1.com
acl domain2_com req.ssl_sni -i www.domain2.com # exactly www.domain2.com
use_backend b_domain1_com if domain1_com
use_backend b_domain2_com if domain2_com
default_backend b_default
backend b_default
mode tcp
option tcplog
server srv_default 127.0.0.1:1443
backend b_domain1_com
mode tcp
option tcplog
server srv_domain1 192.168.1.10:1443
backend b_domain2_com
mode tcp
option tcplog
server srv_domain2 192.168.1.20:443
I had to change the https port for apache on the first server to 1443 because both haproxy and apache cannot bind to the same 443 port as they reside on the same machine, but it is transparent to the user.
When I run Apache and have it configured to listen at ports 80 and 443, is it only listening for local traffic on my network? How can I tell if my server is visible to the web? (I want to keep it private for local development purposes) I think that for others to have access to my server, I would have to actually open up ports 80 and 443 on my router, but I have to say I'm pretty confused. Any help would be appreciated!
The ports have nothing to do with whether it's visible on the web. It's the IP address that the server is listening on and whether that IP address is allowed, to accept inbound connections if there is a firewall in front of it. So if you are using Localhost or an RFC 1918 IP address, then there is nothing to worry about. It has to use a publicly accessible IP address or hostname.
When Apache starts, it binds to some port and address on the local
machine and waits for incoming requests. By default, it listens to all
addresses on the machine. However, it may need to be told to listen on
specific ports, or only on selected addresses, or a combination of
both. This is often combined with the Virtual Host feature, which
determines how Apache responds to different IP addresses, hostnames
and ports.
https://httpd.apache.org/docs/2.2/bind.html
Also if you are behind a router, until you port forward your router on 80 or 443, nothing is going to get through from the outside.
You did not specify the OS/distribution you are using so it's a little hard to guess where you apache.conf or httpd.conf is located, you need to find it (including the ssl.conf file).
Somewhere right at the top you will find a few lines talking about "Listen: allows you to bind apache". You can limit this to your network of your local computer including localhost, now assuming you ipaddress is 192.168.10.1:
Listen 127.0.0.1:80
Listen 192.168.10.1:80
A little further down you will find a section talking about "DocumentRoot", right after that it will talk about "Directory", make it look like:
<Directory />
Order Allow, Deny
Deny From All
allow from 192.168.0.0
allow from 127.0.0.1
</Directory>
and depending where your document root is:
<Directory /var/www>
Order Allow, Deny
Deny From All
allow from 192.168.0.0
allow from 127.0.0.1
</Directory>
This will only allow local traffic to get to your server. You need to make sure that your ip address is within the range of 192.168.0.0.
Note that you need to do the same in the file called "ssl.conf".
Ok so I configured my apache installation on Windows 7 such that it listens on port 8080 by changing the respective entry in httpd.config.
I was too stupid to realize that now I have to access localhost with :8080 at the end.
Question: is there a way to have my box automagically resolve localhost to 127.0.0.1:8080 ? I don't like haviog to type :8080, and NO I CANNOT change the port to 80, I need that one for firewall.
Thanks
no. hostnames have nothing to do with ports. You'll have to specify the port yourself, or set up a proxy on the usual port 80 that will do the 8080 requests on your behalf. ... or bite the bullet and use port 80 directly and move your firewall elsewhere.