I have configured my Sonarqube server to be accessed using the reverse proxy mechanism provided by Apache server mod_proxy module.
My question here is, even after the above setup i will be able to access the sonarqube server by hitting the direct sonarqube url ex:http://localhost:9000.
Is there a way i can restrict the access to my sonarqube server only via Apache reverse proxy server, by making simple configuration changes may be in some sonarqube property files.
Or Any other solution for this requirement?
I am using the latest version of Sonarqube 6.1
Ragdu you have to bind SonarQube to localhost. In sonar.properties use : sonar.web.host=127.0.0.1
Obviously you will be able to browse from your server by accessing http://localhost:9000 but only from your server, you won't be able to access through http://{your_server_ip}:9000.
Binding the server to localhost is the correct option, but if for some reason you don't want to touch sonar.properties, or you need to switch to the 'two different boxes approach' you can use the system firewall to filter the access.
In the first case, you drop all packets coming from your network card to port 9000 (but you need to allow the access in the local interface).
In the second one you would only allow the Apache machine's IP to communicate with the port 9000 in the SonarQube machine, all other packets coming to port 9000 would be discarded.
Be careful, in the second case you should implement SSL between Apache and SonarQube or isolate both machines, otherwise the HTTP communication could be sniffed.
Related
I have a server running on my machine. I want to send a request to the server using different IP address to test a web application. I only have the machine on which the server is installed. I have been testing as a single user but now I would like to let the server think that the request is coming from a different ip address even though it is from the same machine. How can I do that?
Here are the 2 solutions that might be possible in your situation
1- To change the ip address :
Pick an ip from the free proxies here: http://www.freeproxylists.net/
And enter the info in firefox just like this page says:
http://www.wikihow.com/Enter-Proxy-Settings-in-Firefox
Note: You may pick a proxy with port 80.
Then you are good to go...
2- Or you might use a Virtual Machine installed on the same computer as the server and access the website right from it but beware not to use bridged connection.
I am trying to follow this tutorial. To train the Mahout engine they mention to use the command:
http://localhost:8080/kornakapi/train?recommender=itembased
This works. However I want to open up the server so that I can run this remotely. The code is running on a server at a specified IP address, let's call it 999.999.9.999. When I try
http://999.999.9.999/kornakapi/train?recommender=itembased
I get a 404 error. Obviously the server isn't setup to accept incoming connections (though phpMyAdmin works remotely). How can I setup the server to allow an external connection in this manner?
You need to configure your gateway to accept incoming requests. Access your modem and search for a setting that allows one computer on your LAN to open up all its ports. You have to enter in the computer's local IP
I have set up Subversion on my system. Without any changes its working fine on localhost. Now I want to access it from another network e.g outside my home network.
I tried to access it from global ip 116.128.**.**:3343/csvn/repository but nothing happens. And when I try to checkout in Eclipse it shows an error:
Target machine actively refused the connection.
I have also added the port no. in router.
As far as I see, the URL you've specified goes to your Subversion server's control panel, not repositories. I've found this:
By default, the Subversion Edge admin console listens for requests on
two ports:
3343 - This is the plain HTTP port
4434 - This is the SSL HTTPS port
To solve the issue you have to
Go to the Control Panel with your web browser and check what port your Subversion server listens to, e.g. 443/8443 for HTTPS and 80/8080 for plain HTTP.
Make sure that the port is properly forwarded on your router to the machine where the SVN server is installed.
Make sure that local firewall allows inbound connections to your Subversion server on the selected port.
It can be caused by a lot of different problems. One of the most common problems is, the server is having a firewall (or behind a firewall) which blocks incoming connection of unallowed port.
I have a Play application that I've deployed by running stage within SBT, and then running it from the command line using target/start. I've placed Nginx in front of it and, based on a sub-domain, I have two server blocks--one for port 80, and the other for port 443. The port 80 block just redirects to the https scheme on port 443. This all works great.
To recap:
http://play.mydomain.com/ redirects to
https://play.mydomain.com/ which is a proxy for http://localhost:9000
However, if I just go to http://mydomain.com:9000/, I get access to my Play application directly. There's no SSL, and there's no way I can figure out to keep anyone from accessing it.
What should I do? Should I use Nginx to redirect any access on port 9000 to the URL for the SSL version? Should I firewall port 9000 and only allow local requests on that port? (If so, how would I do that?) Is there some other way of dealing with this that I'm not thinking of?
And how long until the Servlet 3.1 spec is released and I can just deploy the whole thing as a WAR? :-)
You could make your Play application listen only on the local interface (127.0.0.1, for example). That way, nginx can still proxy requests to it but nobody from the outside can access your application directly. No additional firewall setup is necessary.
Looks like you can pass an additional argument to start:
$ start -Dhttp.port=9000 -Dhttp.address=127.0.0.1
I want to convert my pc to a web server. I installed centos server and apache server.
How I can make apache server public? I want to everyone access my web site on my pc via browser.
Thank you..
You have 2 ways, you can buy a domain and a static IP address for your computer (usually through the service provider) and configure your router and FW to allow access to the machine for port 80.
The other way is to use some sort of dynamic dns service like DynDNS to be able to bind a DNS to a dynamic IP address (you will need to run a daemon to update the account once in a while because your IP may change). The FW and router rules are still needed in this case as well.
After you do one of the these steps everyone should be able to access your apache server on your computer as long as it's on.