I have created a Virtual Machine in Bluemix. I have installed NGINX web server on it. To access the web application that is deployed on NGINX, should I use a public IP address (for e.g. http://123.456.78.9) or is there a domain name associated with the instance (something like http://abcxyz.bluemix.net)?
When you launch any VM in cloud by default they should be not accessible from public internet unless you attach a public ip address to them.
Once you have attached a public ip address to your instance and configured the firewalls to allow incoming connections (http, ssh etc) you can update your DNS server to redirect traffic there.
AWS create a public FQDN at the time of launching the ec2 instances as
ec2-nn-nn-nn-nn-region-compute.com (where nn are ip address bits), not sure any similar thing with bluemix but it is less likely to have abcxyz.bluemix.
Related
I'm trying to setup an Azure SQL database using P2S VPN for users who are remote working. They are using some applications like SSMS and Visual Studio that require access to the database. We allow them to connect by white listing their IP addresses but we would like to stop this and to use the deny public network access option on the SQL server on Azure.
Whenever I try to connect using SSMS I get the following message:
I've followed the steps outlined in the documentation and tutorials on MS Docs but I have not been able to get the private endpoint to work with the database.
I have created the virtual network gateway and connected it to Azure Active Directory and I can see the sessions being created by the users as they log in.
I have created the virtual network using the address range = 10.1.0.0/16 and the subnet address range = 10.1.0.0/24. I have attached the private endpoint connection to the Azure SQL server and added the virtual network to the firewall.
Is there some setting required to allow the user to connect to the database from their PC without whitelisting IP addresses?
WAY 1:
You may Use domain name instead of IP directly from your virtual
network. So, you need some service in Azure which can translate domain
name to IP.
It is necessary to properly configure your DNS settings to resolve the private endpoint IP address to the fully qualified domain name (FQDN) of the connection string.
Use a DNS forwarder for on-premises workloads to resolve the FQDN of a private endpoint, to resolve the Azure service public DNS zone in Azure.
A DNS forwarder is a Virtual Machine running on the Virtual Network
linked to the Private DNS Zone that can proxy DNS queries coming from
other Virtual Networks or from on-premises. This is required as the
query must be originated from the Virtual Network to Azure DNS.
.
Use the host file on a virtual machine to override the DNS: Azure
creates a canonical name DNS record (CNAME) on the public DNS. The
CNAME record redirects the resolution to the private domain name
(privatelink.database.windows.net). You can override the resolution
with the private IP address of your private
endpoints. See azure-provided-name-resolution.
References:
Azure services DNS zone configuration and
on-premises-workloads-using-a-dns-forwarder
Refer this for connectivity troubleshooting using Private Link
See how to resolve-azure-internal-dns-from-your-on-prem-network
WAY 2 :
You may go for SQL managed instance which is another Azure SQL
PaaS offering .It is deployed with in VNet with no public service
endpoints and uses root and client certificates to authenticate in
azure.
(Go for this when one prefers not to use Private endpoint:)
To configure P2S VPN using certificates Refer :
configure-p2s-vpn-using-certificates-and-connect-to-sql-managed-instance-from-on-premise-machine.
Other references:
DNS-Client-Configuration-Options
DNS-Integration-Scenarios
DNS-Scenario-Using-AD
I have deployed an website in IIS using my public domain name on the same domain some applications already deployed in IIS.The issue is that when we deployed website then the application which is already deployed stop working.I used same port and public domain name for both website as well as application i.e while deploying website our hostname is public domain name to access website from outside.
when you host multiple applications under the same IP, domain and port the other one will stop working. so make them unique by changing one of the IP, port or domain.
or if you want to use the same binding for all site you can host as an application under that site.
for more detail you could refer this link:
Understanding IIS Bindings, Websites, Virtual Directories, and lastly Application Pools
The port must be distinct for every running service.
I am new to Amazon Web service. I created an Ubuntu 16 instance with AWS. Installed Apache and restarted the service. But still I am unable to figure out how to access the start page from a browser. Which IP address should I use? Public ip or elastic ip? Also do I need to change any configuration file? Thanks.
You need to use the public IP address, depending on your usecase you can even use an elastic IP address.
However you need to configure your security groups in order to access the web page.
Go to your security groups
Select the relevant security group
Add inbound rule to port 80 (TCP)
Then you will be able to access the page. Please refer this guide for more information.
You can use public ip / public DNS. These both will change upon restart of an instance. Elastic IP is useful when you want your IP address to be persistent. e.g. To make an entry in your domain DNS records.
Make sure your default site is pointing to correct directory as you are going to access using IP address.
If your instance is in VPC then it must be in public subnet. (subnet with Internet Gateway route attached)
My setup is an infinispan 8.1.2 server running on AWS using a distributed cache. For local development, I would like to be able to connect to the instance on AWS, but the server will only start using either 0.0.0.0 or the AWS private IP address. Since JGroups does not work with the 0.0.0.0 address it seems my only option would be to use the AWS private IP. But this address is not accessible remotely!
Has anyone else run infinispan server and tried to connect from a different subnet?
Not sure if this helps but anyway...
You do have a public IP address on AWS, which you can query with some HTTP command (check the docs).
Now, if you can add a NATting rule which forwards traffic between the private and public address, you could use external_addr and external_port in TCP to bind to the private address, but send traffic to the public address.
This would allow you to access a JGroups node from another subnet, or even the internet. You probably have to modify your security policy and expose the externally accessible ports. YMMV
I am trying to setup a web-server at home on PC.
I have an Static IP address (say 1.2.3.4 or Domain XYZ[dot]com), which I have configured on my router.
When I try to access, XYZ[dot]com or "1.2.3.4", it opens my routers login page.
On the other hand, Apache Server, installed on the PC, works fine. when I write localhost/index.html or 127.0.0.1/index.html - it opens that page.
QUESTION
How can I link the Public IP address to the Apache Server (or the website hosted on localhost on my PC)?
EXPECTED SOLUTION
If anyone visits "http://XYZ[dot]com", the website hosted on my PC is opened on his/her web browser.
The router's login page is usually accessed via a private IP. The router's admin interface shouldn't be made available to the Public Internet.
What you need to do is:
find out what your router's public IP is (you can use http://whatismyipaddress.com/)
setup port forwarding on your router. You want connections made to the routers public IP to be forwarded to your PC. Ex: Your router's public IP is 21.21.21.21 and your PC's private IP is 192.168.0.100. You need to configure a rule which says that any connection made to to 21.21.21.21:80 needs to be forwarded to 192.168.0.100:80
As for the http://XYZ[dot]com part you need to setup that domain pointing to your public IP with a com. DNS registrar and configure an apache virtual host for that domain (http://httpd.apache.org/docs/2.2/vhosts/)
If you have static IP ADDRESS then you don't need to do anything extra you just have to add apache exception in firewall then tick the checkbox under private and public column and you are done. then anyone can access your website all over the world.
You will need to create a permission for that port on your firewall and configure the ports on your router. Keep in mind that most internet providers have business and residential plans. In residential plans it is common for them to block access to ports 443 and 80 externally (enabling your router will not change that because the requests will not even arrive on it).
An excellent step by step for those who use linux and also want to set up a domain name