Jelastic configure firewall - iptables

I'm using Jelastic for my application and I just installed the Apache for it. The problem is that I need to set up a firewall for it, like iptables or other, after all is a web application and it needs security.
How can I do that?
The host said to me, that the only way is to use VDS and I should configure a VDS for me, installing Apache, FTP and transfer my application to there.
But I can believe that there is no way to protect the Apache.
Thank you in advance.

The available options vary depending on your hosting provider. For example, the Jelastic platform gives hosting providers and private cloud customers the ability to define a set of default firewall rules for each newly provisioned node.
Additionally, since Jelastic 4.1, there is an option for the provider to define additional custom firewall rules for any specific container. At the moment this functionality is only accessible from the provider's side, so it means you need to work with your provider's support team.
If you don't want to do that, or your chosen Jelastic provider does not offer good support, you can either:
Use an unmanaged node type in your Jelastic environments, such as the Elastic VPS or Docker nodes. Here you have full root access to define whatever firewall rules you desire.
Use application server rules to restrict access according to IP. E.g. inside your httpd.conf (which you already have full access to customise)

In the recent release, Jelastic introduced a possibility to manage inbound and outbound firewall rules on the container level right through the interface. The detailed instruction is here.

Related

Is nginx needed if Express used

I have a nodeJS web application with Express running on a Digital Ocean droplet.The nodeJs application provides back-end API's. I have two react front-ends that utilise the API's with different domains. The front-ends can be hosted on the same server, but my developer tells me I should use another server to host the front-ends, such as cloudflare.
I have read that nginX can enable hosting multiple sites on the same server (i.e. host my front-ends on same server) but unsure if this is good practice as I then may not be able to use cloudflare.
In terms of security could someone tell me If I need nginx, and my options please?
Thanks
This is a way too open-ended question but I will try to answer it:
In terms of security could someone tell me If I need nginx, and my
options please?
You will need Nginx (or Apache) on any scenario. With one server or multiple. Using Express or not. Express is only an application framework to build routes. But you still need a service that will respond to network requests. This is what Nginx and Apache do. You could avoid using Nginx but then your users would have to make the request directly to the port where you started Express. For example: http://my-site.com:3000/welcome. In terms of security you would better hide the port number and use a Nginx's reverse proxy so that your users will only need to go to http://my-site.com/welcome.
my developer tells me I should use another server to host the
front-ends, such as cloudflare
Cloudflare does not offer hosting services as far as I know. It does offer CDN to host a few files but not a full site. You would need another Digial Ocean instance to do so. In a Cloudflare's forum post I found: "Cloudflare is not a host. Cloudflare’s basic service is a DNS provider, where you simply point to your existing host.".
I have read that nginX can enable hosting multiple sites on the same
server
Yes, Nginx (and Apache too) can host multiple sites. With different names or the same. As domains (www.my-backend.com, www.my-frontend.com) or subdomains (www.backend.my-site.com, www.my-site.com) in the same server.
... but unsure if this is good practice
Besides if it is a good or bad practice, I think it is very common. A few valid reasons to keep them in separated servers would be:
Because you want that if the front-end fails the back-end API continues to work.
Because you want to balance network traffic.
Because you want to keep them separated.
It is definitively not a bad practice if both applications are highly related.

How can I use Mixpanel in Iran?

Mixpanel is using "SoftLayer" which blocks all the request from IPs coming from Iran. Is there a workaround to redirect these request to IPs in another country to be able to bypass their filter and send the data to Mixpanel?
There are multiple ways depending on your configuration and platform
what is your hosting? If its shared then your options are limited but if you deployed your application on a dedicated server or VPS you can route your traffic via transparent proxies or through a vpn tunnel. And there are many services for that either!
for example Squid is a well-documented and easy to use service for that! But keep in mind that it works better on linux! you can read these articles for configuring a transparent proxy with squid: On Ubuntu, On CentOS
But given the circumstances I recommend using an open-source analytical system such as:
Matomo (formerly known as Piwik)
Open Web Analytics
Heap (a famous iranian event site (Evand) was using Heap)
You can connect through a VPN tunnel. It works the way that you connect to a computer somewhere else (in your case in another country) and then you connect from that computer to the rest of the internet. So from the rest of the internet it looks like you're somewhere else.
You can check out ProtonVPN, they have VPN tunnels through a bunch of countries.

Hosting Slim Framework Rest API in Windows

I created an api using SLIM framework, but the services are not accessible to public as they are limited to localhost. how to host the services on a realtime server, so that, they can be accessible from anywhere?
please some one help me
This question requires more detail in order to answer properly.
If you are hosting your API on a windows server, then it is likely you have configured some kind of "WAMP" stack, correct? Or maybe serving PHP through IIS? This are important questions because we need to know what port you have bound your web application server to, which leads us to the next question...
Where are you hosting the server which is running the application which bound to what port?
Ultimately, a public, external IP will need to be either:
a. NAT'ed to the internal IP of your web server instanced
b. Port-forwarded to the internal IP of the server running your web application
Still, we are making a lot of assumptions here because getting a web application "accessible from anywhere" will require different work depending on your environment.
Here is the most basic example:
You are at home, running this API on your Windows workstation and will like to be able to hit it from a remote location.
Ensure Windows firewall allows inbound traffic to the port on which your application is running (probably port 80/HTTP, maybe 443/HTTPS).
Log into your ISP's router and configure port-forwarding to ensure inbound traffic on, say, port 80, is routed to the internal IP of the workstation running the API.
That's all there is to it.
Keep in mind that this also assumes that your ISP even allows you to expose your own web server to the internet on port 80 (or 443). Also, since we know nothing about your environment, this is all pure conjecture. Please provide more information you would like a real answer.
The most traditional way to host Slim Framework, would be through Apache. Install Apache and be sure you have the proper network settings to allow inbound connections, but more information about your setup could be needed for proper guidance.
http://httpd.apache.org/docs/2.4/platform/windows.html
When Apache is installed and working, you need to set Rewrite rules on the URL, information on that can be found on http://docs.slimframework.com/routing/rewrite/.
Your question on the verge of off topic, it probaly is, but read up on what questions can be asked and not, here on Stackoverflow, hope i could help.

Domain Name Server on Windows for locally hosted websites

I have a half-dozen domains (with associated domain names), hosted locally on Windows/Apache and accessible to the wider internet. At the moment, the name servers are provided by my domain name register at extra cost. I would like to host a domain name service (on the same machine as is hosting the websites).
I have tried BIND without success, I was unable to configure it correctly. I was confused about zones and the syntax of configuration, as well as how to test if it is configured correctly!
Most guides seem directed at users who wish to replicate DNS entries for local caching, whereas I simply want to host a name server (locally) which directs users to my local machine, when they request any of the half-dozen websites I host.
Is there a simple application to host limited Domain Name Service this on Windows (Vista Business), or an obvious tutorial that I haven't found yet? Or was I on the right track with BIND and missing something?
Bind is probably the best choice. The guides you're referring to are talking about configuring a caching resolver. What you want is an authoritative name server. Bind can be a pain to configure because there are so many options, but it's probably worth persevering.
Depends what your budget is..
The DNS Server on Windows 2003 Server is pretty good and easy to configure.
There's a bunch of alternatives list here:
http://en.wikipedia.org/wiki/Comparison_of_DNS_server_software
Simple DNS Plus could maybe do the trick for your case, but I haven't tried it.
Another option is maybe to use Bind and try to find a GUI for it, there's a few existing, usually web based, like webmin and such...

Why do some setups front-end Glassfish with Apache?

I've been trying to mug up on Glassfish and one thing that keeps coming up is the "how-to" on fronting Glassfish with Apache. Unfortunately, I have yet to find a description of why you would want to do this!
From my experimentation, Glassfish seems like a pretty fully featured web server-type service; but I might be missing a lot. So, is the notion of front-ending Glassfish more of a solution to integrate it with an existing architecture, or does front-ending (in a pure Java environment) provide extra benefits?
There's also another valid use case as to why we front Glassfish with Apache. Apache in this instance would function as a reverse proxy for increased security of your Glassfish. The RP is configured to allow only certain URLs to be passed through to the application server. For e.g., you may have app contexts /myApp and /myPrivApp deployed in Glassfish. In the RP server, you only configure /myApp to be passed to Glassfish. Anybody requesting for /myPrivApp would see a 404 'cos the request stops right at the RP level.
In one of my deployments, I have a bunch of WARs deployed, some for users coming from the internet, some for intranet only. I have 2 RPs running, one for internet users and the other for intranet. I configure the internet RP to only allow URLs for approved internet applications to pass through while intranet users get to see everything.
Hope that helps.
It is usually used to speed things up. Since apache is a very fast web server it is used to deliver static content. Like images, CSS files and so on. Glassfish serves the dynamic content (servlets, JSPs) in this scenario.
Another reason for using Apache as a frontend to Glassfish is the possibility to provide load balancing across a Glassfish cluster. See http://tiainen.sertik.net/2011/03/load-balancing-with-glassfish-31-and.html for details.
A other reason is that glassfish cannot run (easily) on port 80, without giving it root rights of course.
So, for most users it's easer to run a proxy (apache, nginx, varnish) some sort in front of apache and have both servers run under a normal user.
Then you have a other advantage of some configurations options of your front end. Like others mentioned, caching for example.