Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
I have 100 clients. Each client has unique username, password and two channels (users can't connect to different channels apart from their own). Should I create VirtualHost for each user?
How to write proper user permission to the below situation?:
my_user can connect only to vahost called user_vhost using username and password
my_user can consume only from the user_channel channel
my_user can publish only to the user_channel channel
my_user can connect remotely
Thank You!
Virutal host in RabbitMQ is more like a logical container where a user connected to a particular virtual host cannot access any resource (exchange, queue...) from another virtual host. I always think about it like a administrative domain kind of thing.
Based on what you have explained, I think having a virtual host per user is a good way to keep things simple and clean. Also, this way you do not need to come up with complicated permissions rules, just grant permissions based on virtual host.
Related
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 7 months ago.
Improve this question
I created a public SSH key on my local computer and added it to my github account.
Now I want to connect to my server (online) via terminal, in order to clone my git project to the server of my provider.
In an online tutorial to connect they suggest:
ssh root#< IP-ADDRESS OF THE SERVERS>
But in my server settings I can online find the following data:
SSH-Hostname,SSH-Username,SSH-Port,SSH Fingerprint
Is it possible to connect also with Hostname and Username? Because I cannot find the ip address of my provider.
Thank you
This isn't really on topic here (stackoverflow), but I'll put in a quick answer anyway: ssh makes a network connection to an ssh server, therefore ssh needs a network address for the server. This need not be an IP address, except for one other issue, which is that the ssh protocol is defined as a TCP protocol and TCP runs over IP (v4 or v6).
That said, almost all networking systems have a mechanism for translating a host name to a set of addresses (some of which may be IP addresses; others might be XNS or IPX or some such: see What is Address Family?). So you just need user#host, and something—OS and/or library dependent—will look up the proper IP address. You can leave off the user# part in some cases.
If (this is a pretty big "if") your system can't translate the host name to an IP address, or does it incorrectly, then you can resort to a raw IP address. This bypasses the translation step. If you don't trust your translation software, you can do this intentionally.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
I have a site on AWS with an SSL. The site is an ec2 instance and runs WordPress.
I wanted to move the site out of Wordpress, so I have a different ec2 instance with the new site.
The domain will remain the same and I want to minimize downtime during the switchover. Can I get a new SSL for the new site before the domain DNS points there? I know the connection won't show it's secure until the SSL it matches the domain.
Is there another way to handle the migration?
If the domain isn't changing then as far as SSL is concerned neither is your site. You just need to properly configure the new site to use the same SSL certificate. To minimize downtime move the AWS Elastic IP to the new ec2 instance during migration. If done correctly you'll have no downtime at all.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
Suppose I have an existing ldap and I want to integrate users from one or more existing external databases under a dn called
dn: ou=users,dc=example,dc=com
Is that possible?
EDIT:
Maybe I was a bit to vague:
I have external databases containing users which have to be integrated into ldap. I want to do this without having to add them to the ldap database.
I'm not sure what you mean by "integrating users" there. Is what you're trying to do something like this?
ldapsearch -h my.ldap.server -b ou=users,dc=example,dc=com "cn=somebody"
…where my.ldap.server is the LDAP server your applications are talking to, but the data you're seeking is on some other server under the naming context ou=users,dc=example,dc=com. And, you want my.ldap.server to interface with that server and bring the data? Transparent to your apps?
If that's the case, you can use an LDAP proxy which could relay the requests based on context rules. It can act as the single data source, providing a layer of abstraction between your LDAP clients and LDAP servers which may host different types of data.
Alternatively, you can use a virtual directory server product that can also act as a single data source. Virtual directory servers usually provide more features including support for multiple protocols, not just LDAP. They can also act as bridges which can interface with relational databases.
The first solution, LDAP Proxy, is usually quite sufficient if you are trying to virtualize only LDAP servers.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
This is most likely not possible, but I'm just asking this to check... I'm just thinking out loud here...
So, SSH keys are very useful for logging into a server. Use SSH, and your SSH keys increase security to the server while also making it easier to manage several servers or other programs with one SSH key. Also, by unlocking the key when you login, there is even less need to type the password over and over again. So, I was wondering... is there a way to use SSH keys for website user verification? I am not talking about large, public websites, but about small, controlled systems that are used by specific users whose OS/browser can be controlled. Is there a way to integrate this? For this to work I assume the private key would need to be transferred over the web, so let's say we have SSL running to make this not insecure. Is such a thing possible? In an ideal situation, I log in to a website and it will see that my private key matches the public key that is installed, and voilá, I'm in!
It's called a client certificate, and you import it into your browser.
From technical point of view SSH keys represent public key cryptography scheme, and this is what X.509 certificates do in SSL. So what you need is certificates (client-side one if you want to authenticate the client on the server).
And no, private keys are never transferred across the net. They are used in certain operations for exchange of session key.
AuthUserFile /home/hafizni/.htpasswd
AuthGroupFile /home/hafizin/.htgroup
AuthName hafizin page
AuthType Basic
require group my-users
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 11 years ago.
Improve this question
For example,
I have a nginx server as a front-end and two apache servers with mod_php.
As you know, php has sesssion support, which set a cookie identifying the SESSION ID but the real data is stored at the server.
When a user is set with this kind of cookie by one apache server, will his other HTTP requests be fowarded to the same apache server before the session/cookie expires ?
Out of the box, no, the requests will not necessarily be forwarded to the same server, so your application using sessions will be broken.
Go to your favorite search engine and type "nginx affinity" and "nginx sticky" for solutions.
Yes, it will do that if you follow the documentation for multiple back-end servers usage:
http://wiki.nginx.org/HttpUpstreamModule
But better consider storing sessions in a some sort of shared storage, e.g. Memcached or a database.