I need a way to use Glassfish 3.1.2.2 admin service (REST call to deploy and configre) from a remote machine and from local machine (command line and applications).
It is clear that for remote access it is necessary to enable secure admin. If we enable secure admin it will break all local access from applications. These application can not be changed to using https to access the admin service. Only thing I can change is that we can use a different port.
I see two possible ways for me:
Using a hack. So I can administrate with secure administrate disable. So I can use plan http. For use a possible solution, because this machine used internally in a test environment.
Configure Glassfish that we can use admin service remote via secure access https and from a local environment with http.
We prefer solution 1, because it fit better in our environment and we have lesser effort. At the moment I see no way or exist a solution (not for production)?
I tried something for solution 2, simular to http-listener-1 http-listener-2. So use two ports 4848 for local unsecure access and as example 4949 for remote secure access.But I always fail with configuration. So I start with a step by step configuration. First enable admin interface oon two ports and as second step I want to add the secure access to the new port admin-listener. But I got only one of the ports working.Please can anyone help me with target configuration? Any domain.xml will be welcome.
Thanks florian
You can try to use SSH and run asadmin utilities from remote machine.
Related
I am using Ansible in my current application to deploy my code. I using SSH connections to connect to servers(host) ,where code needs to be deployed. We are migrating to new servers where SSH connection is not available only webssh connection is available.
Can i still use ansible to connect to new servers?
With webSSH, webterminals, Ajax terminals, and such solutions you make it possible to access the SSH service via your web browsers. The necessary code is usually made of JavaScript, Ajax, Websockets or others.
Can I still use Ansible to connect to new servers?
Out of the box there is connection plugin I am aware of.
If you have connection module available which addresses your webterminal, probably yes. An other option can be to use REST API if such is implemented in your webterminal.
I have recently launched the Bitnami Wildfly on Google Compute Engine. I have done all the configuration and everythings is working fine except for the management interface which give an error message:
The management interface could not be loaded.
Authentication required.
I know i have to create a tunnel via SSH with Putty, I did that and I am able to access the server terminal. The Tunnel i created is to allow connections via localhost:9999 from the remote port 9990.
I have also tried editing standalone.xml and changed the interface to accept connection on , that too did not work.
Kindly assist.
Solved: It appears that when configuring the tunnel use 127.0.0.1:9990 instead of localhost:9990, I guess this is because the standalone.xml is configured to accept connections on 127.0.0.1.
I'm using Jelastic for my application and I just installed the Apache for it. The problem is that I need to set up a firewall for it, like iptables or other, after all is a web application and it needs security.
How can I do that?
The host said to me, that the only way is to use VDS and I should configure a VDS for me, installing Apache, FTP and transfer my application to there.
But I can believe that there is no way to protect the Apache.
Thank you in advance.
The available options vary depending on your hosting provider. For example, the Jelastic platform gives hosting providers and private cloud customers the ability to define a set of default firewall rules for each newly provisioned node.
Additionally, since Jelastic 4.1, there is an option for the provider to define additional custom firewall rules for any specific container. At the moment this functionality is only accessible from the provider's side, so it means you need to work with your provider's support team.
If you don't want to do that, or your chosen Jelastic provider does not offer good support, you can either:
Use an unmanaged node type in your Jelastic environments, such as the Elastic VPS or Docker nodes. Here you have full root access to define whatever firewall rules you desire.
Use application server rules to restrict access according to IP. E.g. inside your httpd.conf (which you already have full access to customise)
In the recent release, Jelastic introduced a possibility to manage inbound and outbound firewall rules on the container level right through the interface. The detailed instruction is here.
I want to make my site available world wide. Im using xampp server for hosting. I have no access to any kind of servers and modems. Situation is shown below:
My site server has local ip assigned by wifi router and it runs Windows 8.
Remember I have no access on any kind of servers and modems so port port-forwarding is impossible (out of my scope).
Its actually difficult, but not impossible.
One way, I would approach this is:
I would host a page on internet.
Then take request and store it in database.
One of my program will always be running from my computer.
Then check for request and curl the request to localhost. For this you may use Node.js (taking data from database using GET method and curl it to localhost).
This is the best I could think of. And I am working on it, when the code is ready I'll make it open source and notify you :)
But still, it's difficult, as you need to put user's request to sleep for 2 seconds and then transferring it.
Its slow, but may work out for you.
Disadvantages:
Program will be very slow and memory usage will be more.
Breaking may happen many times.
High bandwidth wastage
If not encrypted, MIM (Men in Middle) may possible.
Advantages:
Indirect method of hosting
Need not to worry about your code being lost.
I am looking forward for a better alternative and I would like to keep this question for bounty once again.
If you cannot open the necessary ports within your LAN you will require access to an external server. However, the external server does not need to host any code, e.g.
Create a Linux based ec2 instance using Amazon's free tier.
Install a package to redirect remote to local ports:
a. using socat:
Install socat using your distributions package manager
Connect via SSH: ssh -N -R 42500:127.0.0.1:80 -o ServerAliveInterval=60 ubuntu#xxx.xxx.xxx.xxx -N -R 8080:localhost:80 "socat TCP-LISTEN:8080,fork TCP:127.0.0.1:42500"
b. using a webserver and reverse proxy:
Install apache or nginx and any required reverse proxy modules and configure your VirtualHost to proxy requests to a local port, e.g. :8080 -> 127.0.0.1:42500
Connect via SSH: ssh -N -R 42500:127.0.0.1:80 -o ServerAliveInterval=60 ubuntu#xxx.xxx.xxx.xxx
Your machine is now reachable via the ec2 instance http://xxx.xxx.xxx.xxx:8080/.
I occasionally use this technique when debugging web service callbacks.
Update 17-02-2014
If you are a Windows user you will need to install a third-party tool to support ssh. Options include:
cygwin
git bash
PuTTY
PuTTY is the easiest choice if you are not familiar with *nix tools. To configure remote port forwarding in PuTTY expand the following setting: Connection -> SSH -> Tunnels. Given the previously described scenario, populate Source port as 42500, Desination as 127.0.0.1:80 and tick the Remote option. (You may also need to add the path to a PuTTY compatible private key in the Connection -> SSH -> Auth tab depending on your server configuration.
To test you have successfully forwarded a port, execute the command netstat -lnt on your server. You will see output similar to:
tcp 0 0 127.0.0.1:42500 0.0.0.0:* LISTEN
Finally you can test with curl http://127.0.0.1:42500. You will see the output of your own machines web root running on port 80.
if you don't have a public IP address and cannot use port forwarding it is impossible to host the site
As people have said you need a public IP address. However, even if you did you should not use xampp as a public server, as it is designed for development and therefore has some security settings disabled.
I would recommend buying some shared web hosting, and uploading it to that. (you can get cheap hosting if you google 'shared web hosting', plus free .tk domains are avaliable: http://www.dot.tk/)
Do your company has any vpn network?
If it does and you have access to the vpn network, you can include your server to the vpn network and your guest will only need to login to your company vpn network then access your site like in a local network without using port forwarding. And since your data is very confidential, I assume that using vpn will also help to increase the security of your data.
Please correct me if I'm wrong.
Thank You.
What you are asking is not possible without port forwarding.
Lets break it into steps.
To host your site locally you will need a IP that is static so that
users can access it specifically.
You will need a domain so that it can be converted into user friendly name.
A 24x7 Internet Connection is must! You added a Wifi Router in your Diagram and most of today's router are capable of port forwarding.
What i will do in your scenario is:
Instead of using XAMP, i will install WAMP because i am more familiar with it and easy to configure.(totally personal preference)
Then i would set my server "ONLINE".(Google how to set WAMP server online)
Forward port "80" from router settings to my local computer ip address.(mostly it is tagged as "Virtual Server","Firewall","Port Forwarding",etc vary router to router in settings)
Suppose you have a local ip "192.168.1.3" and global/router IP "254.232.123.232" then you would redirect all the HTTP request done towards router to your local IP.
[[[[254.232.123.232]]]] --+ :80 +-- --------->192.168.1.3
That is good for now, but then you will need to tackle dynamic IP problem of router. But don't worry, thanks to some free sites that will be easy!
Go to no-ip.org -> Setup Account -> and create a entry, just a subdomain for now to test whether everything is working fine.(subdomain like mysite.no-ip.org, later purchase a real Domain)
Input your IP address there(Router IP) and download its application which will automatically update their server if your local IP changes.
Wait for some minutes and Voila! Your site is live.
I've created literally dozens and dozens of web servers in my day, but this is my first attempt with Windows Azure and I'm running into some problems. I just started migrating from AWS recently.
First of all, I'm running Ubuntu 13.04. Firewall disabled (for debugging), Apache2 installed correctly (using apt). SSH works fine as do many other services with both the DNS hostname and public IP. Virtual host is set up correctly and validated. However, I cannot access the HTTP website either through the Azure provided subdomain or the virtual IP. It just times out.
This is also my first time using Ubuntu 13.04 as well. So, through the powers of deduction, I'm assuming there is something I'm missing either with this new version of Ubuntu or some quirk in Azure. Does anyone have any suggestions?
SOLUTION
These steps to create "endpoint" works fine for all VPS:
open "virtual machine > endpoint > add endpoint"
choose "next"
set "name:http, protocol:tcp, public port:80, private port:80"
choose "complete"
and then must wait for activation and then for some time.
If you are using Azure Resource Groups along with your VMs (which is available on the new portal) you cannot use endpoints because it's not available there, so you should follow the following to open up the HTTP port or ANY other port:
1- Select the VM that you want to manage ports on.
2- In settings, click on Network Interfaces and select your network.
3- Go to Network Security Group and select your group.
4- Add Inbound or Outbound security rules depending on what you need.