Alright, so I figure I will ask the awesome stackoverflow community to see if I can get an answer.
My question is, I want to run a script, php specifically but I could do any type technically whenever a connection comes into haproxy. I can chnage my load balancing software if needed or use a non load balancing software too.
Order of events
Connection attempt via haproxy
haproxy sees that it is a certain port/port range
haproxy triggers script
haproxy forwards connection like it is supposed to.
How could this be possible? Also the script needs to trigger before it forwards the traffic
I figure someone will ask, so I will explain in advance. I have an online game, but I don't want it running all the time. If someone tries to connect it starts the game via an api/script.
Update *
I was thinking about the logic. What you could do is set a service to listen for these ports on the game server and then when it sees a connection run the script that shutsdown the listener and starts the game but you would want to automatically restart the listener if the game shuts down.
I really don't understand your logic...why you are wanted to do so....
Following are URL show how you can configure HAproxy to trigger a xinetd script. I understand this is really something you want , but least it will gives you clues for exact solution.
http://sysbible.org/2008/12/04/having-haproxy-check-mysql-status-through-a-xinetd-script/
Related
At the moment we have multiple raspberry pies placed at different locations on different networks.
Our current solution to be able to reach them if something goes wrong is auto-ssh with jump host.
Recently I stumbled on Wireguard which could be another more slim way to solve the calling home problem.
The problem is that we would like the setup phase to be more dynamic, we don't want to do special configuration per node we have out there, we just want them to call home with a key and then be apart of the network.
Two questions:
Is Wireguard for us or are there other problems that I can't foresee here.
Is there a way to set it up dynamically with one key and let the clients get random ips?
wireguard always needs a unique keypair / host. So not what you are looking for.
If you just want a phone home option with ip connectivity I would suggest an openvpn server and client. If you use a username/password config (not using certificates), you can reuse the config on multiple clients. Openvpn will act as an dhcp server.
an howto:
https://openvpn.net/community-resources/how-to/
search for:
client-cert-not-required
The option that Maxim Sagaydachny is also valid for command access, an alternative to salt could be puppet with mco/bolt.
On any option you choose, be sure that the daemon restarts when it crashes, reboots, fails...
for systemd services this would be an override with:
[service]
restart=always
I run a 2GB RAM Linode (Ubuntu) that hosts a few WordPress websites. Recently my server has been OOMing and crashing and I have been up all night trying to find out what's causing it. I have discovered there I get an enormous influx of traffic (a tiny DoS) that brings the whole thing down.
I have access logs setup across all of the virtual hosts and I am using tcptrack to monitor activity on the server.
The traffic appearing in my access logs does not account for the traffic I am seeing on tcptrack. i.e. there are a dozen i.p. addresses that are constantly opening and closing connections on the server, but are nowhere to be seen in the access logs for each virtual host.
Clearly it's because these i.ps are not hitting the virtual hosts, but I have tried to set up access logs to monitor server-wide traffic so that I can see what requests their making but I'm really struggling.
Can anyone please point me in the right direction, perhaps tcptrack is just too simplified to provide any meaningful insight?
Start using mod_security
https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#Installation_for_Apache
Debian has it which means Ubuntu likely does as well. You should also make sure the kernel is setup properly, search google for SYN_COOKIES. Look into iptables/shorewall etc. Shorewall is a package that wraps iptables. Iptables can be configured for detect floods and start dropping packets.
Doesn't have to be Apache, but that's just the only HTTP server I know of (Actually could you guys recommend alternatives that I could look into as well?)
Anyways, so I have been messing around with Amazon Web Services and I created an EC2 server instance with an Amazon Linux Image. On that, (Following guides and examples) I installed Apache and now when I make a GET request to my public IP, it returns to me the HTML files I created on my server.
My question is, what if I never installed Apache, and then made an HTTP request to my public IP? For no reason really, the question just came up in my head and I'm curious. I'd rather not figure out how to uninstall Apache or create a new instance to figure it out, so I was wondering if somebody could weigh in as well as tell me a little more about what it is exactly apache does on a server. My understanding is that it is a layer you can install on your server OS that will create a socket listener to port 80 (HTTP), and when a request is made on that port, Apache will return web pages? Also I think I read somewhere you could configure Apache to forward a port to something like a python server script?
Thanks in advance for your time!
could you guys recommend alternatives that I could look into as well?)
nginx is a popular alternative to apache. It's much more efficient.
what if I never installed Apache, and then made an HTTP request to my public IP?
Your browser would get a "connection reset" because there is nothing on port 80. Your browser would display a message (Chrome says "This webpage is not available"). You would NOT get a "404" because that requires an HTTP server to send HTTP codes.
If your server was firewalled instead, you'd bet a busy wait for a while, then a message about the server not responding.
Also I think I read somewhere you could configure Apache to forward a port to something like a python server script?
Yes, that is called "reverse proxy" mode. It's essential to any application website if you want to scale. The web server(s) can distribute traffic to one or more backends running the application. The web server is useful for filtering bad requests (since your backend in Ruby/Python will be 1000's of times slower than the reverse proxy.)
Well, if you want to test what will happen if Apache isn't installed, you can always just stop the Apache service by typing:
sudo service apache2 stop
or
sudo service httpd stop
depending on your version. Then if you visit your site's webpage you'll get a 404 error or something similar.
There are ways to use python scripts to run simple servers, but in general it's easier to just let Apache handle that and use a framework like Ruby on Rails or Django to control the display and creation of content for your server.
I am coding a mac app, which will be a server that serve files to each user's mobile device.
The issues with this of course are getting the actual ip/port of the server host, as it will usually be inside of a home network. If the ip/port changes, its no big as i plan to send that info to a middle-man-server first, and have my mobile app get the info from there.
I have tried upnp with https://code.google.com/p/tcmportmapper/ but even though I know my router supports upnp, the library does not work as intended.
I even tried running a TURN server on my amazon ec2 instance, but i had a very hard time figuring how what message to communicate with it to get the info i need.
I've been since last night experimenting with google's libjingle, but am having a hard time even getting the provided ios example to run.
Any advice on getting this seemingly difficult task accomplished?
The port of your app will not change. The IP change could be handled by posting your servers IP to a web service every hour or whatever time period you want.
Server should run a URL http://your-web-service.com/serverip.php?ip=your-updated-ip and then have your serverip.php handle the rest (put it into a mySQL db or something)
When your client start it should ask your site for the IP and then connect to your server with that.
This is a pretty common way of handling this type of things.
I tend to get this annoying error alot using Netbeans 7.2. The that occassionally comes up is,
Starting of Tomcat failed, the server port 8084 is already in use.
I'm part of a small group of developers and a couple of us have encountered this, and our solution is to go simply kill the Java process using it.
However, our boss insists that this isn't necessary and that my "Duct-tape solutions" are NOT adequate.
It's not a task given to me or anything, but it is annoying and I'm wondering if he's right. Is there a permanent solution to this Apache Tomcat error? Is there some way for me to configure Apache Tomcat so that this won't happen again?
Update
That would also work, but I don't see how that's any better than me going in and killing the stupid process. Your solution would only mean I have more than one instance of the same app server running. But, what I wanted was a way to prevent the stupid Apache Tomcat instance from still staying up even though I wanted to kill it using the IDE.
Use a different port for the Tomcat. You can easily change the port number in net-beans by simply moving on to servers>tomcat and right click .. properties. and change the port to say 8083 etc...