I have an AWS instance running Apache server.
Apache is running when accessed from the local machine.
RDP connection through the elastic IP is working.
Port 80 is open for the security group
However, the elastic IP is not accessible from the browser.
Any ideas?
It could be a Security Groups is not configured to allow HTTP.
Go to http://aws.amazon.com Sign in.
Click on EC2. Then click on Security Groups. Click on the Security Group that your instance is using.
Click on Inbound tab. Click on Edit button.
In here, add you IP address (or Anywhere) for HTTP.
Unfortunately, that is not enough information for me to provide a definitive answer.
Here are some questions you can ask to help you figure out what may be wrong, however:
What happens when you run telnet 50.40.30.20 80 (where
50.40.30.20 is your EIP)?
You mention that RDP is working, is this a Windows instance (which requires port 3389 to be open for RDP)? or is it a Linux instance that requires port 22 to be open for SSH?
If Linux, is SELinux running? If so, you may find
this helpful
in disabling it temporarily or permanently to see if it has an impact on your ability to hit Apache.
Related
I downloaded the app Charles Proxy, I added the certificate and I can confirm that the Charles certificate is in my certlm (Certificate Manager) in the "Trusted Root Certification" folder, I had also enabled SSL Proxying to include this location: "*:443" which I believe means that I want to see all data coming in.
I'm not sure what the problem is, but whenever I open up Charles Proxy, it doesn't allow me to access any websites, all the data coming in Charles is coming in as status: "Blocked"
I'm using Windows 10 if that helps. I didn't have this issue on MacOS, Help is appreciated!
Here was the solution to my problem:
First quit Charles. Then go to the Internet Options in your Control Panel. Go to the Connections tab. Click on the LAN Settings. You’ll see a Proxy panel. Uncheck the Use a Proxy checkbox. Click OK until you’ve closed the Internet Options.
Then opened up Charles Log, go to Tools -> Allow List and make sure "Enable Allow List" is unchecked.
I suggest you check Windows proxy settings as your applications are most probably trying to communicate on a wrong IP/port proxy address matching.
Open cmd (Windows+R, cmd, Enter).
Execute:
rundll32.exe shell32.dll,Control_RunDLL inetcpl.cpl,,4
Click on LAN settings, then check Use a proxy server for your LAN.
Click Advanced button near Address and Port labels.
Define your addresses and ports here. I once had a task that required me to check all incoming and outgoing HTTP/HTTPS connections from my machine, so I set on HTTP field the address 127.0.0.1 with port 8888 and checked the option "Use the same proxy server for all protocols". If you want a finer control, you leave this option unchecked set different ports to handle FTP and Socks connections. Those ports are used by Charles. Check those settings in Charles Proxy as well!
Click Ok, then click Ok again.
On Charles, in Proxy-Proxy settings, make sure the port numbers are the same for the relative protocols as you set up before in the Windows proxy page.
I personally have never used Charles on a Windows machine but it sounds like your browser isn't configured to run through the proxy. Firefox use to have an add-on for Charles but now you have to manually enter the proxy ip to intercept the data. I'm not sure if you can use any other browsers on Windows with Charles, but use Firefox and go to Preferences > Network Settings > Manual Proxy Configuration and add your machine's ip address and the default Charles port 8888. Also make sure to check the checkbox to allow HTTPS. Save these changes and you should be good to go.
I don't have a Windows machine to try any of this out, but I've always found the documentation helpful.
There may be something that you've overlooked in the configuration, ssl proxying or ssl certificates sections.
i get this error for installation script that worked perfect on EC2 vm but now seems that i can't reach the site , should i add some inbound rule or something to enable apache2 server ? the error in the chrome is
This site can’t be reached *.*.*.*.com’s server IP address could not be found.
Try running Windows Network Diagnostics.
DNS_PROBE_FINISHED_NXDOMAIN
Network Security Group
Azure VMs do not have any ports open firewall ports by default unless you open them when you provision your VM. When you created your Azure VM in the Azure Portal, you likely created a Network Security Group for the VM. If you didn't specify any ports to open during the VM's creation, you'll need to open up the VM's firewall.
To Open Ports
To open up the ports on the firewall, head out to the Azure Portal (where you set up the VM). Find the VM in the list of resources. It should take you to a page for your VM where the name, status, location, size, IP address, etc will be displayed. On the left side, you'll have a vertical menu > Select Networking. From there, you'll be able to see currently active firewall rules for the VM. Since you're likely missing HTTP (80) and HTTPS, select add inbound port rule. From the dropdown for service, select HTTP and assign a name/priority. Perform the same options, except this time selecting HTTPS (443). Press save and test. You should be able to access Apache running on the VM.
Additional Troubleshooting
The script you used may have inadvertently set up the VM's iptables. You can view Linux's firewall with sudo iptables -L to verify that no firewall rules have been enabled. Since Azure handles the firewall, you shouldn't need any iptables rules, but they could always be added for additional security.
This answer assumes that you do not have Azure's Load Balancing servers installed in front of the VM.
I have successfully installed Apache Guacamole on my DigitalOcean VPS.
Now I need to create a new connection to my windows 10 pc.
I cannot get that to work.
I am very confused what settings I need to fill in to connect to the pc.
Here are screenshots of the settings I can fill in. I am going to use RDP and am unsure how to find the domain, host, etc of my pc. Maybe there is other settings I need to fill in too?
Please help as I have been trying for weeks. Thank You.
New Connection Settings Picture
New Connection Settings Picture
First, make sure that both tomcat and guacd services are running. Usually, both are installed on the same machine.
On the settings page, select RDP as the protocol (in the images you have posted, VNC is selected). Next, in the "Parameters" section, enter hostname ip and RDP port (3389 is the default). If guacd is on the same host as tomcat, there is no need to enter anything in the "Guacamole proxy parameter" section.
The settings page is a bit different when RDP is selected, but you should also populate windows username, password and domain of the remote PC where you want to connect. The parameters are the same as the one you are normally using to logon to this PC.
Also, make sure that the remote windows 10 PC is accessible from the DigitalOcean VPS. You may test this by logging to the VPS machine and issue the following in the terminal
telnet <remote windows pc ip> 3389
If you can connect with telnet, this means that remote PC RDP server is accessible; otherwise, you have to check for network related issues (firewall, different lans...).
If everything above is ok, then please post the tomcat log (catalina.out) and guacd log (usually in /var/log/syslog).
I have created a web application in glassfish and I can access it on my LAN.
How can I access the web application from a remote location over internet?
I do not have static IP.
Please reply.
Thanks.
Steps :
Creating virtual DNS(Domain name server) Server on your machine.
Port Forwarding.
Reference https://cookbook.fortinet.com/port-forwarding-60/
Remote Desktop Connection enabling.
Creating Inbound Rules. Reference :
https://www.howtogeek.com/112564/how-to-create-advanced-firewall-rules-in-the-windows-firewall/
Creating account on www.noip.com and create custom host and download DUC (Dynamic Update Client) Software.
Some more steps may have it depends on your LAN Router and firewall configuration.Use http://ifconfig.me/ to get your public ip.
Access from outside your machine should be configured by default. You may check if it is so in admin console, at Configurations->server-config->Network config->Listenters. There should be one listening on the desired port (like 8080) and be bound to 0.0.0.0 address.
To easily access something behind a dynamic ip you need something like http://www.noip.com/ or http://www.dnsomatic.com/ (I took these from my router's control panel)
I did this recently,
first you need to use port forwarding on your router, access it by typing your default gateway path, mine was 192.168.0.1 then go to "advanced settings -> Port forwarding". Simply enter the details that are asked for, I set mine to HTTP using port 8080, yours might be different. Protocol is TCP. The IP address it asks for is your local address.
For quick testing you can disable the firewall on your machine and then you can search on google for your Public IP address by typing "what is my IP".
Then type your ip into the browser and the port number "ipAddress:portNumber"
You should see the glassfish welcome screen if it is successful.
After that you might want to enable your firewall again but then you have to add an inbound rules to allow the port to be used:
Setting Windows inbound rules
Then you still have one last step to perform, allowing glassfish to access the resources on your machine: Adding glassfish to allowed programs
Follow the instructions on adding java.exe only.
I want to make my site available world wide. Im using xampp server for hosting. I have no access to any kind of servers and modems. Situation is shown below:
My site server has local ip assigned by wifi router and it runs Windows 8.
Remember I have no access on any kind of servers and modems so port port-forwarding is impossible (out of my scope).
Its actually difficult, but not impossible.
One way, I would approach this is:
I would host a page on internet.
Then take request and store it in database.
One of my program will always be running from my computer.
Then check for request and curl the request to localhost. For this you may use Node.js (taking data from database using GET method and curl it to localhost).
This is the best I could think of. And I am working on it, when the code is ready I'll make it open source and notify you :)
But still, it's difficult, as you need to put user's request to sleep for 2 seconds and then transferring it.
Its slow, but may work out for you.
Disadvantages:
Program will be very slow and memory usage will be more.
Breaking may happen many times.
High bandwidth wastage
If not encrypted, MIM (Men in Middle) may possible.
Advantages:
Indirect method of hosting
Need not to worry about your code being lost.
I am looking forward for a better alternative and I would like to keep this question for bounty once again.
If you cannot open the necessary ports within your LAN you will require access to an external server. However, the external server does not need to host any code, e.g.
Create a Linux based ec2 instance using Amazon's free tier.
Install a package to redirect remote to local ports:
a. using socat:
Install socat using your distributions package manager
Connect via SSH: ssh -N -R 42500:127.0.0.1:80 -o ServerAliveInterval=60 ubuntu#xxx.xxx.xxx.xxx -N -R 8080:localhost:80 "socat TCP-LISTEN:8080,fork TCP:127.0.0.1:42500"
b. using a webserver and reverse proxy:
Install apache or nginx and any required reverse proxy modules and configure your VirtualHost to proxy requests to a local port, e.g. :8080 -> 127.0.0.1:42500
Connect via SSH: ssh -N -R 42500:127.0.0.1:80 -o ServerAliveInterval=60 ubuntu#xxx.xxx.xxx.xxx
Your machine is now reachable via the ec2 instance http://xxx.xxx.xxx.xxx:8080/.
I occasionally use this technique when debugging web service callbacks.
Update 17-02-2014
If you are a Windows user you will need to install a third-party tool to support ssh. Options include:
cygwin
git bash
PuTTY
PuTTY is the easiest choice if you are not familiar with *nix tools. To configure remote port forwarding in PuTTY expand the following setting: Connection -> SSH -> Tunnels. Given the previously described scenario, populate Source port as 42500, Desination as 127.0.0.1:80 and tick the Remote option. (You may also need to add the path to a PuTTY compatible private key in the Connection -> SSH -> Auth tab depending on your server configuration.
To test you have successfully forwarded a port, execute the command netstat -lnt on your server. You will see output similar to:
tcp 0 0 127.0.0.1:42500 0.0.0.0:* LISTEN
Finally you can test with curl http://127.0.0.1:42500. You will see the output of your own machines web root running on port 80.
if you don't have a public IP address and cannot use port forwarding it is impossible to host the site
As people have said you need a public IP address. However, even if you did you should not use xampp as a public server, as it is designed for development and therefore has some security settings disabled.
I would recommend buying some shared web hosting, and uploading it to that. (you can get cheap hosting if you google 'shared web hosting', plus free .tk domains are avaliable: http://www.dot.tk/)
Do your company has any vpn network?
If it does and you have access to the vpn network, you can include your server to the vpn network and your guest will only need to login to your company vpn network then access your site like in a local network without using port forwarding. And since your data is very confidential, I assume that using vpn will also help to increase the security of your data.
Please correct me if I'm wrong.
Thank You.
What you are asking is not possible without port forwarding.
Lets break it into steps.
To host your site locally you will need a IP that is static so that
users can access it specifically.
You will need a domain so that it can be converted into user friendly name.
A 24x7 Internet Connection is must! You added a Wifi Router in your Diagram and most of today's router are capable of port forwarding.
What i will do in your scenario is:
Instead of using XAMP, i will install WAMP because i am more familiar with it and easy to configure.(totally personal preference)
Then i would set my server "ONLINE".(Google how to set WAMP server online)
Forward port "80" from router settings to my local computer ip address.(mostly it is tagged as "Virtual Server","Firewall","Port Forwarding",etc vary router to router in settings)
Suppose you have a local ip "192.168.1.3" and global/router IP "254.232.123.232" then you would redirect all the HTTP request done towards router to your local IP.
[[[[254.232.123.232]]]] --+ :80 +-- --------->192.168.1.3
That is good for now, but then you will need to tackle dynamic IP problem of router. But don't worry, thanks to some free sites that will be easy!
Go to no-ip.org -> Setup Account -> and create a entry, just a subdomain for now to test whether everything is working fine.(subdomain like mysite.no-ip.org, later purchase a real Domain)
Input your IP address there(Router IP) and download its application which will automatically update their server if your local IP changes.
Wait for some minutes and Voila! Your site is live.