I have a problem with my app that I want to use as sink for the push POST requests. I programmed it in Java as a straight forward servlet, I verified that I can send POST requests to it, but the test push from my consumer’s admin page says 404.
Is it possible that I can’t run the push sink on another port than 80? My secure Tomcat port is 8888. I don’t see any calls from the Foursquare servers in my Tomcat access log.
Thanks!
As stated in Realtime API self signed certificate 4sq seems currently not to be able to send POST requests to other ports than 443 (standard SSL).
I worked around this by using the mod_jk connector to let Apache2 send requests to a special directory directly to Tomcat7. This works for me.
Related
Where I work theres an web app that is hosted on windows servers, all users access the application using HTTP, not HTTPS. This is due to some restrictions that the dev team could not solve.
So I thought that i could solve this issue using HAProxy and SSL Termination, so the users would communicate with the proxy first using HTTPs and then the proxy would communicate with the app servers using HTTP. This would be inside a private VLAN so the HTTP traffic cannot be sniffed.
The users access the app using this schema --> http://servername:port/path/to/app
So instead of this, the users should type https://haproxy.domainname:port/path/to/app
and the haproxy should handle the communication against the app servers.
Is this possible? or should i think of another solution to this?
I came up with this:
frontend haproxy.domain.name
bind ipaddress:port ssl crt /home/cert.pem
acl is_bdc path -i -m beg /path/to/app
use_backend web_servers if is_bdc
default_backend web_servers
backend web_servers
balance roundrobin
server server1 ipaddress:port
I can access the app server using this configuration, but the app fills some variables using the URL of the web browser, and as im accessing the app using another URL (haproxy.domain.name instead of the app server hostname) its causing some errors. Is possible to maintain the app server hostname on the url but also keep the SSL termination? The used certificate its a wildcard so adding the domain name would be enought (i think)
Thanks you in advance!
Well there are several options to solve your issue.
1.) Tell the app server that it runs behind a reverse proxy and configure the app engine to use haproxy.domain.name as Domain/Host part, something similar to tomcats Proxy Support How-To
2.) you can use the http-response replace-header or replace value to rewrite the URL. This will not work with links in the body of the response.
As you haven't mention the HAProxy version I link to the latest one.
Maybe you will need also to configure the IIS to know that it works behind a reverse proxy, in case you use IIS.
Ant-Media-Server is running on an IPAdress without any domains. We just set up this server to be used for streaming in order to use it from different domains pointing to different servers.
Since all of our domains use ssl, we face the typical connection problem:
mixed Content: The page at 'https://SOMEDOMAIN.com/QUERY' was loaded over HTTPS, but attempted to connect to the insecure WebSocket endpoint 'ws://1.2.3.4:56'. This request has been blocked; this endpoint must be available over WSS.
Ant-Media already offers tutorials on how to install a Let's Encrypt SSL Certificate but sadly it is not available for pure IP-Addresses.
Apart from the Ant-Media Service, the server doesn't has any NGINX, NodeJS, Apache or other http Servers installed - the plan was just to use it for streaming by calling the IP-Address.
Do you have any ideas on how to solve that problem?
Unfortunately, this is not possible.
The goal of having a SSL is ensure you are requesting the right domain name besides encrypting the content between your users and your server.
Here are some alternatives:
create an endpoint in your own app that proxies data to your server.
Instead of playing the IP address, you can play:
/your-proxy-url?stream=http://yourIp.com:port/....
Note that using a proxy will make all the traffic pass through your web app.
As a reference, if you are using PHP on your website, you can have some ideas from here: https://gist.github.com/iovar/9091078
Create a reverse-proxy in front of your web app that redirects the traffic to your IP address.
Both solutions does not change your Ant Media Server, just adds a new resource between your users and your streaming server - adding the SSL on it.
I have created a HelloWorld SpringBoot app and deployed it on a EC2 instance. I can invoke it through my HTTP browser with http://<My EC2 instance IPv4 address>/tax after I add the following inbound rules
CustomTCP TCP 8080 <my laptop Ip>
SSH TCP 22 <my laptop Ip>
I went ahead to create a API Gateway with GET method with Integration Type as HTTP and with the above URL. But when I test the GET method, I get
"message": "Network error communicating with endpoint".
I tried giving various inbound rules but no success. Finally after creating a open inbound rule of All Traffic for everyone the API worked fine.
Clearly I cannot go ahead with this open inbound rule, what specific inbound rule should I create for my API to work? What IP should I use in the inbound rule? Does API even have an IP?
From what I understand, your application needs to be publicly accessible to be used by API Gateway.
However, you can use SSL certificates to restrict access to your HTTP backend only to API Gateway. This documentation shows how to do that.
See this for a related discussion on AWS forum.
I'm trying to set a telegram bot up. My favourite language is Java. In the past, I had experience with Grizzly lightweight webserver so I'd like to use it. The problem is that I don't know how to configure the whole environment in order to make it works with SSL.
I configured Apache2 on my Debian machine and it works with an autosigned SSL certificate. So if I browse https://10.0.0.1/ I can see the Apache welcome page.
The plan is to receive HTTPS POST requests containing a JSON and forward them to a Grizzly.
How could I achieve it?
Easy! With ProxyPass in Apache2!
Guide followed here
I'm trying to build a complete web caching proxy using Boost Asio and LibCURL, I've already built the server and everything works fine. It receives http requests (GET, POST, upload using POST ...) correctly and also it sends back the responses to the browser for e.g correctly.
Now, I want to extend it, so it can handles https requests. I read about it in LibCURL web site http://curl.haxx.se/libcurl/c/libcurl-tutorial.html (proxy section), I understood how it works and I have a clear idea how it should be done. But I didn't find a good documentation about how proxies handle https requests. and:
what are the possible messages (information, format, length ...) exchanged by the source application and the proxy ?
things to consider.
...
Thanks in advance :-) .
You will receive the CONNECT command in plain text, and respond to it ditto, then the communications after that will be encrypted. If your proxy is to be an SSL endpoint, which is highly problematic given that HTTPS requires a certificate that matches the target host-address, you will then need to enter SSL mode on both connections. More probably you should just start copying bytes in both directions without attempting to process the contents.