I wrote a tool to generate a dns server under docker by a simplified method http://tobelucky.fr
My bind server does not recognize my instructions
listen-on port 5050 tls local-tls http default {any;};
https://github.com/Maissacrement/automate_dns/blob/main/etc/bind/named.conf.options
Related
"By default, Caddy will bind to ports 80 and 443 to serve HTTPS and redirect HTTP to HTTPS." (https://caddyserver.com/docs/automatic-https)
How can we change this port?
Background:
In our setup, Caddy runs behind an AWS load balancer which forwards requests from port 443 to port 4443. Therefore, we would like to have Caddy listen on 4443. (We use the DNS challenge.)
According to the documentation:
The first line of the Caddyfile is always the address of the site to serve.
In your Caddyfile:
<domain>:<port>
Example:
localhost:8080
You should be able to do this
https://example.com:4443 {
# config info
}
Above answers are both good, but if you want to run on specific port and have other reverse proxy redirecting from yourdomain.com:443 to <MY_SERVER_IP>:4443, you can use global settings
{
http_port 880
https_port 4443
}
mydomain.com {
...
}
Only use this when you want your server to run on 4443 but be able to accept requests where Host: mydomain.com is present (host doesn't have :4443 port)
When we develop on windows localhost application with https we assign cert to application port
netsh http add sslcert ipport=0.0.0.0:5000 certhash=4379cdc7dca5e06ae4dc25cf1892c4111deb61f5 appid={4CD4348D-D9C7-47E6-9252-74D528FB0971}
But how it work on linux? I have application wrote in mono listen a 5000 port . I dont know how I can use https.
It is written that now CloudFlare supports 2087 as a port for Https
I have a domain lets say www.somethign.com and it is secure using CloudFlare
I run my node.js on a specific port.
If I choose a port 8080, which is a port allowed for http, and then i call my page like:
http://www.mydomaidnExample.com:8080/webhook
it works perfectly.
but when I set a port for https, such as 2087 and call it like
http://www.mydomadin.com:2087/webhook
i get this error
What should I do please ?
Note that this url
localhost:2087/webhook
is working on the server
Update
Firewall is already off
When using CloudFlare there are restrictions around which ports you connect through for security reasons, the 2087 port is reserved for SSL usage:
For requests made via HTTP:
80
8080
8880
2052
2082
2086
2095
For requests made via HTTPS:
443
2053
2083
2087
2096
8443
Therefore, when using Full SSL mode within CloudFlare and you connect over port 2087 the connection to the origin will be over SSL, if you want to disable this you can use a Page Rule to turn SSL to Flexible on that port.
I've got a server setup in NodeJS which looks like the picture below:
Now what i want to do two things which seem to be possible with HAProxy:
To only use one port no matter what server a client wants to access. I want to use the external port 8080 for all non SSL
traffic. (All SSL traffic should use the port 443)
Enable SSL on the SockJS Server and the Express Server.
Please not that all my servers are running on the same instance on an amazon ec2. So i want to internally route the traffic.
This is my haproxy.cfg so far:
mode http
# Set timeouts to your needs
timeout client 10s
timeout connect 10s
timeout server 10s
frontend all 0.0.0.0:8080
mode http
timeout client 120s
option forwardfor
# Fake connection:close, required in this setup.
option http-server-close
option http-pretend-keepalive
acl is_sockjs path_beg /echo /broadcast /close
acl is_stats path_beg /stats
use_backend sockjs if is_sockjs
use_backend stats if is_stats
default_backend express
backend sockjs
# Load-balance according to hash created from first two
# directories in url path. For example requests going to /1/
# should be handled by single server (assuming resource prefix is
# one-level deep, like "/echo").
balance uri depth 2
timeout server 120s
server srv_sockjs1 127.0.0.1:8081
backend express
balance roundrobin
server srv_static 127.0.0.1:8008
backend stats
stats uri /stats
stats enable
Cant figure out how to route the SSL and the traffic to the TCP Server (8080 internal port)
Any ideas?
Your setup is kinda hard to understand (for me). If I understand your goals correctly, you want to serve your web service through SSL hence port 443. And from 443, connect to port 8080 (internally). If that is the case then the following configuration might be what you are looking for. It does not really use port 8080 but instead it connects directly to your express backend. You don't really need to have port 8080 exposed (unless you have special reasons for doing so) because you can just use the backend servers directly inside the frontend section.
Note that this only works for HAProxy 1.5+, if you are using older version of HAProxy, you should put something to tunnel the SSL connection before it reaches HAProxy (But I strongly suggest 1.5 because it makes your setup less complex)
frontend ssl
bind *:443 ssl crt /path/to/cert.pem ca-file /path/to/cert.pem
timeout client 120s
option forwardfor
# Fake connection:close, required in this setup.
option http-server-close
option http-pretend-keepalive
acl is_sockjs path_beg /echo /broadcast /close
acl is_stats path_beg /stats
use_backend sockjs if is_sockjs
use_backend stats if is_stats
default_backend express
I'm currently using node spdy to serve files. This works beautifully.
However I would like to use HAproxy to load balance amongst these node servers. But when my node/spdy server is behind HAproxy, request.isSpdy is false... so spdy is all of a sudden not supported?
Here's my HAproxy configuration:
global
maxconn 4096
defaults
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
frontend http_proxy
mode http
bind *:80
redirect prefix https://awesome.com code 301
frontend https_proxy
mode tcp
bind *:443
default_backend webservers
backend webservers
balance source
server server1 127.0.0.1:10443 maxconn 4096
# server server2 127.0.0.1:10444 maxconn 4096
Thanks!
You can't use HAProxy's HTTP load balancing mechanism with SPDY. First, you need to use the latest development branch to enable support for NPN (and hence SPDY), and after that, you will have to configure it to run closer to simple TCP load-balancing mode -- HAProxy does not understand SPDY.
For an example HAProxy + SPDY config script, see here:
http://www.igvita.com/2012/10/31/simple-spdy-and-npn-negotiation-with-haproxy/
I ran into this same issue. Instead of using spdy, I went back to using express and made haproxy use the http/2 protocol.
frontend http-in
bind *:80
mode http
redirect scheme https code 301
frontend https-in
mode http
bind *:443 ssl crt /path/to/cert.pem alpn h2,http/1.1
the key here is this part alpn h2,http/1.1