Webserver not accessible on port 8080 after configuring Proxy - linux

Let me start by saying I'm very new to this:
We have a linux server behind secure environment (No internet access). I was running apache webserver on that machine in port 8080 and it was accessible within the company network. Recently we asked networking team to configure us Proxy address so that the server can access Internet to perform yum, wget and few other maintenance related task.
The networking team configured http and https proxy on port 8080 and gave us a proxy address to use (http://someproxyaddress.com:8080). Now the port 8080 is connected to proxy server and apache service has been kicked out from that port. hence, it's unreachable. what kind of configuration changes do I have to make so I can access the apache web server from another machine within the company?

Related

Proxy Tunneling Through SSH

We have an HTTP proxy available on our facility's intranet. The proxy is accessed through a local IP address (192.168.x.x) and cannot be accessed from outside.
I can connect to a head node on the intranet through SSH, which has a public IP address. I can expose any port I'd like on this node.
Is there a way to somehow forward the traffic from an exposed port on the head node to this local proxy and back out to the world? I've been looking up this problem, but most solutions can only relay the traffic via SSH Port Forwarding to a local port on the device with SSH access, not another device with a different IP address.
You can try from a machine on the Internet :
ssh -L 3128:proxyIp:proxyPort user#headNode
Then on that machine, you can use localhost:3128 as proxy.
Try on a machine inside intranet first to make sure there is not security implications.

How to Make Website Site visible over the internet on port 8080

I have IIS Installed on Azure VM with one Website running on PORT 80 which is exposed over the internet via the following Azure Firewall Role
if I try to bind incoming traffic on any other port that is not PORT 80, for some reason the Firewall doesn't seem to allow it.
for Example, if have a website running on PORT 8080 and I try to Set Firewall roles from EXTERNAL IP to the Internal IP via PORT 8080... the Website is unreachable.
If the website runs on PORT 80 and the Firewall Role is via PORT 80.. than the site works.
does anyone have any idea/suggestions?
I would like to be able to Expose websites over the internet from the Same Web Server using different PORT for each one.
I've found the answer to my problem via this URL:
https://manage.accuwebhosting.com/knowledgebase/2886/How-to-configure-IIS-to-access-website-using-IP-address.html
Basically After create Inbound Firewall Role from Azure on port 8080, the next step is to Add in Windows Firewall a New Role to allow Incoming HTTP traffic via port 8080 or any other port that the Wibsite is binding.
hope this will help others.

Why does AWS firewall not permit remote connection from my work computer?

I setup an EC2 instance (Amazon Linux AMI) to host a Docker API (Flask application with Python). The application is running on port 5000. Using my local PC (which is remote), I am able to hit the API with a browser (i.e., http://ipaddress:5000/), and get the "Hello, World!" response. The issue is that when I do the same thing on another computer (my work computer), I get a connection refused error.
In the security group for the instance, these are my inbound rule settings (I know this isn't secure, it's just a Hello World example):
HTTP (TCP): Port 80, allow 0.0.0.0/0, ::/0
SSH (TCP): Port 22, allow 0.0.0.0/0
Custom TCP Rule (TCP): Port 5000, 0.0.0.0/0, ::/0
The question: Why is the firewall blocking one remote computer and not the other?
The problem: Corporate firewalls will often set outbound rules that limit which ports you can access from websites outside of your organization.
The solution: Since Port 80 is a common port used for web servers, corporate firewalls (generally) don't block outbound traffic to these ports. Therefore, I was able to fix this problem by deploying the AWS API on Port 80. Then, I was able to connect to the API from within my corporate network.

Building a secure HTTPs web server with Fargate + ACM + ALB

I am trying for the simplest deploy to get an https web server up and running in Fargate.
I have used Amazon Certificate Manager to create a public certificate.
I have an Application Load Balancer that is talking to the Fargate container on two ports:
80 for http and
443 for https
This is the problem: when I run my webserver on port 80 (http) and connect via the ALB, it works fine (not secure, but it serves up the html).
When I run my webserver on port 443 with TLS enabled, it does not connect via the ALB.
Another point is that when running my webserver with TLS enabled on port 443, I do not have the certificate or certificate key, and so am confused how to get that from Amazon.
Another question I have is: does it make sense for me to say that the ELB will communicate with the client over HTTPS but that the ELB can communicate with the container via HTTP? Is this secure?
My networking knowledge is very rusty.
does it make sense for me to say that the ELB will communicate with the client over HTTPS but that the ELB can communicate with the container via HTTP?
Yes. You should make sure your web server is accepting traffic from the ALB on port 80. This is done at the application level, on the web server, and with your target group, which is what the ALB will use to determine how it routes traffic to your web server. This is way it typically works:
client --(443)--> ALB --(80)--> web server
Some things to check:
Target group is configured to send traffic to your FG web server on port 80
Target group health check is configured to check port 80
FG task security group has ingress from ALB on port 80
Web server is configured to listen on port 80
Sidenote: You can configure your target group to send traffic to the target (web server in Fargate) on 443, but as you said, without the proper certificate setup in the container, you won't be able to properly terminate SSL and it just wouldn't work. You would need to upload your own cert to ACM for this to work, which sends you down a security rabbit hole, namely how to avoid baking your private key into your Docker image.

Hosting web application on Amazon AWS EC2

I am developing a web application locally. However, I would like to host the final product on an Amazon EC2 instance. I have moved my web application to the EC2 instance and am able to run the application; it's now listening on port 8081.
What I don't understand is how to allow users on the internet to access the web application running on port 8081 of the EC2 instance. I have tried redirecting the domain name to the IP address of the EC2 instance on the NameCheap DNS (where we bought the domain) to no avail. I suspect one of the things I need to do is set the permissions of the EC2 permission group but what should I set it to?
Help is greatly appreciated!
Thanks!
You can setup a nginx server to proxy all request to the port 8081.
Read more information here: https://doesnotscale.com/deploying-node-js-with-pm2-and-nginx/
Generally speaking, for a public web application you will want to run on a standard port (e.g. 80 or 443). You could do that by just running your node app as a privileged user (required by most OS's to expose 80 or 443), but generally it's better to have a web server in front pass the traffic, treating your node app as an upstream server (even if it's on localhost). NGinX is a good choice for this.
Regardless of what port you want to run it on, you'll need to update your EC2 security policy for that instance to allow traffic on that port (80, 443, 8081, whatever). You'll also need to make sure it's exposing a public IP address. It's not a bad idea to assign it an Elastic IP, since you'll wnat it to have the same address across instance reboots.
Finally, depending on what AMI you're running from, there may be a host firewall configured that you'll need to check on and configure to allow the traffic.

Resources