I have configured gitlab so that I can only connect to it from a specific ip address. In gitlab.rb file I configured the url this way:
external_url 'gitlab.example.pl:2000'
and also configured ufw:
[ 1] 2000 ALLOW IN 192.169.0.1/24
When I want to access gitlab by browser I have to type additionally port 2000, so I would like to port forwarding to 443. I can't give access to port 443 only to a specific ip address in ufw because i configured mattermost in this same server and must be access from everywhere. I tried port forwarding with apache2 or ngnix but gitlab listens on port 80 and because of this apache2 and nginx are not working. I also tried find solution in file gitlab.rb
nginx['listen_port'] = 443
nginx['redirect_http_to_https_port'] = 80
nginx['redirect_http_to_https'] = false
Please give me a solution to this problem.
You do you not have to configure listeners for gitlab and mattermost separately. Both your mattermost and gitlab URL will point to the same IP address and port and both should route to NGINX.
NGINX will route traffic appropriately to gitlab or mattermost based on the hostname header. Just configure the external_url for gitlab and mattermost_external_url for mattermost appropriately within the same gitlab installation. There's no particular need to put apache in front of gitlab's nginx.
external_url 'https://gitlab.example.com'
mattermost_external_url 'https://mattermost.example.com'
nginx['listen_port'] = 443
nginx['listen_https'] = true
As long as your firewall allows traffic on port 443 to nginx, you're OK. If you need that to be a specific IP address, set nginx['listen_address'].
Related
I have a NodeJs/Express project in Alibaba cloud based Ubuntu server.
When I run project and access with curl localhost:3000 and curl 127.0.0.1:3000 it works!
When I access with IP public, e.g. curl 192.x.x.x:3000 it doesn't work, even though I have edited config in Express project in some code to : server.listen(3000,"0.0.0.0") OR server.listen("3000","192.x.x.x").
FYI I have Apache on this server. When I access on Internet with IP public no problem.
What can I do to solve this problem? Thanks beforehand.
PS: the 192.x.x.x is my IP public and it works access with Apache project
Issue the following command to open port 3000 for TCP traffic.
sudo ufw allow 3000/tcp
You have to configure your security ground and create a inbound rule to allow port 3000. Follow this guideline.
https://www.alibabacloud.com/help/doc-detail/25471.htm
Make sure you allow TCP traffic or all traffic from all sources to the port 3000 as the inbound rule.
The fact that you can access your service locally - but not publicly could mean 2 possible configurations:
The server running your application has blocked the port 3000
You have not configured your server to map the port 80 of a specific route to the port 3000
It is highly possible that a most essential part of your server configuration has not been done.
I'm trying to use nginx to setup a simple node.js server, I'm running the server in background on port 4000, my nginx config file is
server {
listen 80;
listen [::]:80;
server_name 52.53.196.173;
location / {
include /etc/nginx/proxy_params;
proxy_pass http://127.0.0.1:4000;
}
}
I saved it in /etc/nginx/sites-available and also symlinked it to sites-enabled, the nginx.conf file has the include line already to load files from sites-enabled, then i restarted the service using
sudo service nginx restart
I tried going to 52.53.196.173 and it refuses to connect, however going to 52.53.196.173:4000 with port 4000 it is working, but I'm trying to make it listen on port 80 with nginx, i tried putting my .ml domain as server_name and no luck, and i have the IP 52.53.196.173 as the A record in the domain dns settings, and I'm doing this on an AWS EC2 Instance Ubuntu Server 16.04, i even tried the full ec2 public dns url no luck, any ideas?
Edit: I solved it by moving the file directly in sites-enabled instead of a symlink
There is few possible things. First of all you need to verify that nginx server is running & listening on port 80. you can check the listening ports using the following command.
netstat -tunlp
Then you need to check your server firewall & also the selinux policies. ( OR disable selinux for test )
Then you need to verify that AWS security group configured to access the http/https connections on port 80.
PS : Outputs from the following command & configurations will be helpful for troubleshooting.
netstat -tunlp
sestatus
iptables -L
* AWS Security Group Rules
* Nginx configurations ( including main configuration if changed )
P.S : OP fixed the problem by moving the config file directly into site-enabled directory. maybe, reefer the comments for more info if you are having the same issue.
Most probably port 80 might not be open in your security group or nginx is not running to accept the connections. Please post the nginx status and check the security group
check belows:
in security group, add Http (80) and Https (443) in inbound section with 0.0.0.0 ip as follow:
for 80 :
for 443 :
in Network ACL, allow inbound on http and https. outbound set custom TCP role as follow:
inbound roles:
outbound roles:
assign a elastic ip on ec2 instance, listen to this ip for public.
"By default, Caddy will bind to ports 80 and 443 to serve HTTPS and redirect HTTP to HTTPS." (https://caddyserver.com/docs/automatic-https)
How can we change this port?
Background:
In our setup, Caddy runs behind an AWS load balancer which forwards requests from port 443 to port 4443. Therefore, we would like to have Caddy listen on 4443. (We use the DNS challenge.)
According to the documentation:
The first line of the Caddyfile is always the address of the site to serve.
In your Caddyfile:
<domain>:<port>
Example:
localhost:8080
You should be able to do this
https://example.com:4443 {
# config info
}
Above answers are both good, but if you want to run on specific port and have other reverse proxy redirecting from yourdomain.com:443 to <MY_SERVER_IP>:4443, you can use global settings
{
http_port 880
https_port 4443
}
mydomain.com {
...
}
Only use this when you want your server to run on 4443 but be able to accept requests where Host: mydomain.com is present (host doesn't have :4443 port)
I am running a Linux instance on EC2. It is running Apache on port 80 and a custom nodejs server on port 8080.
I would like to use a subdomain to redirect the petitions from port 80 to 8080.
Traffic to nodejs.mydomain.com:80 should be redirected to the EC2 server on port 8080.
Is that possible using AWS VPC?
I do not want to configure Apache as a proxy.
More details about the current configuration:
The instance has attached an Elastic IP address.
I'm using Route 53 to point my domain to this IP
The instance is running inside a VPC
The server is on production so I'm looking for a minimum downtime
Thanks for your help.
we have IIS 7.5 on server machine.
All websites can be access locally (80 and 8081 port as well)
However, only port 80 website can be accessed remotely. But the website on 8081 cannot be accessed remotely.
What is wrong?
That is because you have firewall turned on for non standard ports (even if HTTP protocol is used and HTTP is enabled in firewall app/feature settings because it defaults to port 80).
To enable remote port 8018 access: under firewall.cpl -> Advanced settings -> Inbound rules add new rule for port 8081, TCP