I have been able to set up my virtual machine on google cloud platform and am able to SSH into my RPi successfully using this tutorial:
https://medium.com/jj-innovative-results/how-to-access-a-raspberry-pi-anywhere-with-reverse-ssh-and-google-cloud-platform-59b6a89501a
Now I want to transfer HTTP data on port 8080 where my LAN application is hosted on the RPi instead of SSH data on port 22 to my virtual machine. How do i go about this and is it possible?
From there i plan on buying a domain to view my LAN app on the internet. I don't want to use services such as remoteit/zerotier to do this
Please help
For security reasons, I am recommending setting up a proxy between the Internet and your SSH server. You can skip steps #1 and #2 and use a port number above 1024 such as 8080. Never run the SSH server directly on port 80 as that requires privilege.
STEP 1)
Install Apache or Nginx.
STEP 2)
Set up a proxy in Apache/Nginx to forward connections on port 80 to port 8080.
Example configuration for Nginx:
server {
listen 80;
server_name example.com;
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_pass "http://127.0.0.1:8080";
}
}
STEP 3)
Configure the VM SSH server to allow port forwarding option AllowTcpForwarding.
Setup the tunnel to open port 8080 on the VM and forward to the listening port on your Raspberry Pi (example 9000).
Example SSH command to run on the raspberry Pi:
ssh -R 8080:127.0.0.1:9000 <VM IP Address> <Your credentials>
Details. This command opens port 8080 on the public VM server and forwards traffic back to your system to port 9000.
Note: I did not test the SSH command, but this should be correct. There are many examples on the Internet such as link. This answer will help you understand how traffic is routed (forwarded).
STEP 4)
Configure the application running on the Raspberry Pi to listen on port 9000 (example).
Summary, the client connects to VM port 80 which forwards to VM port 8080 which forwards over the SSH tunnel to the Raspberry Pi which has an application listening on port 9000.
Of course, you can change the port numbers, I used unique port numbers to prevent confusion.
Related
I'm working on a Linux VM on Azure which was set up by someone else (so I don't know all the details). I'm trying to connect it to a domain name.
The server has a "Hello World" program, so when I go to "example.com" I should be seeing "Hello World". Currently I'm just getting
Safari can't open the page "http://example.com" because Safari can't find the server "my domain.com"
I thought I'd start with making sure that the IP address connects to the server (which it did at one point. So I enter the IP address of the server (let's say it's "12.345.678.901") in the browser, and it can't connect... I get the error
Can't open the page "12.345.678.901" because the server where this page is located isn't responding
There's an Inbound port rule to allow connections for port 8080, so I tried "12.345.678.901:8080" but this time got
Can't open the page "12.345.678.901:8080" because Safari can't connect to the server
I don't know what to try next. Presumably something needs to be enabled on the server to allow the browser to connect?
The other inbound port rules are ssh on port 22 (TCP) and then what I assume are the standard Azure ones (I can't edit or delete them anyway).
To view your Linux VM inside the browser, you need to install a web server. Easiest to install and get working straight away is nginx.
First thing you need to do is SSH(port 22) into your VM using the username and IP address of the machine:
ssh username#ipaddress
Which will prompt you to enter a passphrase to gain access to the VM.
This also assumes your SSH public key exists inside ~/.ssh/authorized_keys on the VM. If you don't have this setup then you need to get the owner of the VM to copy your public key into this file. Otherwise you won't be able to connect and get a Permission denied (publickey) error.
Assuming the above works, you can install the nginx webserver with the following two commands:
sudo apt-get -y update
sudo apt-get -y install nginx
Then once this web server is installed, add an HTTP inbound port 80 rule inside the network settings. For security reasons, having your web server listen on this port is probably unsecure long term. Its just easier to get working when you choose this port to begin with, because its the default.
You can see what the default listening port by viewing the server configuration host file with cat /etc/nginx/sites-available/default:
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}
Which shows the default port of 80. You can change this default port to 8080, then run sudo service nginx restart to restart the server and apply the changes. Additionally, you can have a look at this How to make Nginx Server Listen on Multiple Ports tutorial, which goes into more depth on how to configure listening ports for nginx webservers.
You should then be able to view your VM from a browser window(blurred out my IP address for security reasons):
You can also have a look at this Quickstart: Create a Linux virtual machine in the Azure portal tutorial for a step by step on how to get this setup in Azure.
You should first check to see if you have an entry for http://example.com. The reason could be that you do not have a DNS Entry and when you are trying to connect to it via the browser. Since you tried connecting to it via IP and it still did not work, I would suggest you check your Webserver configurations to make sure it is correctly listening for port 8080. Also, ensure that your webserver is also turned on as well. You can tail the webserver log and try to hit it via the IP like you did earlier and see if you see any errors in the logs. It would at least tell you if your request you are making on your browser is actually getting to the webserver.
I'm trying to use nginx to setup a simple node.js server, I'm running the server in background on port 4000, my nginx config file is
server {
listen 80;
listen [::]:80;
server_name 52.53.196.173;
location / {
include /etc/nginx/proxy_params;
proxy_pass http://127.0.0.1:4000;
}
}
I saved it in /etc/nginx/sites-available and also symlinked it to sites-enabled, the nginx.conf file has the include line already to load files from sites-enabled, then i restarted the service using
sudo service nginx restart
I tried going to 52.53.196.173 and it refuses to connect, however going to 52.53.196.173:4000 with port 4000 it is working, but I'm trying to make it listen on port 80 with nginx, i tried putting my .ml domain as server_name and no luck, and i have the IP 52.53.196.173 as the A record in the domain dns settings, and I'm doing this on an AWS EC2 Instance Ubuntu Server 16.04, i even tried the full ec2 public dns url no luck, any ideas?
Edit: I solved it by moving the file directly in sites-enabled instead of a symlink
There is few possible things. First of all you need to verify that nginx server is running & listening on port 80. you can check the listening ports using the following command.
netstat -tunlp
Then you need to check your server firewall & also the selinux policies. ( OR disable selinux for test )
Then you need to verify that AWS security group configured to access the http/https connections on port 80.
PS : Outputs from the following command & configurations will be helpful for troubleshooting.
netstat -tunlp
sestatus
iptables -L
* AWS Security Group Rules
* Nginx configurations ( including main configuration if changed )
P.S : OP fixed the problem by moving the config file directly into site-enabled directory. maybe, reefer the comments for more info if you are having the same issue.
Most probably port 80 might not be open in your security group or nginx is not running to accept the connections. Please post the nginx status and check the security group
check belows:
in security group, add Http (80) and Https (443) in inbound section with 0.0.0.0 ip as follow:
for 80 :
for 443 :
in Network ACL, allow inbound on http and https. outbound set custom TCP role as follow:
inbound roles:
outbound roles:
assign a elastic ip on ec2 instance, listen to this ip for public.
I've trying to run my nodejs/expressjs application on my godaddy server, but any port I use times out. I've tried using the application on my local device and it works fine. I have a snippet of my connection below.
var app = express();
app.listen(8080, function() {
console.log("Listening on port " + 8080);
});
When I run the program through ssh, I get no errors
node index.js
Listening on port 8080
But when I go to the corresponding location in my browser, I get:
xxx took too long to respond.
ERR_CONNECTION_TIMED_OUT
I'm pretty sure it has to do with running on the godaddy server. If anyone has experience using this service with nodejs, is there a specific port I should be using, or is there any other setup I should do?
Do you have a VPS with GoDaddy right? So I assume you have also root access.
SSH into your GoDaddy server as root and check if the node.js app actually listens on that port:
netstat -tunlp | grep 8080
If you see any result there for the node.js app and that port then the port is open.
By default, there should be a firewall on your server which might block most of the ports and allows only the necessary incoming traffic.
You can check if there is any rule for that port by issuing the command bellow:
iptables -nvL | grep 8080
If any result is returned, then you have to add an iptables rule to allow access to that port. There are multiple methods to do that:
permit full access from your IP access to the server
permit your ip to access port 8080 on the godaddy server
permit outside world to access port 8080 on your server
You could read any iptables guy, it's pretty easy to add/edit/delete firewall rules. Most of the cPanel/WHM servers come with CSF Firewall (which is based on iptables and perl scripts).
In order to allow an ip address to your firewall (if you have CSF Firewall installed) you have to issue the following command:
csf -a ip-address
I hope that helps!
I have my meteor app running on my production server. I have a reverse proxy setup on a different server.
A curl from my reverse proxy server to my app server gives me a Connection Refused.
My app is running on port 8080 and my firewall allows access to the port. I suspect the reason for the connection refused is that my app is running on 127.0.0.1 instead of 0.0.0.0
On running sudo netstat -tapn I get a
tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN 14391/node
How do I get the app to run on 0.0.0.0. If this is not the reason, what else could cause a connection refused?
127.0.0.1 is the loopback IP it's usually the same as localhost (as defined in your hosts file). you should never be able to connect to that IP from the outside. 0.0.0.0 binds to all IPs on the server, which is accessible from the outside.
we have IIS 7.5 on server machine.
All websites can be access locally (80 and 8081 port as well)
However, only port 80 website can be accessed remotely. But the website on 8081 cannot be accessed remotely.
What is wrong?
That is because you have firewall turned on for non standard ports (even if HTTP protocol is used and HTTP is enabled in firewall app/feature settings because it defaults to port 80).
To enable remote port 8018 access: under firewall.cpl -> Advanced settings -> Inbound rules add new rule for port 8081, TCP