Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
I have a Virtual Private Server (VPS) running Debian 10. On this server there is an application (its code rather cannot be modified) which creates an open TCP/IP port (let's say 6000). The application has a simple database with users and passwords and all incoming messages MUST be HTTP.
Obviously, at this point I am more than worried about the security of the communication (which in fact does not exist due to the plain nature of HTTP).
My first thought would be to drop all packets on the mentioned port for the eth0 iface (which is exposed to Internet), create OpenVPN server on my VPS and connect to this VPN all clients that would like to use my application. The problem here is that these clients will most likely be Android devices and it will not be possible to upload certificates for each device and do other configuration magic to establish the VPN connection. I also would not like to implement OpenVPN in a dedicated Android app.
My another though was that there is maybe an application which I would start on the VPS and it would implement such logic:
Android app <--HTTPS--> UnknownApp(on VPS side) <--HTTP--> port6000(My original unsafe app also on the VPS side)
Is it feasible to implement such scenario? Ofc I could write such app on my own but I would prefer to use tested and reliable solutions.
The application you are looking for is stunnel. It does exactly what you described, it is well tested, based on well-known libraries, and production ready.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 1 year ago.
Improve this question
A client is asking me if I could create a "VPN" extension that can connect to their VPN server. I have seen numerous VPN extensions on the Chrome Web Store, but they only affected Chrome. Doesn't a VPN affect all connections?
I have found chrome.proxy. Are the VPN extensions really VPN's or are they actually web proxies? Can I tell the client that they need to setup a web proxy server instead of a VPN server, and I use chrome.proxy for this purpose?
Many "VPN" extensions are essentially proxies, indeed: they cannot affect anything except the traffic of the browser itself (through chrome.proxy and chrome.webRequest API).
There are, however, two exceptions.
On Chrome OS (and Chrome OS only) an extension can use chrome.vpnProvider API to broker a connection to a VPN.
Using Native Messaging, you can have an extension communicate with another application running in the OS that can manage "true" VPN connections. However, that does require a separate installation of such a module with appropriate OS permissions, and makes the Chrome extension nothing more than a remote control for it.
So using the path #2 above, it is possible to create a true VPN extension, but that would require software installation outside of the browser.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 6 years ago.
Improve this question
I am currently living at the student homes to my university. I want to set up a NAS / server to run backups, VM and some other small task. This is also something I want to set up to learn more about Linux and networking. I am currently planning how to set it up and what hardware to buy, but I want to run arch Linux on it with RAID 1. A problem I'm thinking about is that I don't have access to the router and therefore I can't set up port forwarding to connect to the server. Is there a way to get remote access to it without adjusting the settings in the router?
At my University we have the ability to connect to a vpn so we can access services only available through a specific University IP.
I haven't tested this method but I believe it could work.
Set up your services like normal and configure them to use port 80 if they need any data from the outside.
Make a script, probably available somewhere, to send you your internally ip address on e.g. mail.
That way you can use your schools VPN service to connect to the lan and from there you can access an internal ip address(your server).
This all depends on this VPN service and if you are connected to the same network.
#iporSircor commented on a method you can use. It's basically the same as what I wrote, but instead of connecting to schools VPN you will connect to your own VPN(server).
Test it out and let us know what method you used, what worked, what didn't.
And also you should talk to your school to find out if using Tor or even setting up a server on their network is allowed.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
is it possible to use transaction layer security (tls) to secure an external client/server application without modifying the code of the application itself?
Say a client application on a machine connects to several servers on several machines over an unsecured connection. I want to encrypt this connection using openssl/tls, but I can't modify neither client nor servers, but the machine configurations (linux os running underneath). I just found stunnel but it seems that it just supports a 1:1 connection.
Thanks in advance.
If you have a finite (and reasonably small) number of servers and you can configure the port number on your client for each connection, you could run stunnel on multiple ports, each one corresponding to a different destination.
However, it sounds like setting up a VPN between all these machines would be a better option. Some VPN implementations rely on TLS, but I'm not sure it would be the best choice here. You might want to investigate other methods, such as IPSec too.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 years ago.
Improve this question
I have a VPS on DigitalOcean.
I have a Node.JS and MongoDB application.
Now I want to pin my domain (myapp.com) to my Node.JS app.
Now I can run my app by IP like 192.xxx.xxx.xxx:8080. I want to have this on address myapp.com.
How to do that?
A domain does not point to an app but to a machine, so to start make sure your domain points to your VPS's IP, i guess you can access to DNS settings in your host's interface.
If your app is running on :8080 then http://myapp.com:8080 should then point to your app.
If you want your app to run on the http://myapp.com only (without :8080) you have to either launch the app on port 80 (which is the default http port) or install a reverse proxy that tunnels :80 to :8080.
I personally recommend using a proxy, as you would be able to add other NodeJs apps later, each running on different ports and beeing served through the proxy.
Nginx is used a lot as a reverse proxy for node or ruby applications, and you should find a lot of documentation for it.
Alternatively, to play pure NodeJS, have a look at node-proxy, it should suit your needs very well too.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 7 years ago.
Improve this question
I'm a programmer dammit, I should be allowed to ask these kinds of IT questions! :)
Anyway the problem is as follows. I'm writing an automatic build script to deploy code to a live windows 2003 server. To get access to the server I enabled the VPN role, and I can connect to it remotely from my dev machine using a username and password I set up on the server from the network connections screen.
I set up a share on that machine and gave full share+security permissions to the account I am using to connect. Once connected, I would have thought I would be able to see the share. In fact I can't even see the computer even though the VPN is connected (if i type '\IPADDRESS\' into the run box nothing comes up).
Am I missing an essential step here?
So you can use Remote Desktop Connection to connect to the server, but CIFS/SMB (shares) is not working?
Is there a Windows firewall setting that needs to be changed (... I don't even know if there was a 2003 update that included Windows firewall)?
Pinging the IP address results in which error message (or, hopefully none if you can RDC)?
Is the remote server and your local dev box on the same IP subnet? If its not routed properly you may be trying to hit a local address.
It looks to me like you can't connect to a network share from inside the same session that you esatblished the VPN connection in. I now manually open the VPN connection, then kick off the build scripts