Brief history: I recently moved to new AWS account. And I ported all settings to new account - Route53, CF distributions, S3 buckets, new EC2 instance, RDS etc.
I've managed to make most of it work except for accessing APIs hosted on an EC2 instance on Node running Express server. Note: I AM able to access via ip address (e.g. ipaddress:8000/api/v1). However, not with the domain name - theplaybook.rocks/v1/ap1.
The apex domain works properly (the frontend hosted on S3 with static website hosting and served via CF distribution configured with DNS records) - [theplaybook.rocks][1] works fine.
In the CF distribution I have 2 Origins
S3 static website - configured with behaviour default path
EC2 Custom Origin - configured with behaviour /api/* path
Alternate domain names - configured
Security policy - TLSV1 (Tried 1.1 as well)
Origin Protocol Policy (for EC2 origin) - HTTP only
Behaviour for EC2 origin (points I think may help in answering this problem):
Viewer Protocol Policy - HTTP & HTTPS
Cache Based on Selected Request Headers - ALL
Forward Cookies - ALL
Query String Forwarding and Caching - Forward All, cache based on all
It seems like the CF is unable (or doesn't want to) connect to the Custom Origin.
TLDR:-
http://3.15.153.208:8000/api/v1 works (public IP - so problem is probably not with node/express and ports).
http://theplaybook.rocks/api/v1/ does not work, actually it used to work from different AWS account, just not in new configuration.
PS:- I had the same problem in the old account. And I solved it somehow. And I can't remember how I solved it anymore.
Please help... and I can share more info... let me know. Tks.
Try adding an alternate domain name to your cloud front distribution: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/CNAMEs.html
Solved. Finally.
I changed HTTP port to 8000 (instead of 80) in Origin settings and it started working immediately.
Note: Previously this was not the case. I never used to put 8000 port here. Not sure why now.
Thanks everyone who glanced by this post :-D
Related
I want to make my identity server public so that all users who visit it can access the identity server but right now only I can access it since it's hosted locally. How can I deploy this so that it runs on my IIS? Will copying and pasting the WSO2 IS folder into my inetpub\wwwroot folder work? (And after configuring the .xml files so that it shares my public domain)
I tried reading the WSO2 IS documentation but it's not very clear to me how I can make it public. I was hoping for a systematic tutorial/way to do this but it chains from one step to multiple.
https://docs.wso2.com/display/IS530/Deployment+Guidelines+in+Production
https://docs.wso2.com/display/IS550/Changing+the+hostname
I believe there are a few misconceptions (no, copying the installation into inetpub\wwwroot won't work, it's not php)
chains from one step to multiple
well - the documentation is related only to a product, it assumes some knowledge of the network and systems it runs on
1 - you should run the WSO2IS as a service ( so this is Windows guide may be helpful and this here is how to run the WSO2IS as as service for Linux)
2 - change the repository/conf/carbon.xml
(this step is optional, but increases security)
HostName - to the public hostname
MgtHostName - to internal hostname, so the administrative console is not accessible from internet
3 - The best practice to expose the WSO2IS would be a reverse proxy (depending you are using IIS, nginx or httpd) so you don't expose the default port 9443 to the outside directly (I assume you want to use your own SSL certificate on 443 and TLS termination in the web server)
For the default WSO2IS applications you need to create a reverse proxy from `HTTPS:443 -> HTTP:9763
update /repository/conf/tomcat/catalina-server.xml and on the Connector listening on 9763 add attribtue proxyPort="443"
(Note: now I am not sure if it will work, what will work for sure is TLS bridging HTTPS:443->HTTPS:9443, it means adding proxyPort="443" to the Connector for port 9443)
Every WSO2 product already has an application server shipped with a TomCat.
This way you do not need, nor should, place the fonts on another separate application server. Use what's in the product.
By its description it seems to me that you do not have much familiarity with infrastructure, servers and etc, I will try to help you and clarify some points.
As I mentioned above, you should use the TomCat that already comes with the product and put it in some VM (Server) that has Internet output, that is, it has ports 80, 443 and also ports 9443 and 8243 (which are the default product ports) released for access beyond the internal network (LAN).
If you get the Public IP of that VM where the WSO2 Identity Server product is running, and access it from outside your local area network (LAN), the service should work.
Making an analogy to a Web site is the same concept. When you want to put a Web Site publicly for the internet, as you said put the fonts inside apache's WWW folder or something, it's the same concept, so people outside of your local network can access this website, this Apache would have to be with a Public IP, It's the same concept, but WSO2 already has its "Apache" TomCat internally, just leave your Public IP.
I have a domain with multiple active users with several applications hosting on it.
Domain: www.domain.com and running on server IP: XXX.XXX.XXX.1
I want to run www.domain.com/business on server IP: XXX.XXX.XXX.2
and similarly to run www.domain.com/hosting on server IP: XXX.XXX.XXX.3
It is very similar to Google scenario:
www.google.com runs on XXX.XXX.173.1 - XXX.XXX.185.1
www.google.com/+dinesh on XXX.XXX.186.1 -XXX.XXX.187.1
I have seen a lot of articles to manage DNS and virtual entries but unable to get correct answer.
Another way to do this is to make the host portions slightly different, i.e.:
business.domain.com/business
hosting.domain.com/hosting
You would then use these links where you are currently putting www.domain.com/business and www.domain.com/hosting. It's then a simple matter to have those different hostnames point at different addresses.
In general, it's not possible to have URLs with the same host point to different IP addresses on the basis of the stuff after the hostname. I cannot seem to verify your Google example (from where I'm looking, they both go to the same set of addresses). If you've more information on how you determined those addresses, please post that and maybe something else can be suggested.
You can manage it through Load balance rather than run on different server
Please use a reverse proxy in front of the application servers.
Consider using nginx or Apache Httpd.
These can be configured to route (technically proxy) to the desired app servers by inspecting the context path in URL.
If you choose to use nginx, see this post on how to configure nginx for such a use case.
Nginx configuration page for additional details: config
I've recently changed my openshift default domain myapp.rhcloud.com in www.myapp.com with a custom ssl certificate. The config works perfectly well until the web page ask the server for a websocket connection. I use node with socket.io and websockets enabled
I first tried:
io.connect(www.myapp.com:8443/...)
But this return an error.
So I set back the socket connection url to:
io.connect(myapp.rhcloud.com:8443/...)
But I get this error:
No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://www.myapp.com' is therefore not allowed access.
Is there a way to allow websocket connection via a custom domain on Openshift ? Or, do I need to set up cors?
EDIT
I left socket.io prefix the websocket url I do not pass the protocol to socket.io
From my understanding, WebSockets use something like this (wss instead of ws for secure)
wss://www.yourapp.com:8443
Make sure you setup openshift with your domain alias
https://www.openshift.com/kb/kb-e1096-how-to-setup-an-alias-for-your-application
When I log to https://www.myapp.com:8443/socket.io/1/ in Chrome, I get the error
Identity not verified
which is not the case on https://www.myapp.com... after few tests and searchs I think that this error is due to the websocket preview environnement on openshift. Source (https://www.openshift.com/blogs/paas-websockets):
Update: There is one more known complication. When using our
preview-deployment of WebSockets with HTTPS and WSS protocols, you
will face self-signed certificate. That is because this environment is
only temporary to give you insight into upcoming features. Once we
move the new routing layer to standard ports 80 and 443, i.e. we move
WebSockets support into production, the certificates used will be
signed and valid as they are with current deployment.
After 4 hours of looking through stack overflow and searching Google I've finally decided to go check in with the "hopefully" gurus...
My problem is this, when querying from the local machine through remote desktop, querying for www.domainname.com/Content/Styles/reset.css i get the css fine.
When doing the same from an external machine, I get a 404 error... I know why, the reason is that it's trying to get the file from:
C:\inetpub\wwwroot\Content\Styles\reset.css
This is kind of bad considering that the website is actually hosted at: c:\http\www.domainname.com\
The error in the browser, from IIS, gives the following information:
Module IIS Web Core
Notification MapRequestHandler
Handler StaticFile
Error Code 0x80070002
Requested URL http://www.domainname.com:80/Content/Styles/reset.css
Physical Path C:\inetpub\wwwroot\Content\Styles\reset.css
Logon Method Anonymous
Logon User Anonymous
I've been looking at the other sites running on the IIS, and none of them point to InetPub as their directory, so I simply can't see why it's trying to get the item from this path.
Calling the main application, a MVC based site running Umbraco, works fine, or rather, all the dynamic content works fine, just not static content.
To give a little more information:
Currently the IIS 7.5 has 4 sites and 1 ftp server running.
1 site with the following bindings:
http - this 1st site host name - port 80 - ip address *
https - blank host name - port 443 - ip address *
1 site with the following bindings:
http - the 2nd site host name - port 80 - ip address *
1 domain with the following bindings:
http - the 3rd site host name - port 80 - ip address *
The actual domain
http - www.domainname.com - port 80 - ip address *
And finally a ftp server
I hope that someone have any idea what is going on...
Best regards and praying (despite being an atheist),
Poul
Could it be that the Static File Handler is not included for your website?
Check for your website if the Handler Mappings contains Static File as Handler. ( preferrably at the bottom of the list)
Update:
Is there a physical folder under wwwroot called content\styles? or a folder www.domainname.com for that matter?
Did you look at logs from IIS for the application pool of this website
--> C:\inetpub\logs\LogFiles\W3SVCxx (xx = number assigned to your app pool) I forgot how to find that on ( usually I quickly check the couple of folders here.
Maybe it's a security problem -> do you see events in the security eventlogger.
So I found the problem...
It turns out to be a Proxy issue... As this is a new site, the DNS wasn't set up yet and we were using the HOSTS file.
Unfortunately in Bangkok when using a Cable connection, True (the largest ISP) forces you to use a Proxy, without telling you...
Now the DNS was actually pointing to another IIS server...
When I made my request, asking for a file on domain name X.. My machine looked up the IP address through my HOSTS file, sent the request, the proxy then also did a DNS lookup, but got another IP address, and forwarded the request to this IP address instead.
The IIS on that server, knew the IP, knew the domain name, but had another configuration and didn't know the file we were asking for (for the new website)...
So indeed there is a logical explanation for everything, just not always an obvious one.
I actually got onto the problem by testing with another domain, one that didn't exist at all, on this one the proxy of course could not look it up, and started returning code 324.
When using host headers to host multiple websites on the same IP address in IIS, is there any way of accessing that website from a browser running on the local machine?
This is normally required when a given web component only allows configuration from the local machine. It's also useful when things like ASP.Net's built in error handling isn't working and you can only view the error in the browser but don't want to allow remote users to see it.
This has baffled me for a while and everytime I come across it I end up giving up in frustration and reconfigure stuff so I can accomplish such tasks remotely.
Added: #Ishmaeel - modifying hosts doesn't seem to help - you either get a 400 error (if all websites have host headers) or whichever site is configured without a host header.
Just an idea: Mapping the hostname to 127.0.0.1 in the hosts ($WINDOWS$\system32\drivers\etc) file may help. This way you should be able to pull up the local IIS site by typing the hostname as if it's a remote server
Maybe I am not understanding the question, but what's wrong with just typing in the URL for the website? If it's the matter of domain name resolution, you can point to the right DNS or put it in hosts file.
eed3si9n -- if you are trying to access a url locally and you use host headers you cant just type in the url: for example you have 2 websites (website1.com website2.com) on 1 server using host headers. the local ip of the web server is 192.168.1.50 --> if you type in 192.168.1.50 you will get a 'page cannot found'. if you put in the url website1.com or website2.com you will be accessing the sites from the outside (not locally).
so the problem is how to access the sites locally not from the outside -- for example i need this ability so that i can access locally as the test sites are only available locally. not from the outside...
You can try telnetting to the server.
$ telnet localhost 80
(type these lines manually)
GET / HTTP/1.1
Host: www.example.com
(exchange www.example.com for the host name your server is mapped to)
I would assume the only way you can do this is assigning a custom port to the specific website you want to monitor and just access it as "localhost:CustomPort".