Docker Xdebug LAN / Public Dev server - linux

I want to get Xdebug running in a semi secure manner over LAN in the office. Our current setup is as follows:
Local server on LAN network under 192.168.1.1 with Ubuntu Server 16
Multiple instances of docker with PHP / Apache running on Ubuntu server
Jwilder nginx proxy for forwarding all requests to individual docker containers
https://github.com/jwilder/nginx-proxy
Files are directly edited over an internal SMB share where Windows hosts connect to the Linux share. These are the hosts running PhpStorm.
The machine is exposed to the world using port 80. LAN has access to all ports.
I'm at a bit of a loss how to properly setup Xdebug using PhpStorm where only those within our LAN can trigger the debugger and debug from map files from a Linux host on Windows.

A DBGp proxy would be the answer here.
It limits all debugging connections from the web server to a single host inside the LAN.
It allows you to perform multi-user debugging with the help of IDE keys.
JFYI, in Xdebug, it's the web server that initiates a TCP connection to the client (the DBGp proxy in this case), so some Docker networking magic is required here.

Related

Connecting to host from inside a docker container on linux requires opening firewall port

Background: I'm trying to have XDebug connect to my IDE from within a docker container (my php app is running inside a container on my development machine). On my Macbook, it has no issue doing this. However, on linux, I discovered that from within the container, the port I was using (9000) was not visibile on the host gateway (Using sudo nmap -sT -p- 172.20.0.1 where 172.20.0.1 is my host gateway in docker).
I was able to fix this issue by opening port 9000 on my development machine (sudo ufw allow 9000/tcp). Once I did this, the container could see port 9000 on the host gateway.
My Question: Is this completely necessary? I don't love the idea of opening up a firewall port just so a docker container, running on my machine, can connect to it. Is there a more secure alternative to this?
From what you've told us, opening the port does sound necessary. If a firewall blocks a port, all traffic over that port is blocked and you won't be able to use the application on the container from the host machine.
What you can do to make this more secure is to specify a specific interface to open the port for as specified here:
ufw allow in on docker0 port 9000 proto tcp
Obviously replace docker0 with the docker interface on your machine. You can find this by looking at the output of ip address show or by following the steps here if the interface name is not obvious.

Can not access weblogic console from a different machine

I am having trouble accessing the weblogic console from a different machine in the same network.
I installed weblogic on a server from a different machine by ssh. The weblogic is up and running, but now I can't access the console on a browser from my machine. Both machines are part of the same network.
I am able to SSH in to the server from my local machine. Ping also works on both machines using each other's IP address.
telnet gives me the following output:
am#Linux-Vostro-3250:~$ telnet 192.x.x.x 7002
Trying 192.x.x.x...
telnet: Unable to connect to remote host: No route to host
This is confusing me, because I am able to access the server using ssh.
I searched everywhere for a possible solution, but I could only find more problems.
In very simple language, how do I resolve this issue or what exactly may the cause be?
There was no firewall cinfigured in the server. I set up a firewall by following the instructions from this site "https://oracle-base.com/articles/linux/linux-firewall"
There are two GUI options but none of them worked for me so better stick to the CLI.
then, using the following command i granted access to my local machine from the server :
# Accept packets from specific host (x.x.x.x).
iptables -A INPUT -s x.x.x.x -j ACCEPT
Now i can access the Weblogic console from my x.x.x.x machine.

How do I install Gitlab on a VM?

I installed Gitlab on a VMWare VM, using NAT, where the VM is running Ubuntu 16.04. Everything installed OK, but I can't access it via the browser. It says I need to configure an external URL. I only need to access the VM from my Mac (where the VM is running). How do I configure a URL so I can access it from my Mac?
Thanks!
When the VM is running locally on the Mac in NAT network config, this means that the ports are available directly on the Mac IP. If you only need to access it from the Mac itself, you could access the application at the port via the loopback (local only) IP 127.0.0.1
If gitlab is running on port 80 in the VM, on the Mac you should be able to access with http://127.0.0.1
If this doesn't work, there are a few options:
Confirm no other service/webserver is running on port 80 locally on the Mac. If there is, you should change the port of the gitlab webserver in your VM, and access using http://127.0.0.1:port
Confirm that port 80 is allowed in the VM firewall, and that the webserver is running https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-gitlab-on-ubuntu-16-04

Cannot access eclipse orion server from local machine using local IP

I have been given a centos server to lauch eclipse orion code editor. I installed eclipse orion as per the instruction on https://wiki.eclipse.org/Orion/How_Tos/Install_Orion_on_Localhost (steps for linux using jetty server). It works fine on centos browser. The centos os is running on 198.168.1.226. So that I can access the following urls on web browser of centos.
198.168.1.226:8080
localhost:8080
127.0.0.1:8080
0.0.0.0:8080
But when I tried to access the 198.168.1.226:8080 from other local machines on local network, that is not accessible. I searched the StackOverflow Questions like how to make jetty server accessible from LAN? and Unable to access jetty server with local IP address but both are useless for me. How can I fix this situation? Can I fix it editing the code on orion.ini file or need to deal with configuration file or something else?
I have also tried the orion for windows computer but it worked itself for accessing the orion system for any other computer in local network. But I am surprised to face it on centos using the jetty server for setting up eclipse-orion system .
First of all check that have you allowed specific port (8080) from eclispse.
add rule with that port no. in centos iptables as below:-
iptables -A INPUT -p tcp --dport 8080 (adjust according your port no.) -j ACCEPT

How to access nginx server from host machine, installed on guest VM ?

Host Machine - Win 7
Guest - Fedora
I have installed nginx web server on guest fedora machine and I can access the webpage inside guest machine using the interface address. How can I access the web page from host machine's browser ?
I am using bridged connection.
Router is assigning 192.168.0.16 to the guest machine's interface. I tried same address in my host machine but it doesn't work.
Based on your description:
First you should check your web application's config. You don't mention which type of your web application running on your Apache server, some are launched with the specific ip argment 127.0.0.1( or localhost), so kind of these web application can only be visited on your localhost computer. You should change the ip argument to 0.0.0.0
Second if the "Fisrt" failed, check the connection of the two server(host and your guest) by using telnet.
On your Win7, you can use the command:
telnet ip port
for example:
telnet 192.168.0.16 80
80 is the default port of Apache Http(s) Server.
if the command don't show the "connection refused" error, your Apache server is goood, so it might be something wrong of your web application.
If that, show me your error msg then we go on further.

Resources