setting up testing environment with Vagrant Virtual Machine and Nginx - linux

I'm trying to set up a local web testing environment with Vagrant on a centos/6 virtual machine
In the vagrant configuration I set: config.vm.network "forwarded_port", guest: 80, host: 8080
Inside of the vagrant box if I type: hostname -I it gives me a result of
10.0.2.15
In the vagrant box, nginx is already set and I do have a SSL certification and HTTPS connection set up:
server {
listen 443;
server_name 127.0.0.1:8000;
...(other configurations including ssl_certificate,
ssl_certificate_key,protocols and cipher)
...(other values that I think its not relevant)
location / {
if ($http_host != 127.0.0.1:8000) {
return 444;
}
proxy_pass http://127.0.0.1:8000;
}
And then I have:
server {
listen 80 default;
server_name ~^;
return 302 https://127.0.0.1:8000$request_uri;
}
In my vagrant box, if I use curl to get the content at 127.0.0.1:8000: curl 127.0.0.1:8000, I'm able to successfully get the expected content
From my host operating system, when I'm using chrome to request access to 127.0.0.1, it simply says The connection was reset. and the error exception code is ERR_CONNECTION_RESET
My best guess is this has to deal with my SSL configuration?

Not sure if this will help, I run vagrant and use Virtualbox as my hypervisor. You will need to check what the vagrant box is doing for NAT. On mine, out of the box it is 192.169.33.10 and that will get to my dev box. Assumes port forwarding is set right and no firewall.
What does 192.168.33.10:8080 do?

Related

NodeJs Lan application on RPi to google cloud platform to custom domain

I have been able to set up my virtual machine on google cloud platform and am able to SSH into my RPi successfully using this tutorial:
https://medium.com/jj-innovative-results/how-to-access-a-raspberry-pi-anywhere-with-reverse-ssh-and-google-cloud-platform-59b6a89501a
Now I want to transfer HTTP data on port 8080 where my LAN application is hosted on the RPi instead of SSH data on port 22 to my virtual machine. How do i go about this and is it possible?
From there i plan on buying a domain to view my LAN app on the internet. I don't want to use services such as remoteit/zerotier to do this
Please help
For security reasons, I am recommending setting up a proxy between the Internet and your SSH server. You can skip steps #1 and #2 and use a port number above 1024 such as 8080. Never run the SSH server directly on port 80 as that requires privilege.
STEP 1)
Install Apache or Nginx.
STEP 2)
Set up a proxy in Apache/Nginx to forward connections on port 80 to port 8080.
Example configuration for Nginx:
server {
listen 80;
server_name example.com;
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_pass "http://127.0.0.1:8080";
}
}
STEP 3)
Configure the VM SSH server to allow port forwarding option AllowTcpForwarding.
Setup the tunnel to open port 8080 on the VM and forward to the listening port on your Raspberry Pi (example 9000).
Example SSH command to run on the raspberry Pi:
ssh -R 8080:127.0.0.1:9000 <VM IP Address> <Your credentials>
Details. This command opens port 8080 on the public VM server and forwards traffic back to your system to port 9000.
Note: I did not test the SSH command, but this should be correct. There are many examples on the Internet such as link. This answer will help you understand how traffic is routed (forwarded).
STEP 4)
Configure the application running on the Raspberry Pi to listen on port 9000 (example).
Summary, the client connects to VM port 80 which forwards to VM port 8080 which forwards over the SSH tunnel to the Raspberry Pi which has an application listening on port 9000.
Of course, you can change the port numbers, I used unique port numbers to prevent confusion.

How do I set up my Linux Azure VM so that I can connect via a browser?

I'm working on a Linux VM on Azure which was set up by someone else (so I don't know all the details). I'm trying to connect it to a domain name.
The server has a "Hello World" program, so when I go to "example.com" I should be seeing "Hello World". Currently I'm just getting
Safari can't open the page "http://example.com" because Safari can't find the server "my domain.com"
I thought I'd start with making sure that the IP address connects to the server (which it did at one point. So I enter the IP address of the server (let's say it's "12.345.678.901") in the browser, and it can't connect... I get the error
Can't open the page "12.345.678.901" because the server where this page is located isn't responding
There's an Inbound port rule to allow connections for port 8080, so I tried "12.345.678.901:8080" but this time got
Can't open the page "12.345.678.901:8080" because Safari can't connect to the server
I don't know what to try next. Presumably something needs to be enabled on the server to allow the browser to connect?
The other inbound port rules are ssh on port 22 (TCP) and then what I assume are the standard Azure ones (I can't edit or delete them anyway).
To view your Linux VM inside the browser, you need to install a web server. Easiest to install and get working straight away is nginx.
First thing you need to do is SSH(port 22) into your VM using the username and IP address of the machine:
ssh username#ipaddress
Which will prompt you to enter a passphrase to gain access to the VM.
This also assumes your SSH public key exists inside ~/.ssh/authorized_keys on the VM. If you don't have this setup then you need to get the owner of the VM to copy your public key into this file. Otherwise you won't be able to connect and get a Permission denied (publickey) error.
Assuming the above works, you can install the nginx webserver with the following two commands:
sudo apt-get -y update
sudo apt-get -y install nginx
Then once this web server is installed, add an HTTP inbound port 80 rule inside the network settings. For security reasons, having your web server listen on this port is probably unsecure long term. Its just easier to get working when you choose this port to begin with, because its the default.
You can see what the default listening port by viewing the server configuration host file with cat /etc/nginx/sites-available/default:
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}
Which shows the default port of 80. You can change this default port to 8080, then run sudo service nginx restart to restart the server and apply the changes. Additionally, you can have a look at this How to make Nginx Server Listen on Multiple Ports tutorial, which goes into more depth on how to configure listening ports for nginx webservers.
You should then be able to view your VM from a browser window(blurred out my IP address for security reasons):
You can also have a look at this Quickstart: Create a Linux virtual machine in the Azure portal tutorial for a step by step on how to get this setup in Azure.
You should first check to see if you have an entry for http://example.com. The reason could be that you do not have a DNS Entry and when you are trying to connect to it via the browser. Since you tried connecting to it via IP and it still did not work, I would suggest you check your Webserver configurations to make sure it is correctly listening for port 8080. Also, ensure that your webserver is also turned on as well. You can tail the webserver log and try to hit it via the IP like you did earlier and see if you see any errors in the logs. It would at least tell you if your request you are making on your browser is actually getting to the webserver.

Nginx is refusing to connect on AWS EC2

I'm trying to use nginx to setup a simple node.js server, I'm running the server in background on port 4000, my nginx config file is
server {
listen 80;
listen [::]:80;
server_name 52.53.196.173;
location / {
include /etc/nginx/proxy_params;
proxy_pass http://127.0.0.1:4000;
}
}
I saved it in /etc/nginx/sites-available and also symlinked it to sites-enabled, the nginx.conf file has the include line already to load files from sites-enabled, then i restarted the service using
sudo service nginx restart
I tried going to 52.53.196.173 and it refuses to connect, however going to 52.53.196.173:4000 with port 4000 it is working, but I'm trying to make it listen on port 80 with nginx, i tried putting my .ml domain as server_name and no luck, and i have the IP 52.53.196.173 as the A record in the domain dns settings, and I'm doing this on an AWS EC2 Instance Ubuntu Server 16.04, i even tried the full ec2 public dns url no luck, any ideas?
Edit: I solved it by moving the file directly in sites-enabled instead of a symlink
There is few possible things. First of all you need to verify that nginx server is running & listening on port 80. you can check the listening ports using the following command.
netstat -tunlp
Then you need to check your server firewall & also the selinux policies. ( OR disable selinux for test )
Then you need to verify that AWS security group configured to access the http/https connections on port 80.
PS : Outputs from the following command & configurations will be helpful for troubleshooting.
netstat -tunlp
sestatus
iptables -L
* AWS Security Group Rules
* Nginx configurations ( including main configuration if changed )
P.S : OP fixed the problem by moving the config file directly into site-enabled directory. maybe, reefer the comments for more info if you are having the same issue.
Most probably port 80 might not be open in your security group or nginx is not running to accept the connections. Please post the nginx status and check the security group
check belows:
in security group, add Http (80) and Https (443) in inbound section with 0.0.0.0 ip as follow:
for 80 :
for 443 :
in Network ACL, allow inbound on http and https. outbound set custom TCP role as follow:
inbound roles:
outbound roles:
assign a elastic ip on ec2 instance, listen to this ip for public.

Vagrant port forwarding 80 to 8000 with Laravel Homestead

My Problem:
I can only access my sites through port 8000, but not 80, which makes me think it is not redirecting 80 to 8000 as it says it should be. I want to simply type local.kujif.com into my browser and it loads the site, which I read was port 80 by default. I am using curl to check it and it returns:
curl 'http://local.kujif.com'
curl: (7) Failed connect to local.kujif.com:80; No error
However if I add :8000 to the url then it works; it returns my index.php which simply prints 'test':
curl 'http://local.kujif.com:8000'
test
My Details:
I am using Laravel Homestead and Vagrant with Oracle VM VirtualBox.
In the Homestead.rb it has the port forwarding. I haven't edited it at all:
config.vm.network "forwarded_port", guest: 80, host: 8000
config.vm.network "forwarded_port", guest: 3306, host: 33060
config.vm.network "forwarded_port", guest: 5432, host: 54320
I also have Microsoft IIS installed for my work stuff. I obviously stop that service whenever I need vagrant to use the localhost.
"vagrant up" shows:
My Homestead.yaml file:
---
ip: "192.168.10.10"
memory: 2048
cpus: 1
authorize: /Users/Tyler/.ssh/id_rsa.pub
keys:
- /Users/Tyler/.ssh/id_rsa
folders:
- map: C:\DEV\Linux
to: /var/www/
sites:
- map: homestead.app
to: /home/vagrant/Code/Laravel/public
- map: local.kujif.com
to: /var/www/kujif
variables:
- key: APP_ENV
value: local
You should continue to use ports above 1024 since they are non-privileged ports, BUT if you do want you can run as port 80 on the Homestead VM, as long as you don't have anything holding on to that port on the host machine. Just tried it and it worked, with a few gotchas. First, you change that line in the .rb file from:
config.vm.network "forwarded_port", guest: 80, host: 8000
to
config.vm.network "forwarded_port", guest: 80, host: 80
When you fire your VM up after saving you will get a warning from vagrant:
==> default: You are trying to forward to privileged ports (ports <= 1024). Most
==> default: operating systems restrict this to only privileged process (typically
==> default: processes running as an administrative user). This is a warning in case
==> default: the port forwarding doesn't work. If any problems occur, please try a
==> default: port higher than 1024.
==> default: Forwarding ports...
default: 80 => 80 (adapter 1)
But it worked for me. Now, to actually get to the VM I had to use it's private IP instead of the localhost name:
http://192.168.10.10/
But sure enough my site was there and everything was working. If you decide to keep it that was you can add that IP address to your hosts file to give it a nice short name.
Hope this helps.
I see there is an accepted answer, but this alternative may also help someone.
If I understand correctly you really dislike the port "8000"!
Have you tried setting a private network?
Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
/*other config stuff here */
config.vm.network :private_network, ip: "192.168.33.22"
This way you can simply use that IP address, or edit you hosts file to map the local domain to that IP.
Take a look at the Vagrant docs:Vagrant Private Networks
BTW, You shouldn't need to shutdown your IIS local server as that is running on a totally different IP range. I have Apache running locally while also accessing the VM server. This allows you to use tools like composer (to pull in laravel) on your local if needed.
I'm not sure what the confusion is - this is the way it's supposed to work.
The web server on the VM listens on port 80. Vagrant/VirtualBox forwards that port from 80 (on the VM) to 8000 (on localhost) so that you can access the site at http://localhost:8000.
Port 80 on the VM's domain name is not going to be available - that domain name probably resolves to localhost.
Try the following: dig local.kujif.com (or nslookup or even ping - I don't know what tools are available on Windows) to find out what IP address that name is resolving to. You will probably find that it's 127.0.0.1 (localhost).
You could try using the IP address set in the homestead file instead: http://192.168.10.10/ - this might work, but it will depend on how networking is configured in the VM.
Ideally, you need to set networking to "bridged" in the VM - this will make the VM look (to your network) like any other device on the network. Other networking options in the VM (sorry, I'm not familiar with the options in VirtualBox) will set the VM up with its own network that is not accessible outside the VM - this is why port forwarding is used to expose network services on the VM.
You can disable the default port forwarding completely by adding the following to the Homestead.yaml:
default_ports: false
Or configure however you like by adding something like:
ports:
- send: 80
to: 80

Vagrant host port ignored

In my Vagrantfile I have the definition of my development machine with a private network ip of 192.168.33.10 and a forwarded port of "guest=80, host=8888", but when a run my vagrant enviroment and I try to run curl -i 192.168.33.10:8888 I get an error saying 'Failed connect to 192.168.33.10:8888; connection refused', but when I try to connect to 192.168.33.10:80 everything it's ok.
My Vagrantfile is:
Vagrant::configure("2") do |config|
config.vm.box = "precise32"
config.vm.define :web do |www|
www.vm.hostname = "apache"
www.ssh.max_tries = 10
www.vm.network :forwarded_port, guest: 80, host: 8888 # Apache port
www.vm.network :private_network, ip: "192.168.33.10"
www.vm.synced_folder "www", "/var/www", :extra => 'dmode=777,fmode=777'
end
end
Why this happens? is vagrant ignoring the forwarded port?
By default Vagrant Boxes use NAT mode, it means that the guests are behind a router (VirtualBox Networking engine between the host and the guest) which maps traffic from and to the virtual machine transparently. The guests are invisible and unreachable from the host.
That's why we need port forwarding. Otherwise services running on guest wont' be accessible.
In your case, you are using Private Network, the guest will be assigned a private IP address that ONLY the host can access, which is 192.168.33.10.
The proper way to access web hosted on the guest is => http://192.168.33.10 from the host.
You have the port forwarding part in the Vagrantfile
www.vm.network :forwarded_port, guest: 80, host: 8888 # Apache port
It is forwarding guest port 80 to your host's 8888. Because you are NOT using NAT mode I am pretty sure it will be ignored. Try to curl -Is http://localhost:8888.
NOTE: even if it still work somehow, you should be accessing web by => http://localhost:8888/ from your host.

Resources