I'm trying to make the wildfly work on ubuntu in production.
I was able to make it work with its standard 8080 and 8443 ports, and managed to redirect ports 80 to 8080 and 443 to 8443 using iptables from ubuntu.
But when performing this redirection, the page opens in https but the h2 protocol (HTTP / 2) and gzip do not work.
If I go direct in the standard wildfly protocol (www.example.com:8443) gzip and h2 work perfectly.
Here is the iptables redirect command:
Iptables -t nat -A PREROUTING -i eth0 -p tcp -dport 80 -j REDIRECT
--to-port 8080
Iptables -t nat -A PREROUTING -i eth0 -p tcp -dport 443 -j REDIRECT
--to-port 8443
I've tried using nginx to do the redirect and the same problem happens.
I also tried configuring wildfly to use port 80 and 443 directly but Ubuntu does not allow it.
I have the following status in firewall:
ufw status verbose of server
If there is a way to make the wildfly in port 80 and 443 or make the redirect work in h2 and gzip.
System:
Ubuntu : 16.04.1
Wildfly : 10.1.0.Final
Please help me solve this problem.
Thank you very much.
I just found the solution.
The problem is in my Windows 10 Anti-Virus (More specifically BitDefender 2017).
All the tests I did was on a Windows 10 operating system, by the time I switched to Linux (I have dual boot) the site finally got http2
So I saw that the name of the issuer of the certificate that was being used was: Bitdefender Personal CA.Net-Defender.
It was at this point that I realized that my certificate created by letsencrypt was being overwritten by another bitdefender certificate.
SOLUTION: In BitDefender enter the module settings, and go to the internet module and disable the option to verify SSL certificates. Restart your browser and you're done.
So beware when testing a website using an antivirus.
Related
I am using AWS lightsail for the first time. I cloned my git repository to my htdocs and opened port 3000 on my networking ipv4 firewall. What im trying to do is load my node site with my aws static IP. It currently works when I specify the specific port like: 98.222.124.4:3000 but I wanted it to load the site without having to specify the port so I followed the steps found here https://docs.bitnami.com/ibm/infrastructure/nodejs/administration/create-custom-application-nodejs/ under "Create A Custom Virtual Host" but the specified method is not working. I still need to specify the port in order for the site to load. What I basically did was edit the documentRoot and directory paths to my repositories location then restarted apache but this didn't let me access the site without the port. Where did I go wrong. How can I load the site without specifying a port in the url?
It took me a minute to land on this solution but the only method that worked was this:
First try this after installing iptables:
sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3000
What you basically did is forward all port 80 traffic to port 3000. Then check and see if site is loading without specifying the port in URL. If it works go to step 2.
Step 2:
open the /etc/rc.local file with vim or other editor and add
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3000 to the file. Notice sudo is not included because the file already runs as root. We are implementing step 2 because we want the port redirected when the machine boots up.
I have a running AWS EC2 instance on an Ubuntu machine running a Nodejs server.
Everything works fine then opening the website via its public ip on port 3000 likes this:
http://XX.XXX.XXX.XXX:3000
Now I want to redirect all requests from port 80 to this port 3000 via iptables like described in this video: https://www.youtube.com/watch?v=WxhFq64FQzA via
sudo iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3000.
Unfortunately I am getting this error: http://prntscr.com/lja6hx when opening the site like this: http://XX.XXX.XXX.XXX (without port 3000 specified)
P.S.: I'm not really sure if my approach is correct. I am open to other ways of achieving a redirect from port 80 (http) to port 3000
As #Vorsprung suggested I should use an Application Load Balancer. I did this but it's still not working. Here is my setup:
My Application Load Balancer Listener
The Target Group I'm forwarding to in my ALB
My hosted zone (I've added the alias for the ALB here)
Please let me know if something is missing
either use nginx see https://nodebb.readthedocs.io/en/latest/configuring/proxies/nginx.html
or
you are on AWS! Use an ALB.. see https://docs.aws.amazon.com/elasticloadbalancing/latest/application/application-load-balancer-tutorials.html
It's my first time when I try configure a server running on Amazon EC2.
I figured out how run my node app on 80 port but now I'm trying to run on 443 port with Letsencrypt SSL. Before to work on 80 port I added
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 3000
and
sudo iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports 3000
and everything worked fine. But now after install Letsencrypt I try to do same thing but with 433 port instead 80 and it's not working.
Letsencrypt config automatically for me all files so now redirect from http to https is working fine and when my iptable is empty on https:// I see ubuntu default website. When I run lines mentioned above with 443 port app is still not working (browser can't even load anything). It's only working with http:/...:3000
I've added 443 port to Security Groups on EC2.
What I can do? Thanks.
You need to check your security group Inbound/Outbound rules, you need to see if port 443 is assigned to which host. A valid but dangerous configuration, just for testing, is allow everything on Inbound and Outbound, to see if its a problem on your Security Group.
Beyond that, you need to be sure if the binding port is listening. Are you using Amazon Linux?
I'm developing a node.js (SEAN.JS) app. On my local machine the app works normal at localhost:3000, After I run grunt, But on my server (Ubuntu 12.04 - angular.pling.cc:3000) it doesnt.
The error I'm recieving is:
"This site can’t be reached. angular.pling.cc took too long to respond."
Any help would be much appreciated.
solved. i redirected port 80 to 3000 with this command:
sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3000
as suggested here: Best practices when running Node.js with port 80 (Ubuntu / Linode)
I want to remove switch from port 8080 on my Apache Tomcat on Linux server CentOS 6.5 to the default. On My hosted Apache Tomcat server is running on port 8080 on url vmx15978.hosting24.com.au:8080. After I have installed the Geoserver software on the Apache server the url for it is http://vmx15978.hosting24.com.au:8080/geoserver/web/.
My website domain is links-map.com. Currently I can access Geoserver by this URL: links-map.com:8080/geoserver/web; However, I want to access Geoserver without 8080 using this URL instead: http://links-map.com/geoserver/web/
I had the same problem. It means I need to change port number from 8080 to 80 so that I can access my url (e.g www.mydomain.com) without appending 8080. But I found a different way to solve the problem.
Instead of changing port number in server.xml. I redirected port number 80 to 8080 using the following script. This works perfectly fine for me.
[root#myroot ~]# iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
[root#myroot ~]# iptables -t nat -A PREROUTING -p udp -m udp --dport 80 -j REDIRECT --to-ports 8080
Please find more at this link
taken from here
in your tomcat install dir, look for server.xml file.
change
<Connector port="8080" ...
to
<Connector port="80" ....
or any other port (80 is the default without specifying port)
don't forget to restart tomcat to apply changes
sudo service tomcat7 restart
Even after changing port 8080 to 80 we won't be able to access tomcat with it, as 80 is a privileged port, so it should be run by root,
Hence we can change Tomcat user to root as below and issue will be resolved, now we will be able to open tomcat site without 8080.
$ cat /etc/tomcat6/tomcat6.conf |grep USER
TOMCAT_USER="root"
Note: It is not recommended to run tomcat with root user.