Does vagrant share with https still work? - linux

I have the guest's HTTPS port set to 443 on it's Apache 2 installation.
In Vagrantfile
I have vm.forwarded_port set to forward from 443 to 8443
I have vm.hostname set to actualdomain.org
I've also installed the vagrant plugin install vagrant-hostsupdater so that actualdomain.org is written to my hosts file, so it pulls up the developer environment and not the actual site when it is requested.
List item
I ran vagrant connect...
I ran vagrant share --https 443 --domain actualdomain.org but it reports the following:
==> default: Detecting network information for machine...
default: Local machine address: 192.168.xx.10
default: Local HTTPS port: 443
==> default: Checking authentication and authorization...
==> default: Creating Vagrant Share session...
There was an error returned by the Vagrant Cloud server. The
error message is shown below:
Domain cannot be used with this account
But if I run vagrant share without the --domain parameter, I end up with the following in my logs when I try to contact the site remotely:
Hostname XXXXX-YYY-ZZZZ provided via SNI and hostname XXXXX-YYY-ZZZZ.vagrantshare.com provided via HTTP are different
And in the browser I am returned an HTTP 400 Bad Request.
Is there any easy way around this? It seems to me that this didn't happen the last time I used vagrant, and it seems as though there was something added to TLS that causes it to balk about the SNI error since then.
I even tried adding a server alias that was the same as the XXXXX-YYY-ZZZ.vagrantshare.com, and it still is giving me an issue; does that mean that I have to rebuild the certificate everytime the hashicorp URL changes if I want to show it off to somebody via their browser?

Related

DNS resolve timeout/delay for domains mapped to localhost in hosts file

I'm actually facing an issue which came up when using the proxy in Angular CLI.
But it's not related directly to Angular nor to node.js... it seems to have it's roots some levels deeper (namely on operating system level)
##Short version:
When I have a domain to IP mapping in my hosts file /etc/hosts and proxy it using node-http-proxy which is the underlying layer of the angular-cli proxy feature there's a delay of 5000ms before the request gets resolved and the response is provided.
Proxying is mandatory for backend communication to avoid cross origin errors in development because angular apps are served via port 4200.
##Longer version:
Operating System: OSX Catalina 10.15.4
Based on a deeper analysis it's not caused by Angular CLI and even not node.js.
It seems there's something going "wrong" with the system as I can reproduce the behavior in my terminal as well using the arp command
There's a mapping in the /etc/hosts file which looks like below:
127.0.0.1 service.company.local
When running then the command: arp service.company.local it won't resolve of course as this domain isn't known for DNS servers.
It finishes with the output: arp: service.company.local: Unknown host
Also when the computer is disconnected from internet/network (wifi of) the arp still takes 5000ms before it finishes with the Unknown host message, whereas it directly returns Unknown host for existing domains (then without delay).
The problem is pretty frustrating as it heavily slows down local development of an Angular app which is doing some cascading requests take so extremely long that a fluent work isn't possible.
Screenshot from Chrome Dev Tools:
Is there some known solution to get around this issue without moving away from the domain to ip mapping within the hosts file?
Addition (content of the hosts file)
##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting. Do not change this entry.
##
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost
127.0.0.1 service.company.local
# Added by Docker Desktop
# To allow the same kube context to work on the host and the container:
127.0.0.1 kubernetes.docker.internal
# End of section
I'm very thankful for any hints.

How do I set up my Linux Azure VM so that I can connect via a browser?

I'm working on a Linux VM on Azure which was set up by someone else (so I don't know all the details). I'm trying to connect it to a domain name.
The server has a "Hello World" program, so when I go to "example.com" I should be seeing "Hello World". Currently I'm just getting
Safari can't open the page "http://example.com" because Safari can't find the server "my domain.com"
I thought I'd start with making sure that the IP address connects to the server (which it did at one point. So I enter the IP address of the server (let's say it's "12.345.678.901") in the browser, and it can't connect... I get the error
Can't open the page "12.345.678.901" because the server where this page is located isn't responding
There's an Inbound port rule to allow connections for port 8080, so I tried "12.345.678.901:8080" but this time got
Can't open the page "12.345.678.901:8080" because Safari can't connect to the server
I don't know what to try next. Presumably something needs to be enabled on the server to allow the browser to connect?
The other inbound port rules are ssh on port 22 (TCP) and then what I assume are the standard Azure ones (I can't edit or delete them anyway).
To view your Linux VM inside the browser, you need to install a web server. Easiest to install and get working straight away is nginx.
First thing you need to do is SSH(port 22) into your VM using the username and IP address of the machine:
ssh username#ipaddress
Which will prompt you to enter a passphrase to gain access to the VM.
This also assumes your SSH public key exists inside ~/.ssh/authorized_keys on the VM. If you don't have this setup then you need to get the owner of the VM to copy your public key into this file. Otherwise you won't be able to connect and get a Permission denied (publickey) error.
Assuming the above works, you can install the nginx webserver with the following two commands:
sudo apt-get -y update
sudo apt-get -y install nginx
Then once this web server is installed, add an HTTP inbound port 80 rule inside the network settings. For security reasons, having your web server listen on this port is probably unsecure long term. Its just easier to get working when you choose this port to begin with, because its the default.
You can see what the default listening port by viewing the server configuration host file with cat /etc/nginx/sites-available/default:
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}
Which shows the default port of 80. You can change this default port to 8080, then run sudo service nginx restart to restart the server and apply the changes. Additionally, you can have a look at this How to make Nginx Server Listen on Multiple Ports tutorial, which goes into more depth on how to configure listening ports for nginx webservers.
You should then be able to view your VM from a browser window(blurred out my IP address for security reasons):
You can also have a look at this Quickstart: Create a Linux virtual machine in the Azure portal tutorial for a step by step on how to get this setup in Azure.
You should first check to see if you have an entry for http://example.com. The reason could be that you do not have a DNS Entry and when you are trying to connect to it via the browser. Since you tried connecting to it via IP and it still did not work, I would suggest you check your Webserver configurations to make sure it is correctly listening for port 8080. Also, ensure that your webserver is also turned on as well. You can tail the webserver log and try to hit it via the IP like you did earlier and see if you see any errors in the logs. It would at least tell you if your request you are making on your browser is actually getting to the webserver.

Chef : knife.rb ignores ssl_verify_mode :verify_none when bootstrapping a node

I am trying to bootstrap a node from chef workstation. I have everything configured, and also the knife client list returns the name of the validator. However, when I bootstrap a node, I get the following error
ERROR: SSL Validation failure connecting to host: XXX.XXX.XXX -
hostname XXX.XXX.XXX does not match the server certificate
Although I have configured the knife.rb and added the line
ssl_verify_mode :verify_none.
The chef server and workstation don't have domain names; only IPs.
Is there a way to work around the SSL check?
I'm unsure the knife.rb parameter is used for bootstrapping.
There's a --node-ssl-verify-mode NONE for the knife bootstrap command, which will set the ssl_verify_mode parameter to :verify_none on the node bootstrapped.
But really, configure a DNS system; you'll have another load of problems using IP as nginx won't be able to properly route the requests without a hostname defined.

SSH-2.0-OpenSSH_6.7p1 Raspbian-5 Protocol mismatch. On Raspberry Pi web server

I had setup a web server on my raspberry pi that was accessible by a domain name. I needed to add Https access to it, so I got a SSL certificate and I followed the steps and instead of having an https domain name, I got this error, SSH-2.0-OpenSSH_6.7p1 Raspbian-5 Protocol mismatch
Ive tried to undo everything from the SSL certificate initializing steps, but I still get this error.
I can ssh into the pi still over wifi and when I run nc -zv my.hostname.com 80 it says that the connection succeeded. Likewise, I checked canyouseeme.org and my port 80 is not being blocked
Btw figured out the problem. I added some extra code in a config file in the ssh folder that caused problems. Got rid of the unecessary code and bam! Problem solved.

Assigning a domain name to localhost for development environment

I am building a website and would not like to reconfigure the website from pointing to http://127.0.0.1 to http://www.example.com. Furthermore, the certificate that I am using is of course made with the proper domain name of www.example.com but my test environment makes calls to 127.0.0.1 which makes the security not work properly.
What I currently want to do is configure my development environment to assign the domain name www.example.com to 127.0.0.1 so that all http://www.example.com/xyz is routed to http://127.0.0.1:8000/xyz and https://www.example.com/xyz is routed to https://127.0.0.1:8080/xyz.
I am not using Apache. I am currently using node.js as my web server and my development environment is in Mac OS X Lion.
If you edit your etc/hosts file you can assign an arbitrary host name to be set to 127.0.0.1.
Open up /etc/hosts in your favorite text editor and add this line:
127.0.0.1 www.example.com
Unsure of how to avoid specifying the port in the HTTP requests you make to example.com, but if you must avoid specifying that at the request level, you could run nodejs as root to make it listen on port 80.
Edit: After editing /etc/hosts, you may already have the DNS request for that domain cached. You can clear the cached entry by running this on the command line.
dscacheutil -flushcache

Resources