AWS EC2 instance access internal server - node.js

In my Amazon EC2 instance I have a Pyramid server as well as a NodeJS server running. The NodeJS server acts as the frontend and I updated my security groups so I can use the public DNS to view the page.
The Pyramid server acts as a backend and the frontend accesses it by http://0.0.0.0:8002/. But when I do an http call to the backend I get a Failed to load resource: net::ERR_ADDRESS_INVALID error message.
Do I need to add a rule to the security groups, or update the iptables, or something?

If both of these services are running on the same server, you shouldn't be sending network traffic out of the server and back, so security groups will not be an issue here.
The question is, why are you using 0.0.0.0 here? I think you probably configured the Pyramid server to listen on 0.0.0.0, which really means "listen on all IP addresses". However you need to be using http://127.0.0.1:8002/ or http://localhost:8002/ in order to connect to the service from another service running on the same server.

Related

How does an azure app service access a no azure web server

I have an Azure app service and in some cases I need to send a web request to a non-azure webserver. What do I need to do to make it possible.
Currently the web request fails with no clear error message.
In response to a HttpClient Put request I get a System.Net.WebException exception which says there were errors.
THe same request works from a desktop application.
If your webserver is reachable from the internet you should be able to access it through your App Service. Try to log a ping to your webserver and google (8.8.8.8).
If your App Service is in a VNET you should enable some outbound rules to your webservers IP adress.
The server I am connecting to is an other Azure service. After some more investigating, It appears that I can connect to it if I do not use SSL (i.e. http://) but the connection is immediately closed when using SSL (https://). I assume that the problem must be related to the use of SSL.

Nodejs Loopback how to access api end points on live server?

I'm trying to deploy a Loopback project to live server, all works well on local. On server, after running node ., I get the console log of:
Web server listening at: http://domainname:3000
Browse your REST API at http://domainname:3000/explorer
So it looks like the server is running.
Problem is that I get no response from the server. Neither from domain:3000 or /explorer or any endpoint I created.
Does anyone know what might be the issue?
Thank you very much
I had a similar problem when I was trying to deploy my code. Some of the possible solutions to the problem depending on where and how you are deploying it-
Check if your security group allows connections on port 3000. AWS EC2 by default closes all ports except port 80. You might have to add an exception to your security group and allow port 3000 to be accessed from everywhere.
If you are using a container, check if your container has the ports open and if the container port is accessible by the hardware hosting the container. On Azure, I faced this problem as Azure Web App Container Service by default only listens to port 80 and 8080. So I had to modify my code such that it can use the default NODE_ENV.PORT or 8080.

Some networks time out when I trying to make AJAX calls to my server

I have an application with a React/Redux frontend deployed on AWS S3, and an Express/Mongo backend deployed on AWS EC2. The application works fine on MOST networks.
However, on a certain network, whenever the frontend tries to make any AJAX call to the backend, I get a timeout error:
"Failed to load resource: net::ERR_CONNECTION_TIMED_OUT".
So far, it's only this particular internet that is giving me the error, and it also happens to be a government site's network. I'm thinking there may be some setting I need to configure on my AWS EC2 server?
Ended up figuring it out. The network firewall was blocking the specific port (3090) of my server, but not the url of the server itself so I just forwarded port 80 to 3090 and now the network firewall doesn't block it.

how to transparently wrap tcp/ip request with ssl using windows api

I'm developing a security system. It has a proxy server acting like a ssl termination using Nginx which will forwards all tcp/ip connections from clients to other third-party systems.
The client-proxy connections must be authenticated and securely encrypted by ssl.
And my problems is:
Each client is a computer which installed Windows 7 OS or higher. It has been installed with some third-party applications which cannot be interfered. For the better user experience, all clients' tcp/ip outbound requests from any applications must be transparently "converted" into (or "wrapped" in) ssl requests before coming to proxy server. And my first idea is to develop a network driver to access these requests using windows api, namely WFP(Windows Filtering Platform). I have read its online documentation but it's not easy to understand. Can you have to find some projects like this or tell me which sections in the documentation need to be focused? Thank you in advance!
Your issue is a bit unclear but here are my thoughts:
You want to have full encryption between the End User Client to the App Service.
Current:
Client --(443: TLS)--> NGINX --(Clear; Port 80)--> App Service
(Terminate TLS)
Change:
Client --(443: TLS)--> NGINX --(TLS; Port 443)--> App Proxy -(Plain; 80)-> App Service
(Terminate TLS) (Nginx with self-signed Cert)
The change is to add an additional Nginx server on the app server to provide the last layer of TLS between the load balancer and the App Service.
If your App service has the capability to serve SSL connections directly that's even better as you can just configure that in place of running an additional Nginx server on the app host. (If you wanted you could run apache or any other web server that supports proxy/load balancing capabilities)
If you are worried about the App Service port, it won't make a difference, the idea is that the App Proxy (being Nginx or the likes) will handle the encryption on a different port to then pass via localhost to the App Service (in plain text).
Additional Resources:
Can Nginx do TCP load balance with SSL termination?
https://serverfault.com/questions/978922/nginx-proxy-pass-to-https
https://reinout.vanrees.org/weblog/2017/05/02/https-behind-proxy.html
https://nginx.org/en/docs/http/ngx_http_ssl_module.html

Starting new port on Amazon Ec2 free tier for socket io

I am using Amazon EC2 service for the web purpose. I have a web application which is hosted on apache i.e port 80. Now i am running a node instance on port 3000 and when i load my website.
io.connect('http:IP ADDRESS:3000');
This code tries to connect to my port. On server side my instance is started. But when i load my we application, this doesnt connect to server.
I was wondering do i need to update my configuration or is there any network settings i need to do ?
Try adding your port in your defined security group.
Follow http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/using-network-security.html#concepts-security for more reference.

Resources