I want to do https_proxy via squid.
what i say "https_proxy" is not visiting https websites through http proxy, I mean between proxy server and I , the line must use https(even visiting http website)
And I dont care what protocal/scheme it is between real website and proxy server
I know that I have to download source and ./configure --enable-ssl complie
After that ,I found when I run squid3 with https_port 443 cert=/usr/local/etc/certs/squid.cert key=/xxx in squid.config , there is no error (if thereis no --enable-ssl ,adding the https_port into the config file will result in error msg) , which I guess I have done the right step
How ever , the port I specified was not in netstat -anp , I guess there is something else to do.
So what is the problem?
Related
I have a node app that is setup on SSH by running node osjs run --hostname=dc-619670cb94e6.vtxfactory.org --port=4100.
It starts at http://dc-619670cb94e6.vtxfactory.org:4100/ without problems, but instead I want to serve it through HTTPS https://dc-619670cb94e6.vtxfactory.org:4100/ , where I receive an error ERR_CONNECTION_CLOSED.
If I use the port I'm unable to reach it with https, but https://dc-619670cb94e6.vtxfactory.org/ is accessible.
How can I serve the port 4100 through htttps?
Thanks.
This is an implementation detail of OS.js. Their docs recommend setting up a reverse proxy for servers. Doing this will give you more control over SSL and ports, like you want
https://manual.os-js.org/installation/
I've recently installed a nodejs app (keystone) app in my home/myusername/myappname directory.
When I visit www.mydomain.com, nothing displays - even after turning on my nodejs app.
Where should these files be?
I am running ubuntu 16.04.
In the past I have worked with a var/www folder, but I am not using apache - do I need to manually create this folder?
Thanks!
For your app to be visible it has to be running (obviously) and accessible on port 80 (if you want it to be available without adding a port number to the URL).
It doesn't matter where it is on the disk as long as it's running.
You don't need Apache or nginx or any other server. Your Node app may listen on port 80. But alternatively it can listen on some other port and your other server (Apache, nginx, etc.) can proxy the requests to that port.
But if your app is listening on, e.g. port 3000 then you should be able to access it as http://www.example.com:3000/.
Also, make sure that your domain is configured correctly. It's A record for IPv4 (or AAAA for IPv6) of the www subdomain should be equal to the publicly accessible IP address of your server.
And make sure that the port you use is not blocked by the firewall.
Update
To see how you can set the port with Keystone, see:
http://keystonejs.com/docs/configuration/#options-server
It can be either changed in the config or you can run your app with:
PORT=80 node yourApp.js
instead of:
node yourApp.js
but keep in mind that to use the port number below 1024 you will usually need the program to run as root (or add a special privilege which is more complicated).
It will also mean that this will be the only application that you can run on this server, even if you have more domain names.
If you don't want to run as root or you want to host more application, it is easiest to install nginx and proxy the requests. Such a configuration is called a "reverse proxy" - it's good to search for info and tutorials using that phrase.
The simplest nginx config would be something like this:
server {
listen 80;
server_name www.example.com;
location / {
proxy_pass http://localhost:3000;
}
}
You can set it in:
/etc/nginx/sites-available/default
or in a different file as e.g.:
/etc/nginx/sites-available/example
and then symlinked as /etc/nginx/sites-enabled/example
You need to restart nginx after changing the config.
You can find more options on configuring reverse proxies here:
https://www.nginx.com/resources/admin-guide/reverse-proxy/
You need to make a proxy between Apache and your Node.js application because Node.js has a built-in server. Supose your Node.js app is served on 9000 port. Then you need to make a proxy to redirect all trafic in 80 port to 9000 port where the Node.js app is running.
1. Enable mod_proxy
You can do this through a2enmond.
sudo a2enmod proxy
sudo a2enmod proxy_http
2. Set the proxy
Edit the /etc/apache2/sites-available/example.com.conf file and add the following lines:
ProxyRequests Off
Order deny, allow from All
ProxyPass / http://0.0.0.0:9000 ProxyPassReverse / http://0.0.0.0:9000
This basically say: "Redirect all traffic from root / to http://0.0.0.0:9000. The host 0.0.0.0:9000 is where your app is running.
Finally restart apache to enable changes.
I'm trying to access a node proxy server running on my local machine from somewhere else(specified later). I've tried setting proxy listening domain to 0.0.0.0 with with port 8888. The file that will send request to the proxy server is hosted using a simpleHttpServer at 127.0.0.1 with port 4444 on another computer. In this file, I'm sending the request to http://my_local_ip:8888 (I'm assuming this is where the Node Proxy lives on my computer). However, I'm get connection timeout for some reason. Does anyone see problems with this approach?
I have set up gerrit on my subdomain at gerrit.mydomain.com. By default gerrit is running on port 8080 so i have changed the port in gerrit.config [httpd] section to 80 so now gerrit.mydomain.com open gerrit home page.
Now when i print canonical url by running following command:
git config -f ~/gerrit_folder/etc/gerrit.config gerrit.canonicalWebUrl
It still shows url as follows:
http://localhost:8080/
And its the problem now when i sign in by openID it returns to my domain as gerrit.mydomain.com:8080 and nothing happens because there is no server there
Can you please tell me how can i fix this so that it redirects to gerrit.mydomain.com and canonical url will be changed to http://localhost:80?
The gerrit.canonicalWebUrl is not related to the httpd.port configuration. This makes sense if you use a proxy server (such as nginx or apache) where you forward port 80 or 443 (webserver) to port 8080 (gerrit)
You have to edit your gerrit.config and adjust the canonicalWebUrl line to the hostname it should be.
You should able to run git config -f ~/gerrit_folder/etc/gerrit.config --add gerrit.canonicalWebUrl "http://gerrit.mydomain.com/"
I also highly recommend using a reverse proxy with ssl.
I have a RHEL5 server in a private zone. I've set up a transparent proxy for ports 80 and 443. When I try a wget on 443, I get the following:
# wget -O- https://www.google.com
--2013-02-14 15:16:50-- https://www.google.com/
Resolving www.google.com... 74.125.129.147, 74.125.129.104, 74.125.129.106, ...
Connecting to www.google.com|74.125.129.147|:443... connected.
OpenSSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
Unable to establish SSL connection.
I assume the proxy works because it's connecting. I don't know what else could be causing this.
This OpenSSL error indicates that wget sent the initial SSL ClientHello message, but gets an unexpected response from the server (or proxy) which was not an SSL ServerHello message.
This can be because the proxy speaks plain HTTP with the client, instead of HTTPS, because of a configuration error (e.g. with squid if port 443 is redirected to a http_port instead of https_port with the transparent option), or because it does not support transparent proxying of SSL at all. To debug, you may try connecting to http://www.google.com:443/ to see what happens. To know what's going on, you might want to run tcpdump while connecting to see what the server responds with. Also check the error log of your transparent proxy.
Without the transparent proxy configuration it is hard to tell what the problem is.