I run a tomcat7 in ubuntu in aws. not use apache.
and my site use default tomcat port 8080.
I don't want to open port except 8080 so I'm setting in aws security group.
inbound
8080 TCP anywhere
and outbound allTraffic.
but I try to rest call to
http://my_aws_ip:8080/test.do
but it doesn't work.
What should I open the port?
Does tomcat7 use a some port?
Tomcat uses whatever port or ports and protocols you configure it to use. By default it listens for HTTP requests on tcp/8080, AJP requests on tcp/8009, and service management requests on tcp/8005.
This is configured in Connector elements in $CATALINA_HOME/conf/server.xml:
https://tomcat.apache.org/tomcat-7.0-doc/config/http.html
You should reconfigure Tomcat to listen on standard ports like tcp/80 for HTTP and tcp/443 for HTTPS. Non-standard ports are a ready indication of a novice deployment.
The AWS Security Group should be configured to allow HTTP, HTTPS, pr both depending on your need. I highly recommend using HTTPS unless the information being transferred is public domain or has no value.
You can check what ports Tomcat is using on your EC2 instance with netstat -anpt. It will show all active and listen ports and the programs that have bound them (including java or tomcat for your Tomcat ports).
Unless you really need root access to the OS, you might want to consider using Amazon Elastic Beanstalk as it manages all that cruft for you.
Related
What I'm trying to do is create an access website for my own services that run on my linux server at home.
The services I'm using are accessible through <my_domain>:<respective_port_num>.
For example there's a plex instance which is listening on port X and transmission-remote (a torrenting client) listening on port Y and another custom processing service on port Z
I've created a simple website using python flask which I can access remotely which redirects paths to ports (so <my_domain>/plex turns into <my_domain>:X), is there a way to display these services on the network paths I've assigned to them so I don't need to open ports for each service? I want to be able to channel an existing service on :X to <my_domain>/plex without having to modify it, I'm sure it's possible.
I have a bit of a hard time to understand your question.
You certainly can use e.g. nginx as a reverse proxy in front of your web application, listen to any port and then redirect it to the upstream application on any port - e.g. your Flask application.
Let's say, my domain is example.com.
I then can configure e.g. nginx to listen on port 80 (and 443 for SSL), and then proxy all requests to e.g. port 8000, where Flask is running locally.
Yes, this is called using nginx as a reverse proxy. It is well documented on the internet and even the official docs. Your nginx.conf would have something like:
location /my/flask/app/ {
# Assuming your flask app is at localhost:8000
proxy_pass http://localhost:8000;
}
From user's perspective, they will be connecting to your.nginx.server.com/my/flask/app/. But behind the scenes nginx will actually forward the request to your app, and serve its response back to the user.
You can deploy nginx as a Docker container, I recommend doing this as it will keep the local files and configs separate from your own work and make it easier for you to fiddle with it as you learn. Keep in mind that nginx is only HTTP though. You can't use it to proxy things like SSH or arbitrary protocols (not without a lot of hassle anyway). If the services generate their own URLs, you might also need to configure them to anticipate the nginx redirects.
BTW, usually flask is not served directly to the internet, but instead nginx talks to something like Gunicorn to handle various network related concerns: https://vsupalov.com/what-is-gunicorn/
I'm trying to configure a port forwarding (port 80 to port 8080) for a Node.js application hosted on Google Cloud Compute Engine (Ubuntu and Nginx).
My ultimate goal is to have an url like "api.domain.com" showing exactly the same thing from "api.domain.com:8080" (:8080 is working actually).
But because it's a virtual server on Google platform, I'm not sure what kind of configuration I can do.
I tried these solutions without success (probably because it's a Google Cloud environment):
Forwarding port 80 to 8080 using NGINX
Best practices when running Node.js with port 80 (Ubuntu / Linode)
So two questions here:
1.Where I need to configure the port forwarding?
Directly in my Ubuntu instance with Nginx or Linux config files?
With gcloud command?
In a secret place in the UI of console.cloud.google.com?
2.What settings or configuration I need to save?
One possibility is to use Google Cloud Load balancer.
https://cloud.google.com/load-balancing/docs/
1) Create a backend service that listen on port 8080
2) Create a frontend service that listen on port 80
3) Then forward frontend trafic on this backend service
4) Bonus : You can create a ssl certificate auto managed by GCP https://cloud.google.com/load-balancing/docs/ssl-certificates#managed-certs
For the benefit of future readers, here how I figured out how to configure the port forwarding.
You will need to be sure that your Firewall on Google Platform is well configured. Follow this process well described here: Google Cloud - Configuring Firewall Rules. You will need to be sure that port 80 (or 443 for HTTPS) and your Node.JS port (e.g 8080 in my case) are opened.
You will need to configure the port forwarding directly on the server. As far as I know, as opposed to the firewall rules, this is not a configuration that you can do in the Google Cloud platform UI. In my case, I need to edit the Nginx config file located in: /etc/nginx/sites-available/default.
Use this example for reference to edit your Nginx config file: nginx config for http/https proxy to localhost:3000
Once edited, you need to restart your Nginx service with this command: sudo systemctl restart nginx
Verify the state of Nginx service with this command: sudo systemctl status nginx
Your port should be redirected correctly to your Node.js application.
Thanks to #John Hanley and #howie for the orientation about Nginx configuration.
EDIT: This solution is still working but the accepted answer is easier.
I am currently working on my own web application. I am hosting aws linux server.
My question is:
I can deploy war file into /var/lib/webapps/test.war, and access each single page from this war, furthermore, I am binging A record to my ip address. Assume, I am binding www.test.com to my ip. So that I can access my web page from test.war by www.test.com:8080/test/single.html.
How can I access only by www.test.com/single.html?
One more thing is, if i have one file t.html under /var/www/html/t.html. I can access this file by www.test.com/t.html.
How should I deploy my test.war in order to access it by www.test.com/single.html
Let me know if any description is not clear. I tried couple of days. Hope anyone can help!
Do you need to deliver static content via the Apache HTTP?
YES: Configure Apache as reverse Proxy for Tomcat.
NO: Configure Tomcat to listen on Port 80.
EDIT:
Since i realized you need further explanation:
Apache HTTP normally listens on Port 80. A Web-Browser tries to connect on Port 80 or 443 automatically when u enter a domain or an IP. Apache HTTP usually serves content from /var/www/....
Tomcat is an Application Server and listens in your case on Port 8080. Tomcat deploys webapps from /var/lib/webapps (With your configuration).
You cant just put a Java webapp in Apache's Document root. Apache has no Idea how to handle such content...
If you want to reach your webapp on Port 80 you can either reconfigure Tomcat to listen on Port 80 or use the Apache HTTP as reverse proxy (https://en.wikipedia.org/wiki/Reverse_proxy).
READ THE DOCS!
Change the port of Tomcat from 8080 to 80. Currently, your tomcat server listens to port 8080. Only if it listens to port 80, the suffix :8080 will be hidden. Only one application can bind to a port at a time, so make sure your Apache HTTP server is not binding to 80.
Change the port of Apache HTTP or just stop this service.
Back up files in folder webapps/ROOT, because your following action will replace its content. Rename test.war to ROOT.war and deploy your application at the root in Tomcat.
Rename test.war to ROOT.war (capitalization important) and deploy it to the same location. Tomcat will use that as the "root" webapp and you won't need to include a folder in the URL.
I am trying to have multiple tomcat instances on a Linux server and each instance would have an web application ROOT deployed in it.
While accessing the application, the url is formed in the format : whereas I don't want the end users to remember the ip address or the port of the application.
Since more than one instances would be used in the linux server, defaulting to 80 port ( http ) and 443 ( https ) wouldn't help out.
The idea is to expose the DNS name for the application and looks like Apache HTTP server would help me solve the case. Is the approach right ?
I assume the apache server should be one per linux server vs one per tomcat instance. Could this be confirmed ?
The Apache Tomcat version is 8.5.4 and the plan is to go with the apache http server version 2.4
Setting an Apache HTTPD (or any other) as front server is a good approach.
You won't be able to use more than one Apache HTTPD per server, since you don't want to use :port notation in the url's, at least it will not be possible to use standard HTTP/HTTPS ports in more than one HTTPD at once at the same server.
If you plan to use both http and https, you should create at least one virtual host for each of them. There is a limitation on creating virtual hosts for name based virtual host while using SSL 443 port, so if you want to have more than one HTTPS port enabled you will need IP based virtual hosting.
This is the Apache HTTPD 2.4 virtual host documentation.
Then, you could forward requests to each Tomcat using mod_proxy or tomcat connector. I personally choose one or other depending on the current requirements, specially if there is straight correspondence between contexts in Tomcat and Apache HTTPD (in this case I use AJP) or there's the need to rewrite it (mod_rewrite):
httpd://apache.httpd/context1 -> tomcat:XXXX/context1 (ajp tomcat connector)
httpd://apache.httpd/ -> tomcat:XXXX/context2 (mod_rewrite)
httpd://apache.httpd/context3 -> tomcat:XXXX/context4 (mod_rewrite)
I have Solr with its default Jetty that came with example directory installed on Linux server which has apache2 as its web server.
Now, within the same private LAN, when I open a browser and type in http://<ip-address>:8983/solr works ONLY when I do port forwarding otherwise it doesn't work. I am not sure what could be the problem? Please note this installation has been done on a remote server in a hosting environment for production deployment and I am a beginner wrt deployment stuff.
You can use the jetty.host parameter during startup to allow direct access to Jetty.
The -D option of the java command can be used with the followin syntax:
java -Djetty.host=0.0.0.0 -jar start.jar
In this way Jetty can be reached from all the hosts.
However this is not the ideal setup IMHO. I prefere to setup Jetty to listen only on localhost, implementing the client with another frontend server which listen on port 80. If you want to implement the frontend on another server you can use iptables to limit the incoming connection, dropping everything on the 8983 port if the IP is different from the one of your frontend server.
This image depicts my preferred setup for a LAMP stack includin SOLR: