We had a service running in IIS at example.com:88 in one of our server and the url is hardcoded in most of our client apps in android /ios
We needed to move our applications to a new location and this time we had Windows domain among our servers.
That made port 88 busy and occupied with Kerberos.
Now that we have moved all our application and main domain name to the new environment. We are not able to find any workaround to redirect connection coming on port 88 to a different address.
Need help with a workaround to the problem.
Do you have Multiple Public IPs form your ISP?
if so you can assign/change/add one of those ip to this application/server and have that port also open on that public ip.
Solution depends what kind of router you have and if you are able to acquire additional IPs. Also is it possible to access the app using a FQDN?
Related
We've a project that is to go live very soon and we ran into this issue when dealing with developers. This is two JDEdwards (ERP) website which are hosted on a single IBM WebSphere webserver, currently using a FQDN, and different ports assignment for DEV and TEST users. Websites as such are -
DEV
https://jdeweb01dev.corporate.company.com:100/jde/owhtml/
TEST
https://jdeweb01dev.corporate.company.com:101/jde/owhtml/
There is only one IP configured for the above server FQDN but we will eventually give common name like JdeDev.company.com JdeTest.company.com or something.
We want to implement SSL cert for our Test/Dev environments, but how would we implement this on IIS or IBM Web SPhere, as well as on DNS level. Sine the only difference between the URLs is port numbers and both lead to different websites. I'm open for suggestions on how we can improve the design as well or how to make the current design work.
Another important thing to consider, the two websites will be accessed between two different Domain Forests which have transient Trust. This is a JDEdwards project.
Appreciate any help on this!
In order to configure HTTPS binding in IIS site binding, just configure a certificate in IIS site binding module.
https://learn.microsoft.com/en-us/dotnet/framework/wcf/feature-details/how-to-configure-an-iis-hosted-wcf-service-with-ssl
Also, this could be accomplished by the Netsh http command.
netsh http add sslcert ipport=0.0.0.0:8000
certhash=0000000000003ed9cd0c315bbb6dc1c08da5e6
appid={00112233-4455-6677-8899-AABBCCDDEEFF}
https://learn.microsoft.com/en-us/dotnet/framework/wcf/feature-details/how-to-configure-a-port-with-an-ssl-certificate
After you have set up the FQDN in DNS entries, you could specify the Hostname field in order to access the service with the server fully qualified domain name.
Feel free to let me know if there is anything I can help with.
WebSphere supports multiple virtual hosts, each with its own alias(es), which can be a combination of DNS name and port. The built-in default_host will typically have an alias for the server/node name and the * wildcard for all ports. You then assign a specific virtual host to an application when you deploy it.
I want to make my identity server public so that all users who visit it can access the identity server but right now only I can access it since it's hosted locally. How can I deploy this so that it runs on my IIS? Will copying and pasting the WSO2 IS folder into my inetpub\wwwroot folder work? (And after configuring the .xml files so that it shares my public domain)
I tried reading the WSO2 IS documentation but it's not very clear to me how I can make it public. I was hoping for a systematic tutorial/way to do this but it chains from one step to multiple.
https://docs.wso2.com/display/IS530/Deployment+Guidelines+in+Production
https://docs.wso2.com/display/IS550/Changing+the+hostname
I believe there are a few misconceptions (no, copying the installation into inetpub\wwwroot won't work, it's not php)
chains from one step to multiple
well - the documentation is related only to a product, it assumes some knowledge of the network and systems it runs on
1 - you should run the WSO2IS as a service ( so this is Windows guide may be helpful and this here is how to run the WSO2IS as as service for Linux)
2 - change the repository/conf/carbon.xml
(this step is optional, but increases security)
HostName - to the public hostname
MgtHostName - to internal hostname, so the administrative console is not accessible from internet
3 - The best practice to expose the WSO2IS would be a reverse proxy (depending you are using IIS, nginx or httpd) so you don't expose the default port 9443 to the outside directly (I assume you want to use your own SSL certificate on 443 and TLS termination in the web server)
For the default WSO2IS applications you need to create a reverse proxy from `HTTPS:443 -> HTTP:9763
update /repository/conf/tomcat/catalina-server.xml and on the Connector listening on 9763 add attribtue proxyPort="443"
(Note: now I am not sure if it will work, what will work for sure is TLS bridging HTTPS:443->HTTPS:9443, it means adding proxyPort="443" to the Connector for port 9443)
Every WSO2 product already has an application server shipped with a TomCat.
This way you do not need, nor should, place the fonts on another separate application server. Use what's in the product.
By its description it seems to me that you do not have much familiarity with infrastructure, servers and etc, I will try to help you and clarify some points.
As I mentioned above, you should use the TomCat that already comes with the product and put it in some VM (Server) that has Internet output, that is, it has ports 80, 443 and also ports 9443 and 8243 (which are the default product ports) released for access beyond the internal network (LAN).
If you get the Public IP of that VM where the WSO2 Identity Server product is running, and access it from outside your local area network (LAN), the service should work.
Making an analogy to a Web site is the same concept. When you want to put a Web Site publicly for the internet, as you said put the fonts inside apache's WWW folder or something, it's the same concept, so people outside of your local network can access this website, this Apache would have to be with a Public IP, It's the same concept, but WSO2 already has its "Apache" TomCat internally, just leave your Public IP.
I am having stand alone Linux Centos server with Static IP. I am running two tomcat application http://IP:8080/sampleapp, http://IP:8090/myapp. i can access that both application from internet.
i bought domain from ipage.com. now i wanted to map http://sampleapp.com to http://IP:8080/sampleapp and http://myapp.com to http://IP:8090/myapp.
I don't want to add another apache layer to forward port.
How can i map..? please help me
You can give a redirection in your ipage.com DNS setting which redirects your domain to your static IP.
But I would like to suggest you can run on port 80 to just make your link prettier.
Your requirement is not very clear. However you can deploy both apps to the same port, like 80, and then use Tomcat virtual host to achieve what you need: https://tomcat.apache.org/tomcat-7.0-doc/virtual-hosting-howto.html
I host a web application on my laptop and I access it using 'localhost:9080/abc.com' and lets assume my IP is '192.168.10.20'
Now, I want my colleague to access this web application from his system 'web browser' by typing in '192.168.10.20:9080/abc.com'
As laptop is owned by 'company' I cannot install (or) use any third party softwares
How can I manage this on RHEL 6?
Assuming you're on the same network (LAN) then a client who connects to 192.168.10.20:9080 should have no problems (assuming the web aplication also listens to requests other than localhost).
If abc.com is just an "alias" you set up in your hosts file then no other person than yourself will be able to use abc.com to connect to 192.168.1.10.20, unless they have the same alias in their hosts file.
If you purchased a domain abc.com and set up it up to redirect to 192.168.10.20 it should work. But usually there are delays associated with updating a DNS so the time it takes for abc.com to be updated can take even a day.
Now if you have your colleagues on a different network (for example they want to connect from their homes when the laptop is connected to the internet at your place) it won't work with a bit of fiddling. Basically, when they try to connect the router gets a request from the client to connect to port 9080, but the router doesn't know what to do with it so nothing happens. You have to set up port forwarding in your routers settings so that all incoming traffic on port 9080 gets sent to 192.168.10.20.
And when they try to connect that way, they can not use the 192.168.10.20 ip adress, because it always refers to a adress on the local network. They have to use your external ip adress (google what is my ip adress).
I am trying to run a server on a different host to my website. How can I set it up so that if people connect to certain ports on my domain that they connect to my server, and so my website still works.
Ports exist on the level of TCP and UDP. There is nothing DNS can do to magically change what happens, at the client or your server, on that level.
For your web site, DNS provides translation of its name to a set of IP addresses. The client's browser will then try to talk to port 80 or 443 on one of those addresses. If you want the other server to use the same name as the web site, it must answer requests on other ports on the same set of IP addresses.
If your server is for a protocol that's new and smart enough to use SRV records, you can use that to actually run the server wherever is convenient but still tell the users to connect to the web server name. Check the documentation for details.
If you can't do that, another possibility is to run a small process on the web server machine that listens to the other server's port(s) and forwards all traffic to wherever the server is actually running. The feasibility and details of doing so depends a whole lot of what server it actually is, so I can't really say any more about that.
Or you could just tell the users to use www.tellusthesoddingname.com for the web site and server.tellusthesoddingname.com for the server and point those names at different IP addresses. Which is by far the simplest and most robust solution.