I have CouchDB database running on http://localhost:5984/ but I want to host it on IIS to be accessed from other computer from the network. Can anyone tell me how to do that?
The other computer may well be able to use it on port 5984 the way you already have things set up.
But if you want to expose it via IIS, what you're looking for is setting up IIS as a "reverse proxy" (that is, as a front-end to another server process, in this case the CouchDB server process). This question and its answers on serverfault may help.
Related
For the context : I'm a student and I must do a project with some other people of my class. My role is to prepare them a web server that each one can use and access from anywhere. I plan to host everything on a dedicated server that I already have to avoid additional cost and give to each people a subdomain that will be redirected with VirtualHosts. They will be able to send files to the server with a SFTP server (openssh), they will get an account per person and it will be chrooted to their virtualhost directory.
My main problem : Will this be secure ? I mean, if one of the user set an easy password or just do anything risky, can someone access the other's people virtualhost or even the host dedicated machine ? I already thought about .htaccess and they will be deactivated. Is there another way to get out of an apache virtualhost ?
Things to note : they will have apache, php and an access to a mysql (or maybe mariadb, I don't know for now) database. So, they may be able to upload some old, unsecure code. Some of these users are not very educated to cybersecurity.
The server is a Ubuntu 16.04 LTS.
Thanks for the advices,
If you limit their access to only their own home directory, that's a good start.
A good layer of security would also be to implement 2FA, check out Duo Mobile, you can implement it for SSH logins (or need more details, eg. what options do they have to login into the server?)
If the users are not very educated in cybersecurity as you mentioned, it will be difficult for them to escape the virtual host they have access to.
Although i need more details such as each virtual host will have a separate database or it will be talking to a central database? also, for a paranoid measure, consider where the server is hosted. There are lots of variables that can be affirmed from what you described, but it is best to keep the server on its own network with nothing critical in the same subnet. Just in case.
A little bit of context. I have developped a webapp on node.js (and a glamourous set of extensions). It has been approved for testing with true users at my company and i am supposed to deploy it now. Problem is that basically i have no idea unto how attack this problem. I have so many questions.
For the moment i have created a virtual machine on the local server. I have installed ubuntu server unto it and i have the intuition about how to deploy the app in this part (i suppose following the same steps as when i started to work on this project). I do not know however if i can have remote access from the outside of my network to this virtual machine. I also dont know if additional configuration in ubuntu's side is needed to make such an idea work (for example: in the installation there was a part about proxies that at the moment i decided to ignore)
From the few documents i have read about it since i was assigned this, a solution may lie in using nginx. The logic behind it if i am not mistaken (and please correct me if i am) is that nginx can help linking the HTTP requests (through the port 80 which is normally opened for access in most machines) and link it to a specific port on the machine (The sexy app i have developped).
In a more early stage, what ressources would i need to start this off? Would i need a domain name? IS it necessary? Do i need a different virtual server to link the apps or can they be on the same machine?
If you have additional comments or tips for someone that is learning to do this kind of thing, please do.
For remote access, you will need a couple of things. First of all, you will need to make sure that your virtual machine is on a bridged adapter. I'm not sure what virtual machine you are on, or I'd give you more detail on how to do this. Second, you will need to make sure that your router has port 80 (or whatever port you chose to use) setup via port forwarding so that requests coming in map to the server (a request comes to the router on the port, the router must then know where to send those requests to). Finally, if you want to use a port other than port 80, you should be able to configure this in the nodejs configuration. This may also be configurable in the router so that requests coming in on port 80 are mapped to, say 8080, but, given that this is a company, it's probably easier to reconfigure the nodejs server than have it set up special mapping.
This experience comes from personal experience with hosting web servers at home. Corporate routers should need similar configuration unless each system has a public IP address on the internet, which is unlikely.
Our company has an old linux server that runs a few tomcat web applications. One of those applications is connecting to PostgreSQL. While I'm a C#.Net/Windows coder, I need to connect to this database from my computer using pGAdmin III (or any suggested equivalent). When attempting the connection, pgAdmin says Server Not Listening.
Without knowing much about linux I'm using WinSCP to connect to the file structure. I have ZERO documentation on the old apps, any data sources, or their data connections. I've been able to determine the following, assuming the location of the web app is actuallly legit and not some non-running copy.
PostgreSQL
In one app's connection information:
jdbc:postgresql://localhost:5432/somename
After some digging, I found the following possible instances of postgresql on the server file structure.
\etc\postgresql\8.3\main
\etc\postgresql\8.4\main
There's also \etc\postgresql-common with very different types of files in there.
If there are other instances or related folder, I am unaware and wouldn't know where to look. It's a labyrinthine beast.
I ensured in the config file for both that listening="*", which was supposed to be one of two fixes. It was already set to *, so assuming one of these is the right one, I should be good there.
I know that at least some instance of postgresql is turned on because the old app is running and fetching data, so that's the other of the two fixes.
pgAdmin
I heard in a separate thread here that reinstalling pgAdmin might solve the problem, but it did not. I tried with and without ssl.
Here is how I'm trying to set up the connection in pgAdmin III:
Name: SomeName
Host: I've tried a few combinations here. //servername/somename, or just //servername
Port: 5432 (matches what was expected, also the port from the connection)
Service: Blank
MaintenanceDB: I tried the default in pgadmin, postgres and the actual db I'm trying to connect to.
username & Password: the credentials from the connection info in the old app.
I'm getting the Server Doesn't Listen, suggesting that either it's not on (Well...some data source is on and working and the data in WEB-INF suggests it's postgresql), or it's not accepting TCP/IP connections, which it is according to the instances of postgresql I was able to find.
Long Story Short
At this point I'm assuming that one of the following is the problem...
The connection information I'm entering into postgreSQL is not being entered correctly, but I don't know what I'm doing wrong.
The source of the connection information (the web application) is bad/old/not from a running instance (and in this case I don't know how to tell, not in linux).
The instances of postgresql I found are not the instances it's using, and I have no idea how to find it.
Something's fishy network-wise, but since both my computer and the linux server are on the same network, it doesn't seem too likely.
Also, everyone, please document your stuff for the poor souls of the future. I greatly appreciate any assistance you are able to offer me.
You may want to use a tunnel:
ssh -L 5432:localhost:5432 user#server
After you log into the remote server, you'll have mapped port 5432 on your computer to the remote one. Then you can use pgAdmin to connect to your localhost on port 5432. Make sure you don't have anything running on this port on your computer.
Edit: Look at these examples on how to setup tunnels using putty
I'm building a Node app and need to put it online so my team can access it. We are concerned about the content of the app leaking and need some security.
Is a VPN the best way? Could I set one up easily on Digital Ocean or elsewhere? I have only set up a VPN for tunnelling before, and don't have a local computer or server that is always on.
I first thought about putting it on a randomly generated subdomain on my regular domain, or controlling it with .htaccess and password, but I'm not sure if this is doable with Node.
EDIT: what about just setting up with pptp and then editing the hosts file to point my-temporary-domain.com to localhost?
This problem is relevant because you don't have a local area network that your team all has access to. The way I've solved this in the past is to set up your application listening on the 127.0.0.1 on a server that is accessible to the internet. Allow your team to have SSH access, and set it up so they forward localhost and port 80 on their local machine to whatever port your application is listening on. You can do this with openssh and putty.
OpenDNS introduced DNSCrypt, and they runs the server in their OpenDNS server.
http://www.opendns.com/technology/dnscrypt/
And the client program is opensourced:
https://github.com/opendns/dnscrypt-proxy
This is significant for network environment that is censorship-ed, like China.
But OpenDNS servers are quite slow responsive to China, I hope to setup a DNSCrypt server on my own server, but can find nothing like that.
Does anyone know about if the DNSCrypt server part opensource or not ?
Many other servers are supporting the protocol, and it is easy to add it to your own server as well.
See the DNSCrypt implementations section of the documentation for some information.
Most of the servers, if not all, use encrypted-dns-server, either directly or via the DNSCrypt docker image.
The dnscrypt-proxy client also includes step by step instructions to install a dnscrypt server on a VPS.
Another option is PowerDNS dnsdist.