I use the Google compute engine service and have configured a static IP for the instance.
The firewall uses the defaults open tcp:1-65535, udp:1-65535.
But use localhost can't ping to instance.
It's like a Google compute engine firewall setting issue, but I don't know how to change the settings.
In cloud console networks panel's "Protocol & Ports" field, you will need to add "icmp" to make it ping-able.
for example: tcp:80,443;udp:5000-6000;icmp
Related
I am trying to whitelist an IP address for my Google App Engine, I am currently using express-ipfilter for whitelisting selected Ip's, but the thing is, it is not working as from whichever IP I will hit, my API express-ipfilter is always showing
Access denied to IP address: 172.XX.X.X
There is also a firewall-rules section in App Engine but there is no option for providing the URL for the API which I am doing whitelisting?
I think this error is coming because as App Engine uses Nginx Behind the Web Server, also Ip Address coming is (172.XX.X.X)(Which means Ip is Public to Google Cloud).
Is there any inbuilt Google App Engine feature for whitelisting, or why my express-ipfilter is not working. Can anyone Please help me.
Thanks
Actually, the thing is In App Engine requests does not comes directly to App Engine therefore in order to see the IP of the client we have to look for req.get("X-Forwarded-For") Header field, it is an array of Ip's so we have to check the first IP which is the client IP and if that matches the desired IP then we can do our work.
See the documentation here nodejs/reference/request-headers
I've got a app plan (BASIC SMALL) with a private (hopefully) ip adress that can be found under Settings > Custom Domains.
When I try to access the content of the app using just the ip, it doesn't work. The site says "Error 404 - Web app not found." The hostname works just fine. When I ping the hostname it gives me the same ip adress. What do I have to do in order to be able to access it just using the ip?
That's not how Web Apps work, since you don't get a unique IP address assigned. You'll need to access it via yourname.azurewebsites.net or yourcustomdomainname.com - and then your requests are routed appropriately based on the name you provide.
If you absolutely needed a dedicated IP address, you'd need to deploy to a virtual machine.
When you host your web site on Azure web app it is bound to a virtual IP address that is shared with other web sites in the same app service plan. If you want to get a dedicated IP with your web site, please try to use Azure virtual machine with reserved IP. You could also choose App Service Environment
If you buy your custom domain, you can freely set DNS A records for that IP (it remains static). It sets binding of your domain to your web app. You can't access it directly by IP. Because on a given IP address and standard HTTP port 80, only one web can be running.
Imagine your web app could be open by entering that IP. You would "block" port 80 for zillions of other stuff running there.
If you check Properties blade there you will see a number of outbound IP addresses. If you consume some requests from web app / job / ... and have IP restriction set on the other side - you need to allow all these IPs.
As David suggested. If you really need a static IP - you need to run VM and set IP address as static or set VNet for web app.
I would like to enable the dns addon for my container engine cluster..
as described here.. http://kubernetes.io/docs/user-guide/services/#dns
How do I actually enable this clusterwide so that I can autodiscover my services instead of manually specifying IP addresses every time I relaunch a service.
DNS is enabled by default in Google Container Engine. You should be able to use it exactly as specified in the docs.
I've been running the free trial and am trying to point of my name cheap domain to the vm web site I have created.
I covered the server Ip.
Here are my namecheap settings for the domain.
The covered Ip is the same as above..
Here are my IIS settings
Change the Hostname to my actual domain.
I've also disabled Windows firewall and added port 80 and 443 in the security app hooked to the Azure VM. I can't seem to connect to the website at all. Am I missing something? I've been troubleshooting for hours and cant find anything except basic tutorials and how to do it on the Classic Azure portal.
thank you.
If you are using V1 (old portal/classic) Azure VM resources, then you need to open up the endpoint on the cloud services. All VMs exist as part of a Cloud Service.
From the new portal,
Select the VM (Classic)
Settings
Endpoints
Add the required port (make sure public port is the one you want to use, say 80, and the internal port is the one IIS is listening for)
If you are using V2 resources, you need to add a public IP to your VM before it can be reached from the outside world.
From the new portal
Click on the VM
Open settings
Select Network Interfaces
Select IP Address
Enable public IP (and add a PIP)
Keep in mind that in Azure, all IPs are dynamic. You will want to configure DNS settings against the DNS names provided, and not the IP address (as this will change if you power off the machine). For V1, use the cloud service name. For V2, you are given the option when creating the PIP to have azure assign a DNS name.
For testing, try to telnet on port 80 to the correct DNS name.
I've just set up a windows azure VM and installed IIS on it.
When I remote desktop onto the box I can see the default IIS website fine but I can't get this to serve on the web from the IP address of the box.
I've opened up port 80 on windows firewall and also added an endpoint for port 80.
I've tried to access it with the firewall completely turned off also but to no avail...
I cant work out if there is anything else I need to do to get this working?
Add endpoints for port 80 (http) and port 443 (https) to the VM in the Azure portal (tip: this can be automated with powershell or the Azure cli).
Remote desktop to the machine. Open the Windows firewall control panel and allow traffic to port 80 (http) and port 443 (https) or just turn it off ... the firewall is ON by default (tip: can also be scripted through the VM agent / powershell).
Go to the Azure portal and find the cloudapp.net subdomain for your VM (actually the cloud service) your VM is running under. Try accessing the site with that domain. If that doesn't work, try browsing to http://localhost on the server (remote desktop) to make sure IIS works and troubleshoot from there.
Modify the DNS records of your custom domain to use a CNAME to the .cloudapp.net domain. If you need A records make sure to use the public IP of the cloud service (just ping the .cloudapp.net domain to find it or look in the Azure portal).
You might want to look into Azure Websites or Azure Cloud Services (web roles). Those are a lot easier to manage and a lot cheaper. They still offer most of the functionality.
What fixed the issue for me was to go into the Azure Portal, browse to 'Network Security Groups', select the VM and then create an inbound rule to allow traffic to port 80.
Note: Also ensure that the inbound rule to port 80 is added and enabled on the actual VM.
Well, I deleted the existing VM and Cloud service and started again - all worked fine out of the box this time.
How annoying! The only thing I did notice was that before my cloud service had the same name as my VM - this time they had different names so that might have been what was causing the issue.
Cheers
For the newer VMs and pre-configured setups (2015+), it's possible your setup is using an azure asset called "Public IP". If so, you can set a custom DNS name label in it, inside "Configuration". Note that this name will consider any type of region used when creating the VM (e.g. my-site.brazilsouth.cloudapp.azure.com).
It's good to remember that for testing purposes, it still suffices to use the value of the public IP that is randomly designated to you.
The VMs are actually accessed via a Cloud Service (well they are for me). Azure created a Cloud Service automatically to be the scaling engine/load balancer on the front of the VM. I have to connect to the web site via that cloud service, not the VM directly.
Its possible you were using the internal IP rather than the external IP.
The sites have to use the internal IP address in the bindings section of IIS. However, in your dns you will need to use the external IP. This is presumably since the 'internal IP' is just a virtual one that Azure uses to map traffic from the external network to the VM's inside azure.
You should find both the internal and external IP's are visible on the VM's desktop.
Switch off TLS 1.3 in the Registry Editor.
This is what worked for me as of writing this in Mar 2021.