Firewall - proxy setting for connecting HazelCast server host:port - hazelcast

Is there way to set Proxy settings (route via proxy Server) for HazelcastClient to connect to remote cache server (which is behind a firwall)
Thanks

No since Hazelcast clients use an internally developed (even though open source), plain TCP protocol, there is no real proxy support. You might be able to use a SOCKS proxy though but this is not supported.
There's also a prototype to tunnel the protocol through a HTTPS session but same thing, not officially supported: https://github.com/noctarius/https-tunnel-openshift-hazelcast

Related

Access azure redis cache behind a proxy

from development environment, developpers need to access redis cache.
Connection to the azure redis cache is done via socks protocol on port 6380.
Issue is due to the fact that external access to the internet is done via a proxy in our company.
If it's HTTP(S) access, in nodejs for example, we use npm package 'dotenv' where we specify 'HTTP(S)' proxy settings (example for package ms-rest azure).
But here we don't find any solutions to for proxy usage for socks access.
We use the npm package 'redis' in that case.
Anyone has a solution to for proxy usage ??
Thanks in advance Mathieu
It seems to be impossible for directly connecting to Azure Redis Cache from a client behind a proxy. The reason as below:
Redis only supports tcp connection via its protocol like telnet, it's infeasible if your proxy does not support socks.
After I searched two recommended NodeJS redis clients ioredis & node_redis, both don't support build connection via proxy.
So here are two possible solutions for your current scenario.
If your proxy supports socks, you can try to create a new redis client via change some code based on the existing redis client to support socks proxy.
Recommended for the current case. I suggest that you can create a HTTP service on Azure to handle the requests from your client behind your proxy, which can pass the parameters of HTTP requests to Azure Redis Cache and wrap the result into the HTTP responses. It's Redis over HTTP like solutious/bone.
Hope it helps.

WebSocket over SSL: Cloudflare

I have a website behind cloudflare. I need to enable websockets over SSL without turning off cloudflare support. I have a PRO plan and hence won't get the new websocket support. I am using Nginx to proxy a SSL connection to a web socket running on a node server. Now, I read somewhere that cloudflare could work with approved ports would support websockets. Hence, I'm using 8443 for the Nginx port and another port for the node server. Using wscat it returns a 200 error.
$ wscat -c wss://xyz.com:8443
error: Error: unexpected server response (200)
I know that the websocket is expecting a 101 code. However, if I visit https://xyz.com:8443, I can see the page displayed by the node server telling me proxy is working. Also, once I turn off cloudflare support, the websocket starts working. Any clues to get this working. I know I can create a subdomain but I'd prefer running the websocket behind cloudflare.
If you're trying to access this through CloudFlare's network you'd need to explicitly have web sockets enabled on your domain before they will work -- regardless of the port. As in, even if the port can pass through our network, that won't automatically mean that web sockets will be enabled or accessible on your domain.
You can try contacting our support team to request an exception to see if they can enable it for your domain, but typically this is still only available at the business and enterprise levels.
Disclaimer: I work at CloudFlare.

Configure XSockets to use the handshake port

From my understanding, WebSockets has been designed to traverse firewalls and proxies. Indeed, after an handshake between the client and the server, the communication protocol will change from HTTP to WS but it will still communicate on the port used to establish the handshake. (See websocket.org).
In other words, if a client can do an HTTP request on a given port, he will also be able to do WS on the same port.
However, according to XSockets configuration documentation, the port used for WS communications isn't the same as the HTTP port. Unlike a regular WS connection, a NAT on the firewall seems to be required to allow communication between the XSockets server and the client.
Is there a way to configure an XSockets server to re-use the HTTP port used for the handshake (port 80) without creating conflicts with the existing web applications hosted on the same web server (IIS)?
You are right. But, the application listening on the web port, should be able of understanding WebSocket protocol in order to do the handshake, and that is not the case of IIS < 8.
If you want to have your WebSocket running on the same port than your web application, you need IIS 8 (included in Windows >= 8 and >= 2012).
As far as I know XSocket allows you to use IIS8 as hosting environment: http://xsockets.net/docs/hosting#using-iis8
But if you have IIS < 8 , then it is not possible. It is not a XSocket limitation, it is a IIS limitation.

How to achieve direct-server-return with HAProxy and app server?

What would be an example method of achieving DSR with HAProxy and an app server like node.js? I've read a few articles on the subject however I don't quite understand how the node server can respond to the request directly when the client connected to the load balancer first.
...unless there's some lower level, virtual interface proxying going on.
DSR can't be done through HAProxy, since HAProxy is a reverse proxy.
HAProxy acknowledges the client TCP connection then it creates a new TCP connection to the server on which it forwards the request.
The sever can't answer to the client directly, since it is not aware of the client TCP connection.
If you want to achieve DSR mode, you must use LVS, which has a module for this purpose.
Baptiste
I have reason to believe this is possible as the ALOHA appliance from HAProxy Technologies (that runs HAProxy internally) does officially support DSR mode. However, I still have not figured it out how they do this.
They even have a technical application note about how to set up your backend servers to work with this mode.
See: http://www.haproxy.com/static/media/uploads/eng/resources/aloha_load_balancer_appnotes_0053_server_configuration_for_layer4_dsr_mode_en.pdf
Unfortunately, this document doesn't say anything about how the HAProxy itself is configured. Still digging!
As explained by Baptiste above haproxy cannot do DSR as its reverse proxy in case of aloha you can disable the reverse proxy mode which in this case uses the LVS feature of linux to work as l4 loadbalancer which can be used for DSR.

web2py makes no http connection, how does it communicate with browsers

I was trying to sniff HTTP packets though wireshark on my localhost, when i tried working on a web2py instance at my localhost no http connections found. While digging deeper into it i found it is not creating `any connections in the application layer. well then how does it communicate with browsers without http? (I have heard of web2py as a very secure framework, now this thing is creating more curiosity in me)
Are you sure it's not an HTTP connection on port 8000 (which is the IANA registered port for irdmi)? If you use wireshark, you can choose to decode as HTTP when the port isn't the standard port for the protocol.

Resources