I am setting up a failover server for our website using keepalive.
I have been following this tutorial that feets exactly my needs:
- http://blog.profitbricks.de/failover-und-loadbalancing-loesung-bei-profitbricks/
For a couple of days, everything worked well with keepalive and the virtual ip.
Suddently, the VIP is unreachable on port 80 but still reachable on port 443.
Facts:
ip addr show => i do see the VIP only in one of the frontends.
From the frontend itself, if i query it using it's public IP (the
non vip one) it does work on port 443 and 80.
From anywhere if i use the virtual ip and https, i can reach our application and i do see it in the http server logs.
In syslog i have weird messages like this one for every test i do that use port 80 on the VIP ==> /var/log/kern.log <== Nov 18 15:00:07 localhost kernel:
[14045.457450] IPVS: rr: TCP 'the virtual ip':80 - no destination
available
Hopefully it is not in production yet and if you can help me on that i would be really thankful :)
In case someone search for the terms in this question:
The port 443 was reachable because the server that had the VIP was correct and there was no load balancing on port 443.
The port 80 was unreachable because i didn't setup the iptables correctly on one of the two servers and load balancing was supposed to be done using NAT (bypass_ipvs.sh).
Conclusion: if you need failover and no loadbalancing (which is uncommon) then the mentionned configuration is too much and not adapted.
Related
I created compute engine instance in GCP to deploy my web app.It works fine inside the instance (localhost:8080).
However, using the external Ip address, I'm unable to access it even though I have allowed for 0.0.0.0/0 for all instances by the firewall rule.I added both port tcp:8080 and tcp :8444 but It does not allow to connect even 'Telnet'.
Connecting To 35.185.98.244...Could not open connection to the host, on port 8444: Connect failed
Connecting To 35.185.98.244...Could not open connection to the host, on port 8080: Connect failed
Anybody can help me to solve this issue?
my git url: https://github.com/ChkBuk/myexamples/tree/master/SyneBiz
Take a look at the Firewall Rule in the GCP. Make sure that you allow ingress traffic for the port 80 (since you are accessing it from the browser). The ports 8080 and 8444 are local ports accessed internally. These ports are not exposed to the public. You have to make sure that there is a forwarding rule that redirects the traffic from port 8080/8444 to port 80.
Eventually, try to test the URL connection and the ports within the compute engine instance, or outside the GCP. Below are some examples:
$ curl http://[external-IP-vm-address]:80
$ telnet localhost 80
$ nmap <external-ip-vm-address>
$ netstat -plant
There are other network tests that you could perform. You may consult this discussion thread from Stackexchange.
Lastly, it could be that the ports 8080 and 8444 are already being used by other processes. For this reason, you are unable to connect to them.
Try the following troubleshooting steps.Type:
$ netstat -tulpn
This command above will display a list of all processes running on their respective ports. If the port 8080/8444 are there, take a look at the existing process running on it. You may then kill that process. For more information on troubleshooting the processes running on port 8444 and 8080, you may consult this article.
I've an Ubuntu 16.04 server with two NIC cards. Both of them are configured with static IP and set to different hosts.
At this time, I've running Apache and glassfish through the same interface (only one of the cards), Apache listen on the port 80 and glassfish the 8080 (classic configuration).
Now I want to enable the second NIC in order to allow glassfish to listen the port 80. This way I'll have Apache listening port 80 of the first NIC and Glassfish the port 80 with the other card and different domain. However I can't accomplish that.
By the moment I've tried the following configurations but neither of them works:
Creating a new http-listener with port 80 and with address equal to the second nic IP address.
Creating a virtual server, set the host to the second nic IP address, and then the http-listener with port 80.
Create a new domain with --keytooloption CN=my.domain.name and with that domain make the two things upon (while creating this domain --instanceport 80 is not permitted, a message said that 80 port is in use, but from my point of view, port 80 is in use but by different interface...?).
Some different domain.xml adjustments like ports, hosts, etc.
I've been reading Glassfish documentation the last two or three days and didn't find the answer yet.
Both nic cards are on the same net, for example:
111.222.333.1 and the other 111.222.333.2
I didn't try with different sub nets maybe changing the second NIC IP to 111.222.444.2, however I don't have the necessary privileges to make those changes and before ask to the IT people on the company, and change other configurations, I'll like to know if someone of you have ever been on a similar scenario? does anyone have any idea? suggestions?
After several attempts I get with the right configuration.
Step 1
As the server have Apache and Glassfish servers, by default, apache configuration listen port 80 for all IPs, so is the first thing to change:
--/etc/apache2/ports.conf
change line "Listen 80" by "Listen ###.###.###.###:80" having ###... as the apache desired ip address
Then restart apache
/etc/init.d/apache2 restart
Step 2
Create http-listener for Glassfish on the port 80 for the second IP:
sudo ./asadmin create-http-listener --listeneraddress ###.###.###.### --listenerport 80 --acceptorthreads 16 --securityenabled=false --default-virtual-server server myListenerName
Step 3
If you already have Glassfish installed (like my case) it was already listening to the previous IP (apache one) but in 8080 port, in order to listen to the new IP, a new virtual server needs to be created:
./asadmin create-virtual-server --hosts my.domain.name --networklisteners myListenerName myservername
Step 4
At the time of http-listener "myListenerName" creation, it needed to be linked to a server, so the only available at that time was the default one: "server". So then manually update domain.xml in order to delete myListenerName from the network-listeners of server and add it to the virtual-server "myservername". At the end it looks like the above:
<virtual-server network-listeners="http-listener-1,http-listener-2" id="server"></virtual-server>
<virtual-server network-listeners="myListenerName" hosts="my.domain.nama" id="myservername"></virtual-server>
Step 5
Re start glassfish
./asadmin stop-domain domain1
./asadmin start-domain domain1
Step 6
Deploy any application to the new server
./asadmin deploy --virtualservers myservername /path/to/my.war
Step 7
Relax
I hope this info helps somebody!
If I may, I wrote a blog post on this at:
https://rsoftwareblog.wordpress.com/2014/11/12/glassfish-server-multi-nic-conundrum/
Hope this helps
I am trying to get my Node.js server to listen to a public IP so that I can access it on a different network than my home network.
I've purchased a domain and used a DNS host - right now I'm using No-IP and have downloaded their client to push my IP to their servers.
When I set the IP on No-IP configuration to my local IP I can use the domain name and hit my server on another computer on my network. But if I change this to my public IP and use the domain, the request hangs for about 10 seconds and then fails. I've set up port forwarding (I believe correctly) and opened inbound / outbound traffic on the port I'm listening to (not 80 right now). I even pulled my firewall completely.
I tried changing server.listen(4444) to server.listen(4444, '0.0.0.0') as I've seen all over the web. But this doesn't work.
Anyone have ideas out there? I feel like maybe my ISP is blocking it somehow? I'm fairly new to networking, so maybe I'm missing something critical?
Thanks!
server.listen(4444) should be fine. As long as you don't have multiple active network connections in your server, you don't need to specify an IP address. Port forwarding from your router (if configured correctly) will direct the request that came from to public IP address to the actual local IP address of your host.
Note that for port forwarding to work reliably, you will have to give your host a fixed private IP address (not a DHCP assigned address) so the IP address will not vary. Then, you configure port forwarding to that fixed IP address.
Then, you need to do some network debugging. From a computer outside your own network (e.g. something out on the internet), you should do a couple commands to your public DNS name:
ping yourserver.net
tracert yourserver.net
If your DNS entry is not working, ping should tell you immediately that it didn't find yourserver.net.
If the DNS entry is working, but the IP address can't be reached, then ping will tell you that the server is unreachable. At that point, you will know you have a networking issue with connecting to your public IP address from the internet.
If ping is initially finding your server, but packets aren't flowing properly, then either the ping results or the tracert results should give you an idea where to look next.
If ping and tracert are finding your public IP and packets are flowing to/from it, but you still can't connect to it with the browser, then you either don't have the IP address set correctly (so you're not connecting to the right server) or your node.js server isn't listening appropriately or you aren't using the right ip/port in the browser that represents the actual node.js process. If you suspect this to be the case, then back up and make sure you have everything working purely on your own private network where the browser tries to connect directly to the local IP address and port. When that is working, you will know the node.js server is working appropriately and you can move back to working on the public IP.
FYI, if you tell us what the public DNS name and public IP address is, we here can do a few steps of this debugging from our computers.
It may be that your router can only forward a port to a computer on your network, but not change the port when forwarding. If that's the case, then you have these options:
Put everything on port 4444. Have your server listen to 4444, specify 4444 in the port forwarding in the router and then put 4444 in the URL like http://thecastle.ninja:4444.
Set up the port forwarding for port 80, put your server on port 80. Change the port forwarding to port 80. Change your server to listen to port 80 (if your server is Unix, you will need elevated privileges to listen to port 80 directly). You should then be able to use a URL like http://thecastle.ninja.
Set up the port forwarding for port 80, put your server on port 4444 and use ip table settings to route 80 to 4444 on your server. This allows your server to run in the less privileged 4444 port, but lets the end-user use the default port 80. I have a node.js server on a Linux Raspberry Pi configured this way. You should then be able to use a URL like http://thecastle.ninja
Run a proxy on your server that will route port 80 to port 4444. This is probably more than you need, but nginx is a popular one and it can do port forwarding on the server.
Can someone help me?
I already tried this steps:
Open Port 80
Set rules in windows firewall (inbound rules, port 80, both protocols, allow connection, etc..)
Port forwarding
Port 80 & 443 enabled
but I still cannot access my server.
I used "Open Port Check Tool" of CanYouSeeMe.org to check if it is open, the result: Connection timed out
Pinged my external ip address on external computers, the result: Request timed out
Images showing the logs:
Do a google search for your ISP + port 80. Chances are pretty big that your ISP doesn't allow it for security reasons.
A way around this is to host on a different port than 80.
If it is not your ISP blocking port 80, maybe XAMPP isn't allowing connections other than the ones comming from your localhost. Take a look at this Error when trying to access XAMPP from a network
I have a Node.js server listening on port 9000
Internally I can run "curl localhost:9000"
And it can retrieve the GET request.
But when I try and connect to the IP from the outside on port 9000, it doesnt work.
Do I need to open the port publicly?
Its an Amazon EC2 instance.
What do I need to do?
SOLVED:
had to add tcp inbound into security groups. Thank you very much
VALUES:
Custom TCP Rule
TCP
0 - 9000
0.0.0.0/0
Sounds like a firewall issue. There are two things to look for, first is IPTABLES, which will show you the firewall rules on the local server. https://help.ubuntu.com/community/IptablesHowTo
With AWS instances, they also belong to Security Groups, and you will have to edit this security group to allow traffic on port 9000 as well. http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html