I'm creating a connection via the net module in my Node.js application:
this.stream = net.createConnection(25, host, this._onConnect);
Which works absolutely fine, however I need to send this traffic through Proximo because my connection requires a static IP. I'm not familiar with the net module, so any help would be beneficial.
You shouldn't need to bind to anything or make any modifications to your code. As far as I know providing you've binded to the ip address that proximo gives you:
$ heroku addons:add proximo:development
Adding proximo to sharp-mountain-4005⦠done, v18 ($5/mo)
Your static IP address is 127.0.0.1
Your program will be wrapped in the proximo binary which routes all the TCP packets through the proxy. However you can limit the traffic with https://devcenter.heroku.com/articles/proximo#configuring-the-proximo-wrapper.
From my experience all the proximo setting up is on heroku's command line stuff.
Related
I would like to create a secure internal route between two applications within the same space/organization. It should never be possible to reach the Node.js application from the outside. My Java application connects via HTTP to the Node application (running on express).
I have now tried to setup the desired configuration by creating a route called example-route.apps.internal and assigned it to the Node application. As a next step, I've opened the port (I've tried 443, 80, 8080) in the network configuration of the Java application (with the destination being the Node app). I restaged both applications.
Then, I opened a Java connection to the link http://example-route.apps.internal/test123. I've also tried to use https. The result was the same. Java refused to conncet to this URL.
Now, the following questions:
How can I properly set up this communication? Should I resolve this internal DNS somehow? Which port is the correct one if I just use the port of the env variable? How should I read this port from the other application?
How secure is the communication, if HTTP is used instead of HTTPS? (I assume HTTPS is not possible internally). Is it as safe as an HTTPS connection from the outside? Which devices are between, how far out does the connection go?
Thank you!
I think you're almost there.
Then, I opened a Java connection to the link http://example-route.apps.internal/test123. I've also tried to use https. The result was the same. Java refused to conncet to this URL.
You should use http://example-route.apps.internal:8080/test123. Your app is set to listen on $PORT, which is always 8080 in current versions of CF.
Normally you don't need to worry about this because your traffic goes in through Gorouter which translates for you (maps external port 80 -> internal 8080). With internal routes, traffic is direct so there is no transformation. That's why you need to use port 8080 in your URL.
Alternatively, you could use a service discovery mechanism like Eureka or Consul, but it's not a requirement. In this case, the service would know it's listening on 8080 and register that in the registry.
As far as HTTPS, that's tricky. Your app is only listening on 80/HTTP. You would have to change it to listen on 443/HTTPS, but then you need certs and different server configuration. It's technically possible, but it's a whole can of worms.
In some newer versions, Envoy is present and accepts HTTPS traffic into a container, can make HTTPS easier but it's still not a slam dunk (at the time of writing, at least). I expect this will get better in the future.
Should I resolve this internal DNS somehow?
Internal DNS helps with locating your other apps, not the port. Otherwise you'd need to manage IP addresses, which change often, and that would require something like Eureka or Consul.
Which port is the correct one if I just use the port of the env variable?
See above.
How should I read this port from the other application?
It's always 8080 at the moment, and has been for multiple years. It's unlikely to change, so you could probably hard code or set it in a config file safely.
How secure is the communication, if HTTP is used instead of HTTPS? (I assume HTTPS is not possible internally).
Is it as safe as an HTTPS connection from the outside? Which devices are between, how far out does the connection go?
Traffic would not be accessible externally as it wouldn't leave the Cell in some cases or worst case it goes between two Cells, but traffic would be visible internally since it's not encrypted. That means you need to have more trust on your CF provider, who would have access to internal traffic.
If it were HTTPS, only someone with the key would be able to decrypt it. You would still have to trust your provider though as they could likely get the key & use it to decrypt traffic. It would just be more work for them than if traffic is unencrypted.
Hope that helps!
I have built a d3.js dashboard that ties into a tornado websocket. Everything works perfectly locally. I now would like to have the ability to share the websocket with a few friends, nothing production. Is there a way to do this without a big deployment on Heroku or other similar service? I've googled and can't seem to find an answer. Thanks
Not specific to Tornado. This is more of a networking question.
What you want to do is:
Run your server on your computer.
Connect to the internet.
Note down your public IP address.
Give your IP address to your friends.
Certain things you need to take care of:
Run your server on a higher, non-standard port (e.g. 8000 would be good) because ISPs block traffic to port 80 and other standard ports.
The IP address assigned to you by your ISP will most probably be dynamic. That mean, every time you diconnect and reconnect to the internet, your IP address will change.
Turn off your computer's firewall to let in the traffic at whichever port your server is running.
Finally, you'll need to configure port forwarding on your router. What that means is all the incoming HTTP requests will arrive at your router at your public IP address. But your computer where you'll be running your server will have an internal IP address assigned by your router. So, you'll need to forward incoming requests to your computer's internal IP.
I'm currently working on a project where I use a raspberry pi as a server for a home automation server. It works fine on my local network but if I want to use it from an external computer I need to forward the used port on my router.
I'm trying to find a way to make http(s) gets to the server without having to forward the port on the router. I want this because if I would install the system at someone's place (a customer maybe in the future) I don't want to have to access their router.
I've tried using SSL and https but I ran into the same problem.
Is there any way this is possible or is it a lost case?
PS I can't use port 80 since it is already in use.
Thanks in advance
There are two ways to get to the result you want:
Port forwarding, which you've dismissed
Giving the raspberry pi it's own public IP address (which requires a public IP address and access to the router to configure the traffic routing, which you've dismissed).
So let's go back to port forwards.
Most consumer routers these days support NAT traversal via uPNP.
You can use the nat-pmp module to reqest the the router forward a port for you, without having to have direct access to the router.
How to find, in python, server without having it's IP in LAN?
I assume that port will be configured in file so its doesn't have to find port. I tried to search on google but I couldn't find anything useful or that could help me with it.
The server IP will be changing because it will not run constantly on the same computer.
So basically I got app with server that is on random computer in network, and I want to find its IP from another computer.
I would be really thankful for either explanation how to do it or link that could help me to do it.
Not certain if this is what you want to do, I think you want to find the IP of a server by running some python execution on the server?
You could try :
from subprocess import call
call (["ipconfig"])
This will dump the IP config and you can parse out the IP address. This assumes a windows server. You would have to modify the call for your OS.
Updated :
Check this out : TCP Communications or UDP Communications ... it looks like what you are looking for. You will still have the mess of determining the available addresses on the network (arp -a), and testing each one - this would be your client side app. Your server side app, when it receives the right query on the TCP or UDP port, would then determine it's address (ipconfig) and return the value.
I have a TCP server coded in node.js. I'd like to put it up on Heroku because it's a free service and I don't need anything more than what their free plan offers.
Now, I know very little about the inner workings of Heroku and I'm pretty new to the whole thing so I have a few questions.
Firstly, is it even possible to deploy a TCP (non-web) server? I've read that Heroku doesn't like node.js's net because it doesn't support websockets and that I should use socket.io.
So I've switched my server to socket.io. I think. Because my code more or less looks the same. I've done this as well: https://devcenter.heroku.com/articles/using-socket-io-with-node-js-on-heroku
What do I put in my Procfile instead of "web"? Also, when I tried to deploy what I currently have, the logs said that my application failed to bind to $PORT. What's $PORT? And how do I change it to the port I want?
In fact, if I don't change it, how do I know what it is so my application can connect to this server?
The free tier of Heroku does not support TCP server. Here is the reason.
To save costs and offer free services, Heroku hosts multiple free-tier apps on the same machine. These apps, one of them being yours, share the same IP address. The apps are assigned to different ports.
However, as you probably noticed, when you access your app in a browser, the port is always 80. Hence, to know which app an incoming HTTP request is looking for, the server must be looking into the HTTP headers. (For example, using HOST to find out the app name, then resolve the app name to an internal port number.)
Finally, Heroku decided to hide away the internal ports from the internet. This, along with the fact that TCP connections don't have a HOST field, makes it impossible to host a TCP server with Heroku.
To work around this, use WebSocket.
Appendix: the Research
Testing was done with a free-tier Heroku app, in March 2020.
If you make up a non-existing app name (e.g. https://hr.herokuapp.com), Heroku responds with a page saying "There's nothing here, yet."
If you first manually nslookup an existing app (e.g. https://world-of-blogs.herokuapp.com), then try to use the IP address to access the app, Heroku also responds with a page saying "There's nothing here, yet."
Heroku doesn't support a generic TCP server but you should be able to get the functionality you want with socket.io.
You need to put web in your Procfile. That's what lets Heroku bind an external connection to port 80 to the local port your web traffic will arrive you. You find that port by looking at the environment variable $PORT. More info, with examples, is here: https://devcenter.heroku.com/articles/nodejs