I would like to run a node.js TCP server on port 80 on an Amazon EC2 instance of Amazon Linux. I have added 80 to the security group, but the problem is letting node.js bind to port 80, which normally requires root permission.
The easiest solution seems to be using authbind, but it isn't accessible from the EC2 yum repo. Is there an equivalent utility for Amazon Linux? Or some other workaround for this distro ? Or is it actually a bad idea to use authbind?
I ended up binding to a higher port and then using iptables to forward port 80 traffic to that port. Another option was to use an AWS load-balancer from incoming port 80 to a higher port on the ec2 instance.
It's a little tedious, but if you install gcc you can compile it from source. You can go here to get the 2.1.1 release. Click the link that says "Snapshot" to get a tar.gz file. I couldn't seem to download it directly using wget (had to download from web browser and then upload), YMMV.
If using systemd, you can use AmbientCapabilities to allow a service to bind to a lower port.
This is done through your service configuration file in the /etc/systemd/system directory:
[Service]
AmbientCapabilities=CAP_NET_BIND_SERVICE
...
Related
I am trying to get a NodeJs application to run on a Amazon Linux server using port 80. Currently when I run the app it is defaulting to port 1024. I understand that this is due to the fact that I have to be root to run on port 80 but given I am on a aws linux box I am not able to run that as root. I have been digging for awhile but I am coming up short on what I need to adjust to get this to run properly.
sudo bash will allow you to connect as root on your EC2 Amazon Linux instance.
I would question why do you want to run NodeJS on port 80, the best practice would have a load balancer in front of your instance to accept HTTPS calls and relay to whatever port nodejs will run on your instance, in a private subnet.
I would suggest to read this doc to learn how to do this : https://aws.amazon.com/getting-started/projects/deploy-nodejs-web-app/
I have been given a centos server to lauch eclipse orion code editor. I installed eclipse orion as per the instruction on https://wiki.eclipse.org/Orion/How_Tos/Install_Orion_on_Localhost (steps for linux using jetty server). It works fine on centos browser. The centos os is running on 198.168.1.226. So that I can access the following urls on web browser of centos.
198.168.1.226:8080
localhost:8080
127.0.0.1:8080
0.0.0.0:8080
But when I tried to access the 198.168.1.226:8080 from other local machines on local network, that is not accessible. I searched the StackOverflow Questions like how to make jetty server accessible from LAN? and Unable to access jetty server with local IP address but both are useless for me. How can I fix this situation? Can I fix it editing the code on orion.ini file or need to deal with configuration file or something else?
I have also tried the orion for windows computer but it worked itself for accessing the orion system for any other computer in local network. But I am surprised to face it on centos using the jetty server for setting up eclipse-orion system .
First of all check that have you allowed specific port (8080) from eclispse.
add rule with that port no. in centos iptables as below:-
iptables -A INPUT -p tcp --dport 8080 (adjust according your port no.) -j ACCEPT
I am installing chef-server on this VPS that my friend let me borrow.
I was able to install chef and run chef-server-ctl reconfigure successfully.
I ran into problems because I need to change the iptable rules and I discovered that I cannot find chef-server running on any port or as a service.
When I run chef-server-ctl it seems to pass all the tests, so I know its API is working.
Where can I find that chef is running?
I need to change my iptables so that I can use knife to communicate with chef-server.
First off it sounds like you installed Chef Server, not Chef, important distinction :) Second, there is no specific process called chef-server. The frontend routing is handled by nginx which binds on port 443 and 80 (80 is just a redirector to 443 and can be blocked or disabled if desired). Internally we have a bunch of different smaller services like oc_erchef, bifrost, oc_id, etc. These all listen on localhost and are reached via Nginx.
You have installed Chef server and have reconfigured the server, you can't find a chef-server.
you can run below commands to check all the services that are running chef server
$ chef-server-ctl service-list
bookshelf*
nginx*
oc_bifrost*
oc_id*
opscode-chef-mover*
opscode-erchef*
opscode-expander*
opscode-solr4*
rabbitmq*
redis_lb*
postgresql*
To update the port number you need to update
/etc/chef-server/chef-server.rb - in Chef 11
/etcopscode/chef-server.rb - in Chef 12
nginx['non_ssl_port'] = portnumber
And also how are using knife command? Do you want ssl check to be passed then you need to add a line in knife.rb file
ssl_verify_mode: verify_none
'
I am using gorilla/mux package in golang, but there are some problems. The first is I have no permissions to use port 80 on my application becuase I cannot run the application from sudo as the $GOPATH is not set when using sudo.
Here is the error I get from my program:
$ go run app.go
2014/06/28 00:34:12 Listening...
2014/06/28 00:34:12 ListenAndServe: listen tcp :80: bind: permission denied
exit status 1
I am unsure if it will even work when I fix the sudo problem, because apache is already using port 80 and I am not sure if both my app and apache can "play nice" together.
Any advice on how to solve this would be great. Thank you.
Quoting elithar's comment,
You have two options: either turn off Apache (because only one service
can bind to a port), or (better!) use Apache's ProxyPass to proxy any
incoming requests to a specific Hostname to your Go server running on
port (e.g.) 8000. The second method is very popular, robust, and you
can use Apache to handle request logging and SSL for you.
Reverse Proxying
Using Apache on port 80 in this way is called a reverse proxy. It receives all incoming connections on port 80 (and/or port 443 for https) and passes them on, usually unencrypted, via internal localhost connections only, to your Go program running on whatever port you choose. 8000 and 8080 are often used. The traffic between Apache and your server is itself HTTP traffic.
Because your Go program does not run as root, it is unable to alter critical functions on the server. Therefore it gives an extra degree of security, should your program ever contain security flaws, because any attacker would gain only limited access.
FastCGI
You can improve the overall performance of the reverse proxying by not using HTTP for the connection from Apache to the Go server. This is done via the FastCGI protocol, originally developed for shell, Perl and PHP scripts, but working well with Go too. To use this, you have to modify your Go server to listen using the fcgi API. Apache FastCGI is also required. The traffic from Apache to your server uses a more compact format (not HTTP) and this puts less load on each end.
The choice of socket type is also open: instead of the usual TCP sockets, it is possible to use Unix sockets, which reduce the processing load even further. I haven't done this in Go myself, but the API supports the necessary bits (see a related question).
Nginx
Whilst all the above describes using Apache, there are other server products that can provide a reverse proxy too. The most notable is Nginx (Nginx reverse proxy example), which will give you small but useful performance and scalability advantages. If you have this option on your servers, it is worth the effort to learn and deploy.
Based on this previous answer about environment variables, I was able to solve the sudo problem easily.
https://stackoverflow.com/a/8636711/2576956
sudo visudo
added these lines:
Defaults env_keep +="GOPATH"
Defaults env_keep +="GOROOT"
Using ubuntu 12.04 by the way. I think the previous answer about the proxy for using port 80 is the correct choice, because after fixing the sudo issue I was given this error about port 80 instead:
$ sudo go run app.go
2014/06/28 01:26:30 Listening...
2014/06/28 01:26:30 ListenAndServe: listen tcp :80: bind: address already in use
exit status 1
Meaning the sudo command was fixed but the proxy binding would not work with another service already using port 80 (apache).
I have installed jboss-eap-6.2.0 in redhat environment and started the server.But i'm not able to access the home page via http://<>:8080 .Here i have to access home using ip address or name like http://<>:8080 its getting time out. So i would like to know what is the problem here and why not to see the jboss home here ?
1.Is there any way to check the server running in putty command line ?
2.Able to install the software connecting via ip but same ip is not allowing to access jboss page .So is firewall blocking the port 8080 ?
Please advise
Open the standalone.xml file from the JBOSS_HOME/standalone/configuration directory.
Look for all the texts jboss.bind.address in there and change the ip with the server's IP address so that you can access it from your local pc.
For example
${jboss.bind.address:192.168.1.68}
${jboss.bind.address.management:192.168.1.68}
... and so on...
Also, you can look for the loop back ip address(127.0.0.1) in the xml file as well and replace it.
Even i faced same issue wheni installed jboss7 on centos machine.i found that 8080 port was being used by some other app,thus disabling jboss7 to use that port.
-you can
telnet localhost 8080 (or) ps -ef|grep java
to check if jboss is running
if its running properly and you still not able to connect through your browser
use nmap to check services running on that port
you can edit your port configuration at
jboss/standalone/configuration/standalone.xml
run jboss again
You need to set the value of the default interface in socket-binding as well in your standalone.xml.