I have installed tigase XMPP server. Now I wanted to configure BOSH in order to connect through http. I am pretty much new to this environment. Any help will be greatly appreciated.
BOSH is activated by default. Thus, you can edit its default configuration by editing the init.properties file in the etc/ folder:
bosh/connections/ports[i] = 5280, 5281
bosh/connections/5281/socket = ssl
bosh/connections/5281/type = accept
5280 is the default non-encrypted port and 5281 is the default encrypted port for BOSH. You can edit both ports to your conveniance. Then, you will be able to connect to http://yourdomain.com/http-bind and https://yourdomain.com/http-bind depending on which you want to use.
By the way, I recommend using the last release version of Tigase (and avoiding beta versions). You can find it here.
What version of the Tigase XMPP Server do you use? In all recent versions Bosh is active by default and does not require any extra configuration.
Related
We have CouchDB installed on a separate machine.
When it was installed on my machine, it was accessible through Fauxton via link http://localhost:5984/_utils/index.html
Also, I am using Divan, a C# library to interact with CouchDB. It uses host as localhost and port as 5984 - default host and port names to connect with database.
But now I have CouchDB installed on another machine, how can I access it in this case?
Please suggest.
Thank you.
You need to allow exterior access in the new machine (which I'll just call the server). Your computer is the client. First, make sure the server is accessible from your network and get its IP address using ipconfig or ifconfig in the command line.
First, in the server, open the CouchDB configuration file, which is
/usr/local/etc/couchdb/local.ini in Linux
or
C:\Program Files\CouchDB\etc\couchdb\local.ini in Windows
and change
[httpd]
bind_address = 127.0.0.1
to
[httpd]
bind_address = 0.0.0.0
If there is no bind_address already in the file, just add it.
Then save the file.
Now, from the client, you can access futon from your machine using {SERVER_IP}:5984/_utils.
In Divan, set host to {SERVER_IP}. Unless you configure it otherwise, the port remains 5984.
Reference:
http://docs.couchdb.org/en/2.0.0/config/intro.html *
http://docs.couchdb.org/en/2.0.0/config/http.html *
(*) I'm assuming you're using CouchDB 2.0, but in my experience with 1.6.1 this instructions also work.
Connect to your server locally:
localhost:5984/_utils
then simply from the setting section, change the bind_address to 0.0.0.0
I feel lost trying to figure out what my options are. Apache's programmers guide and administrators guide do not detail anything substantial. My O'Reilly Zookeeper book barely talks about security... did I miss something? I was hoping to find tutorials through google about authenticating client connections, authorizing actions, and encrypting messages sent between zookeepers and client.
I had a lot of trouble but I figured it out and the links at the bottom where a huge help to me.
This code (using Curator) was something hard to figure out:
List<ACL> myAclList = new ArrayList<ACL>();
aclList.add(new ACL(ZooDefs.Perms.ALL, ZooDefs.Ids.AUTH_IDS));
client.create(withACL(myAclList)).forPath(myPath);
If I setup the zookeeper configuration correctly, then it will enforce that only the AUTH_IDS will be allowed to access my ZNode.
Ofiicial documentation, My mailing list Q1, My mailing list Q2, JIRA that I found useful, but some items are out of date
Since zookeeper version 3.5.4-beta, you are able to enable using client certificates to secure communication to a remote zookeeper server:
Client
ZooKeeper client can use Netty by setting Java system property:
zookeeper.clientCnxnSocket="org.apache.zookeeper.ClientCnxnSocketNetty"
In order to do secure communication on client, set this Java system property:
zookeeper.client.secure=true
Note that with "secure" property set the client could and should only connect to server’s “secureClientPort” which will be described shortly.
Then set up keystore and truststore environment by setting the following Java system properties:
zookeeper.ssl.keyStore.location="/path/to/your/keystore"
zookeeper.ssl.keyStore.password="keystore_password"
zookeeper.ssl.trustStore.location="/path/to/your/truststore"
zookeeper.ssl.trustStore.password="truststore_password"
Server
ZooKeeper server can use Netty by setting this Java system property:
zookeeper.serverCnxnFactory="org.apache.zookeeper.server.NettyServerCnxnFactory"
ZooKeeper server also needs to provide a listening port to accept secure client connections. This port is different from and running in parallel with the known “clientPort”. It should be added in “zoo.cfg”:
secureClientPort=2281
All secure clients (mentioned above) should connect to this port.
Then set up keystore and truststore environment like what client does.
More info here:
https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+SSL+User+Guide
I've used the openshift-cartridge-tcp-endpoint cartridge to try and make a TCP server which I can access from a desktop application.
I've set it up on a scaleable application and I can see the OPENSHIFT_NODEJS_PORT_TCP and OPENSHIFT_NODEJS_PROXY_PORT_TCP values when I list the environment variables using 'export' when ssh'd into my application.
The problem is, when I do 'rhc ssh APP_NAME oo-gear-registry all', no port is listed over which I can access my TCP application and when I try to access the application over the port given by the HTTP server, it does not connect. Do I have to take additional steps to make the port show up and be accessible?
It looks like that cartridge is over 2 years old, and probably doesn't work with the current version of OpenShift Online, as it only exposes port 8080 publicly and uses an HTTP/WS reverse proxy, so only http or web services connections would work. You might try logging an issue with the cartridge's creator here (https://github.com/Filirom1/openshift-cartridge-tcp-endpoint/issues) and ask them if it still works or not.
I have a VPS where I have hosted a few sites. All based on LAMP stack, so it was no big deal. They provide WHM/cpanel for managing different sites. I decided to try node.js, bought a separate domain for it, and I need some clue how to point that domain to the node.js application.
So here are the questions:
1) What is the best way to host node.js application on a specific domain without hampering the other sites? How will I configure the domain? Yes, I'd like to use default http port (80) for node.
2) As Apache is already listening to the 80 port, is it a good idea to use Apache mod_proxy for the purpose? I mean if I want to use websocket, will apache still use separate threads for maintaining connection to node?
PS. I have already seen this question, but the answers don't seem to be convincing.
Edit:
I forgot to mention, I have an unused dedicated IP for that VPS which I can use for node.js.
Follow these steps
Goto "WHM >> Service Configuration >> Apache Configuration >> Reserved IPs Editor" and then 'Reserved' the IP that you want to use for node.js. This will release the IP from apache.
Create a new DNS entry with a A entry like - example.com A YOUR_IP_ADDRESS
Tell the node.js server to listen to your IP using server.listen(80, "YOUR_IP_ADDRESS");
If Apache is already listening to port 80, then the only thing you can do is proxy to your node instance. And yes, apache will create a new thread for each connection.
As others have mentioned, there's not a whole lot you can do here. Apache is currently driving your server and node.js won't like riding shotgun.
I'd recommend checking out things like nodester, no.de, heroku, and so on.
How can I secure jetty to only allow connections from localhost? This means a connection to server A on System A from Client B on System B has to fail. I know I can do this by configuring my firewall (so please no answers about this). I just want Jetty to only listen on localhost(loopback).
I found the answer to my question myself after a little bit more googling.
The answer is (Tested on jetty-distribution-7.0.1.v20091125):
Locate jetty.xml (etc/jetty.xml)
Search for <Call name="addConnector">
Set <Set name="Host"><SystemProperty name="jetty.host" default="127.0.0.1"/></Set> before line <Set name="port"><SystemProperty name="jetty.port"/></Set>
That's it. Restart jetty server (java -jar start.jar). The server should output something like:
2009-12-23 23:02:09.291:INFO::Started
SelectChannelConnector#127.0.0.1:8080
The import thing is that it should say 127.0.0.1 instead of 0.0.0.0, 0.0.0.0 means listen on all ips on the machine.
P.S: I wanted to secure apache solr (which is
using jetty) which can be achieved in
the same way.
You can also bind to localhost programmatically(embed jetty) by:
Server server = new Server();
Connector connector = new SelectChannelConnector();
connector.setHost("localhost");
connector.setPort(80);
server.addConnector(connector);
For Jetty 9 embedded, this code works.
Server server = new Server();
ServerConnector connector=new ServerConnector(server);
connector.setPort(80);
connector.setHost("localhost");
server.setConnectors(new Connector[]{connector});
I have not tried this but the usual method is to bind server to localhost (i.e. to IP 127.0.0.1). That means that Jetty server will listen to only connections that have localhost as their destination address.
A quick googling revealed this http://old.nabble.com/How-to-make-Jetty-bind-to-specific-IP-address---to11667378.html#a11669524 :
add this entry to SelectChannelConnector for example:
<Set name="Host">127.0.0.1</Set>
You can set the jetty.host property during start of the virtual machine:
java -Djetty.host=127.0.0.1 -jar start.jar
Btw same for jetty.port.
I was able to do this using .htaccess but for some reason the localhost filtering does not work. If you want to allow traffic from a particular external IP and block all others try
http://technologyenablingbusiness.blogspot.com/2011/03/setting-security-in-solr-running-on.html
EDIT: Archived version of page at https://web.archive.org/web/20110429184536/http://technologyenablingbusiness.blogspot.com/2011/03/setting-security-in-solr-running-on.html
As of Jetty 7.1.5 (released in July 2010), you may initialize the Jetty server like this:
Server server = new Server(new InetSocketAddress("127.0.0.1", 8080));
Remember to import java.net.InetSocketAddress;.
Reference: org.eclipse.jetty.server.Server's constructor.