Coturn does not perform username& password authentication - turn

I have configured the coturn servers with long term cred (basic authen) in aws autoscaling group and placed it behind an AWS NLB.
Below is my coturn configuration in turnserver.conf
listening-port=3478
external-ip=$MY_AWS_NLB_ENDPOINT
min-port=32355
max-port=65535
fingerprint
lt-cred-mech
user=$MY_USERNAME:$MY_PASSWORD
stale-nonce
no-stdout-log
syslog
no-multicast-peers
no-cli
no-tlsv1
no-tlsv1_1
#no-tlsv1_2
However, when I placed it behind the NLB, the app connects to the NLB and works just fine, except there is no authentication part, even if I configure wrong username password in my app.
What is wrong with my coturn config?
Thanks everyone.

Related

AWS ec2 windows login error saying An authentication error has occured. The local security authority cannot be contacted

After creating an ec2 windows machine from a custom AMI. I am able to get the admin password. However when I try to login to the machine.
I get the RDP error saying 'An authentication error has occurred. The local security authority cannot be contacted. This could be due to an expired password.'
The password isn't expired and there is no issue with the AMI as when I create another instance from the same it works fine.
When I turned off NLA on the Host server I was able to login, but obviously that's not a reasonable answer.
Turned out to be BitDefender, once I turned off protection I could connect to all my EC2 VMS.
-Just a note for me. This was only blocking VMS I was connecting to through ec2 Public DNS.

Connecting to Aurora AWS Serverless

I’ve now tried to create a serverless Aurora (MySQL compatible) database and connect to it for two days, and I just can’t seem to get it to work. Supposedly I should have been able to get it up and running in five minutes.
In any case, I created am Aurora Serverless database in the US East (N. Virginia) region (us-east-1), and have been able to connect to it with the AWS Query Editor. I also have an EC2 server in the same region, and have given the Aurora database the same security group (under RDS > Security Group), and in the security group I have opened for MYSQL/Aurora (TCP, 3306) from all sources. When I click the modify button on the database, there is also another (VPC) Security Group listed (rds-launch-wizard-4), which was created automatically. This one I also located under my EC2 dashboard and gave access to all ports from all sources (inbound), and to all ports (outbound). And there is a networking VPC & subnet group, which I don’t know what to do with, if anything.
I try to connect to the database, using this command line command:
mysql -h hest2.cluster-xxxxx.us-east-1.rds.amazonaws.com -P 3306 -u root –p
It generates an error “ERROR 2003 (HY000): Can't connect to MySQL server on” on both my EC2 instance, my local computer and on other online servers.
From the EC2 instance, try doing a telnet on the DB port to test if all your security group settings are applied correctly.
telnet hest2.cluster-xxxxx.us-east-1.rds.amazonaws.com 3306
If the connection does go through, then the issue is with your client code. Cross check that you have wired the right endpoint in your code.
If the telnet connection does not group (I'm guessing that it would not), then it is guaranteed that your security group settings are not set correctly. In order to debug this further, we would need more details on:
The list of vpc security groups associated with your cluster.
The details of each of these vpc security groups (You've mentioned that
you've opened up everything, but I'd like to see the exact rules in
place)
As for laptop and other servers - If they are outside the VPC, then it would not work. Aurora Serverless is accessible only from within the VPC as of now.

Forward Traffic from Windows EC2 Instance to ElasticSearch VPC Endpoint

I have Windows EC2 instance I use for my public-facing C# API. The VPC(and related Internet Gateway, subnets, etc) are all default.
I've now setup an AWS ElasticSearch service using their more secure VPC Endpoint option (instead of public-facing) and I've associated it to the same subnet and vpc as my above Windows EC2 instance.
I'd like to get them to talk to each other.
Reading from https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-vpc.html
It seems what you'd do is ssh tunnel / port forward traffic from localhost:9200 on the EC2 instance to the actual Elastic Search service (via that VPC endpoint).
It seems this command is where the magic happens:
ssh -i ~/.ssh/your-key.pem ec2-user#your-ec2-instance-public-ip -N -L 9200:vpc-your-amazon-es-domain.region.es.amazonaws.com:443
but that is for a Linux EC2 instance.
If I am Remote Desktopped into my Windows EC2 instance (the API), how can I make it so when I go to a browser, http://localhost:9200
will send traffic to my VPC Endpoint:
vpc-your-amazon-es-domain.region.es.amazonaws.com:443
Thanks!
Alright, so I'll answer my two questions:
First, it's actually quite easy, just RDP to your box and access the instance directly via the VPC endpoint. You don't need to do anything wacky like port forwarding using the netsh command or anything like that. Simply make sure the server (in my case my API) is on the same VPC and you're fine. I just had an error in my connection string that's why it didn't connect. To confirm, I RDP'D in and was able to hit the endpoint directly in a browser on port 80. While it's true the actual Elasticsearch runs on port 9200, you don't need to forward to localhost:9200 --> vpc:9200.
Now, regarding the second question, about hitting it locally, I think the problem is that because this service lacks a public IP address and you can't access it, that you can go through some complicated setup on AWS, or easier is just set it up to run locally for now until you are ready to use the VPC one (and thus your code will just run). Another option is to use security groups and make a publicly accessible cluster for now, and then when your code is done, search service/layer done, etc, you can start anew with a VPC/secure Elasticsearch service and that should be it.
Another thing that many mention is that it is cheaper/you have more control of things if you setup your own Elasticsearch on your local machine, and then set one up on EC2 (this is just reading blogs and seeing people mention how much frustration they had with it).

How can I reset HipChat Server Guest Console password?

We had an employee setup in our HipChat Self Hosted Server and we did not have the Guest Console admin password.
We tried the default and that did not work. We have scoured Google and have yet to find any documentation Atlassian or anywhere else.
What do you mean by the guest console?
If you're talking about the server administrator's password, you can reset that by SSHing into the server, and then run the following command:
hipchat service --reset-owner=EMAIL
If you're talking about access to the admin console itself, you could get access by injecting your public SSH key into /home/admin/.ssh/authorized_keys. On AWS this can be done via a user-data script, or by detaching the EBS volume, updating the SSH key, and attaching it to the instance again. On VSphere this can be done through the vifs command.

SMTP tunnel forwarding

I will like to know if there is any SMTP tunnel that you can setup to run on localhost:25 and have it forward mails to Amazon SES (TLS/SMTPS) using a username and password that you specify in the SMTP tunnel settings.
My problem is that I have an old program that I want to move over to Amazon EC2 and I want it to use Amazon SES as SMTP. But it only allows me to change the SMTPServerName setting. The username and password are empty and cannot be changed.
This user documentation will help you.
http://docs.amazonwebservices.com/ses/latest/DeveloperGuide/SMTP.MTAs.html

Resources