I have two domains (abc.com, xyz.com), four ports (443, 8080, 80, 3000) and three servers (10.147.19.1, 10.147.19.2, 10.147.19.4).
I want to set up the Haproxy to achieve these type of routes:
abc.com:443 ---> 10.147.19.1:80
abc.com:8080 ---> 10.147.19.2:3000
xyz.com:443 ---> 10.147.19.1:80
xyz.com:8080 ---> 10.147.19.4:3000
From the docs, I can bind front end with Haproxy Maps. So I tried to bind port 443 with maps.
frontend port_443
bind *:443
use_backend %[req.hdr(host),lower,map_dom(/etc/haproxy/maps/port_443.map,be_default)]
Here is the map
# Domain backend
abc.com be_1
xyz.com be_1
The question, how to define the backend with the right ports? Please help!
Related
I have an EC2 instance behind a load balancer. The security group attached to it allows for inbound connections (both ipv4 and ipv6 on port 6379). I am able to connect to my redis client:
redis-cli -h ec2-**-**-**-*.us-west-1.compute.amazonaws.com -p 6379
However, when I try to connect with nodeJS and express-session I get a ConnectionTimeoutError on EC2, but locally it works fine:
const redisClient = createClient() // uses default port localhost:6379
redisClient.connect().catch(console.error)
If there is a race condition here, like others mentioned, why does this race condition happen on EC2 and not locally? Is the default localhost incorrect since there is a load balancer in front of the instance?
Based on your comments, I'd say the problem is the load balancer. Redis communicates on a protocol based on TCP. An ALB is only for HTTP/HTTPS traffic, so it cannot handle this protocol. Use a Network Load Balancer instead, with a TCP listener. Also make sure your security group rule also allows TCP traffic for port 6379.
Redis client should be instantiated explicitly in a setup like this one (covers both ipv4 and ipv6 inbound traffic):
createClient({ socket: { host: '127.0.0.1', port: 6379 }, legacyMode: true })
As redis is self-hosted on EC2 with a load balancer in front of the instance, localhost may not be mapped to 127.0.0.1 as a loopback address. This means that the default createClient() without a host or port specified, might try to establish a connection to a different internal, loopback address.
(Make sure to all inbound traffic to tcp 6379, or the port you are using)
I'm using tinyproxy to reverse proxy. I have three subdomains pointed to the same server, and we need them to point to specific ports internally. That is, port 80 from any particular subdomain, mapped to a particular port. See the config example below.
The config looks like this:
Port 80
#Allow 127.0.0.1
#ReverseOnly yes
upstream 127.0.0.1:8115 "website.example.com"
upstream 127.0.0.1:3000 "api.example.com"
upstream 127.0.0.1:9000 "socket.example.com"
When I pull up any subdomain, all I get is:
Access denied
The administrator of this proxy has not configured it to service requests from your host.
Generated by tinyproxy version 1.8.3.
I cannot find adequate documentation anywhere. I'm thinking of contacting the maintainers. Please help.
I hope you already got the answer, but if you have not, here is the setting to allow client connecting to your proxy:
#
# Allow: Customization of authorization controls. If there are any
# access control keywords then the default action is to DENY. Otherwise,
# the default action is ALLOW.
#
# The order of the controls are important. All incoming connections are
# tested against the controls based on order.
#
Allow 127.0.0.1
#Allow 192.168.0.0/16
#Allow 172.16.0.0/12
#Allow 10.0.0.0/8
Allow 0.0.0.0/0
In my example here, I allow 0.0.0.0/0 because I'm configuring a reverse proxy from the Internet to my other VPS.
Also, your configuration above is for forward proxy, not reverse proxy.
To enable reverse proxy function, you need at least the following:
ConnectPort 80
ConnectPort 443
ReversePath "/" "http://<your server IP>:8080/"
ReverseOnly Yes
ReverseMagic Yes
I have two raspberry pi and I have two different services on every.
In one case I have open port for 443 (https). I would like to have the (https) on second machine. Is there any alternative port for 443, or I can set any I want?
Also is there any alternative port for 80?
I have two heavy (for rpi:D ) services on each, that is why I want to have alternative ports opened.
Is there any regularity I should follow?
Regards
If you setup your rpi to serve https on two different ports (which you can do in the daemons config), then you can access both easily :
The one on the default port can be accessed simply with https://hostname/ or https://ip-address/, whereas the one on the specific port can be accessed by specifying the port, for example : https://hostname:444/
(Same goes for http on port 80)
My server offered by boss can access by port 80.
How can I configure the Web UI port 7180 to 80?
It doesn't work that I modified the server_port in /etc/cloudera-scm-agent/config.ini
I can't access the UI, so the following does not work:
Cloudera Server Ports
I need configure it in config files.
I have strong belief that you should NOT change this port. It's possible in general, however you may meet some issues like those one in your case.
I can suggest you to use reverse proxy server such as Nginx or Apache. It's much safer and maybe even faster.
So as result I'll get the following proxying chain which is fully transparent to clients:
Client (your Boss) connects to server via port 80
Nginx (or Apache) is listening port 80
Nginx sends HTTP requests to Cloudera on port 7180
Nginx returns request result to client (your Boss)
The title says almost everything. I want to use apache under windows and then redirect one or more domains to my computer using a service like No-IP. Is it possible?
Yes you just need to set port forwarding to your local machine (PORT 80 for HTTP, 443 for SSL, 21 for FTP ( if you want to run a ftp server aswell)) on your router, and set a dynamic dns there that points to NO-IP. Most likely you can add one DynDNS entry.
Yes.
You don't even need a Dynamic DNS service (like no-ip) if you have a static IP address. In that case, just register a domain name and create two DNS records -
NAME TYPE VALUE
example.com. A public.ip.address.here
www.example.com. CNAME example.com.
Most ISPs now assign static IPs (even if they claim otherwise), and if not, you can get one for a small fee ($5/month extra). Or upgrade your account to business class.
This way you don't have to introduce another layer (Dynamic DNS) into your set up.
Then install a WAMP such as - xampp (really popular here) - UniformServer -
Wamp-Developer Pro (the one I use) -
WampServer (another good one)
You'll also need to port-forward your router (ports 80 and 443) to the LAN IP, and create two rules in the Windows Firewall to unblock incoming port 80 and 443 requests.
The only thing that can go wrong is if your ISP blocks incoming port 80 (http) and 443 (https) requests. You can call and get them to unblock that, or again, update the account to business class to remove all the headaches.