External IP + SSL - https

how can i use the external ip of my centos7 instance with https, like for example https://external_ip to open an application like https://external_ip:Port/my_application

Generate a self-sign certificate using openssl.
Check this out here:
https://stackoverflow.com/a/10176685/9662626
Open a https port on your webserver. Set the certificate in the config (I can't be specific here because I don't know about your operating system and your choice of web server). Finally setup a reverse proxy to proxy the web server port to your app port.

Related

Browser Proxy Connection Over VPN

I have a VPN (pptpd) server configured and a client connected. In the same machine of VPN server, I have a proxy server (port 3128)(squid) running with authentication enabled. When I use the proxy in my firefox browser it works fine. However, when I conect my notebook to my VPN server I can't navigate using firefox + proxy. Just to remember Proxy server and VPN server running in same machine (a VPS). I'm using UFW firewall.
Is there some tips in configuration files (pptpd or squid) to get this problem fixed?
Best Regards!
use squid's access.log to make sure: squid doesn't receive requests from your notebook; check the routing availability between internal IP network of VPN server and proxy address, it must be accessible (pingable). you may use port address translation (PAT) as a simple fix.

Using SSL Cert for ngrok dev environment

I am working to setup my application to watch calendar events through Google's Calendar API. In doing so I must setup a "Push" endpoint on my server that has a valid SSL certificate (not self-signed).
My production environment is running on Heroku so setting up an SSL cert was easy using Expidited SSL. I have two CNames setup in GoDaddy, one for my production application and one for my development environment tunneled through ngrok. I'm using the paid ngrok feature of white labeled domain tunneling (dev.mydomain.com).
Host Points To
www saga-1234.herokussl.com
dev ngrok.com
The problem is that my ssl certificate is recognized when you hit the production application (www.mydomain.com), but it uses ngrok's certificate when you visit the development application (dev.mydomain.com).
How can I setup my ngrok tunnel to use my ssl certificate?
Ngrok's white labeled domain does not support HTTPS if you are using your own domain. Simply because it serves it's own certificate, where you need to serve your domain's. That's why you are getting certificate mismatch issue.
Here's what you could do to watch calendar events on your dev machine:
Point ngrok.mydomain.com to another server, let's say a new EC2
micro instance
Point wildcard CNAME to ngrok.mydomain.com
Compile ngrok server and client to use your certificate (rather than
ngrok.com)
Run the ngroku-server on EC2 instance
On your dev machine config the client to use ngrok.mydomain.com instead of ngroku.com
Run ngrok -subdomain=dev 80
Your local dev machine's 80 port should be accessible via https://dev.mydomain.com
This is really cool and is very helpful when debugging Google's webhooks, which require valid HTTPS and a verified root domain name.
Another interesting trick is to use CloudFlare's universal SSL to have a valid https://dev-machine.mydomain.com pointing to your dev machine without purchasing a certificate. The steps are exactly the same except that you need to issue your own certificate for ngrok client-server communications and use CloudFlare's Flex SSL for dev-machine.yourdomain.com.
ngrok has a new feature that tunnels and terminates SSL. Thus you can use your own domain and HTTPS. No need to open ports in your router or PC. They call it TLS Tunneling. The following is a link to a GitHub repos that describes how to do it.
How to use your own domain to access your home PC over the internet. Use HTTPS without raising SSL errors.

polygraph for https via proxy server

Can anyone help me setup web polygraph for testing an HTTPS servers via proxy servers in middle
linux machine:192.168.21.7
proxy server :192.168.21.9
https server : 192.168.21.11
This link contains the needed information:
http://www.web-polygraph.org/docs/userman/simple.html
Basically polygraph has couple files which are bundled with it and use for testing.
The manual I gave you give example that uses polysrv but on different distributions you will probably have different names for the tool(on ubuntu it's polygraph-server and polygraph-client)
You need to set the listening service ip+port outgoing "robot" ip and then start it using command line.
For https setup we will configure our pg file on server and client with SslWrap module.
Details of same can be found in http://www.web-polygraph.org/docs/reference/models/ssl.html

How to add a certificate on a windows service

I have a custom soap-service for windows server which listens on a portnumber (for ex. 1024). When I make a call to this service using http:// (ip or domain):1024 the service works well.
When I try to make the same call to https:// (ip or domain):1024 I get the following response:
SSL connection errorUnable to make a secure connection to the server.
This may be a problem with the server, or it may be requiring a client
authentication certificate that you don't have.
When I try to connect to the same ip without the portnumber my IIS responds without any issue (I have a certificate installed).
Any help would be welcome!
Let's clarify:
a)-- Your delphi code is directly opening a socket and listening on a port
or
b)-- Your delphi code is hosted by IIS, and IIS is listening on a port
If it is 'a', then you need to add SSL support to your delphi app, so that your delphi app can speak SSL to clients. E.g. if you use Indy, or remote objects, or whatever, then your SSL work will happen at that level.
If it is 'b' then you go through the standard process of IIS SSL management (e.g. create a request file in IIS, then purchase a cert, then install the cert in IIS.... http://support.microsoft.com/kb/299875 )

Configure Glassfish v3 with pac file?

I have web service client deployed on Glassfish v3. It needs to access a server that requires proxy access. I have a pac file (proxy auto config) but I don't if/how I can use this to configure my Glassfish instance so the my client can access the service. If it's not doable, is there another way to set up access to a proxied server?
Thanks!
I have not found any info on setting up proxy access with a PAC file, however you could set a hostname and port for a proxy server both for HTTP and HTTPS via JVM settings, see question here.
You could set up a proxy on your localhost, which could handle a PAC file or mask proxy authentication. I use Authoxy for this for my local server on Mac OS X, no doubt there are similar programs for other OSes. Then set up your Glassfish to connect via the proxy on your localhost.
In the end, I did not need to configure Glassfish with the pac file. :)

Resources