I'm trying to setup HTTPS to some of my company's web services.
Currently I have several web services sharing the same public ip address proxied by a firewall (all allowing both 80 and 443):
web1.company.net
web2.company.net
web3.company.net
and so on...
I have SSH access to these VMs only when connected to the company's VPN.
I tried setting up let's encrypt with auto renewal with 2 different docker images (and both are giving the same "error"):
jwilder/nginx-proxy + jrcs/letsencrypt-nginx-proxy-companion
https-portal
After completing the setup, if I'm connected to the VPN, the HTTPS works perfectly (I basically see the closed lock next to the link).
Whenever I disconnect the VPN connection and test the same website I get the following:
I also tried to check the certificate chains.
When I'm connected to the VPN I get the correct certificate chain:
When I'm not connected to the VPN I believe, I don't:
Any clue on what can cause this? Maybe the firewall doesn't know how to proxy the request because part of what it needs is encrypted and it doesn't know how to decrypt it? I'm a total newbie in this.
All help is appreciated and thanks in advance.
Related
I have an account in chatgpt but as I located in the restricted country, I tried to use AWS proxy (US server) to login chatgpt. Few weeks ago it worked but now I get an error message access denied error code 1020. I used tinyproxy in stealth mode at first but since I was unable to pass through the cloudflare, I guessed probably the proxy was not good enough to disguise itself as a proxy, so I tried squid vpn in stealth mode and algo vpn, but all did not work(Tried other AWS countries server as well other than US). Until now, I figure out chatgpt might probably just banned all connection from amazon or perhaps my proxy is just not smart enough to pass through cloudflare? What are more options? Any recommended free vpn proxy that I could installed into my AWS EC2 or perhaps I should try other less known cloud services instead? e.g. (other non-restricted country's local cloud services) Besides, I have consider using other free proxy from the internet but as I need to login my gmail, is it danger to do so but since its https so my username and password should be encrypted?
I have the same problem, simple ssh tunneling works you can use a jump server to bypass your country first and than use different server to use as proxy because some of your vps servers get banned with IP, so you may have to use another vpn with different proxy
ssh -D "port to make SOCKS 5 Connection like" <10808> -J <"user">#<"jump server IP"> <"user">#<"final server IP">
than you can use "foxyproxy" extention to build SOCKS5 proxy that uses specified port in this example 10808 to route your browser terrafic through tunnel in port 10808 to final server
or you can use something like sshuttle, but i was fine with this simple tunneling method in GFW
So, I've encountered a weird situation and am wondering whether you may have some suggestions as to how to investigate it...
I have a C# app that connects to Azure Blob Services using the latest SDK and TLS 1.2. When I am at home and on the Internet, I am able to upload files to blob storage without any issues. However, when I go into our office, using the same app on an office computer, I get a connection failure. I am able to access the Internet through a browser.
The networking is as simple as at my home... ISP connection, router/firewall, my computer.
I cannot imagine why enabling TLS1.2 would suddenly make my app not work in the office, but still work at home. Based on these tests, it seems like a NIC issue or an infrastructure issue at the office, but I have never heard of a NIC or router blocking TLS 1.2 outside of a VPN connection. There is no VPN involved.
I am planning on directly connecting my computer to the company's Internet connection, configuring the nic for the wan, and see what happens. If it works, then there must be something strange going on with the company's router (nothing elaborate; netgear, or such).
Has anyone encountered this issue? Seems really odd to me...
Thanks for your time and interest,
Mike
• It is not an issue with enabling of TLS 1.2 on your office network or your home network or even your Azure blob storage, it is basically related to the communication over SMB TCP port 445 from your local system to the mapped Azure blob storage on your system.
On your home network, you were able to access the blob storage and able to upload files in it because your ISP has enabled outbound communication over SMB TCP port 445 on his firewall and gateway server over the internet and thus, you were able to access the mapped Azure blob storage and upload files in it. But the same case is not valid for in your office network as it being a protected one, outbound communication over SMB TCP port 445 is restricted and not allowed.
• To test whether communication over TCP SMB port 445 can happen or not, I would request you to execute the below powershell command and check the results thereafter: -
Test-NetConnection -Port 445 -ComputerName somestoragexxx.file.core.windows.net
If this TCP 445 connectivity fails, then you could check with your ISP or your on-premises office network security is blocking communication over outbound port 445. Please note that you should open the outbound port instead of inbound port 445.
Kindly refer to the documentation link below for details to know the different ways to access files in Azure files: -
https://learn.microsoft.com/en-us/azure/storage/files/storage-files-faq#general
Also, refer to the link below for knowing the Azure routing mechanism to reach the resources hosted on Azure: -
https://learn.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview#default
I am testing with the v2 C# payment example.
https://github.com/petespatio/connect-api-examples/tree/master/connect-examples/v2/csharp_payment/PaymentExample
When i run locally everything works properly and i can actually create a payment.
When i try to run on my website (1and1 hosted), i get
error calling charge: unable to connect to the remote server
Does anyone know what has to be done to allow this connection?
Regards
Have you tried pining the server you are connecting to? That's a good place to start. Try:
ping connect.squareup.com
To see if you can connect at all. If you can't ping the server, it might be a firewall issue on your server.
1&1 has information about setting firewall rules on their hardware firewalls for their dedicated linux servers here:
https://help.1and1.com/servers-c37684/dedicated-server-linux-c37687/system-security-c37699
and information on setting firewall rules for their cloud servers here:
https://www.1and1.com/cloud-community/learn/networking/firewall/
Hope this helps!
A friend has a PC with access to the internet. I also have internet but I want to connect to the internet through my friend's computer, using his computer as a VPN, so that I can access websites blocked by my current ISP.
I know I can use logmein (For example) to control his PC and surf there, but I just need the ability to connect to his PC/network and surf through his internet, just like a VPN does.
my question is: what software / method can help us achieve this?
Note: he has dynamic i.p internet
Bypassing DNS blocks isn't that hard.
You can use Google DNS to reach about every site. You change your Domain Name Settings[*] to those of Google and you'll be able to visit TPB or other blocked sites.
If you want to work with a VPN, it'd be best if your friend sets his IP to static.
This way you can use the built-in VPN client in Microsoft to connect to him. Check out this tutorial on how to make a VPN on his pc and connect with it from yours.
[*] DNS-settings are needed to retreive an IP from your ISP. If you change them to Google DNS, you'll get an IP from Google and your DNS-lookups (when you surf to a site) will go via Google instead of via your ISP. This allowes you to bypass local DNS-blocks and some sites will load a few miliseconds faster.
So I have this issue. The issue is I am unable to connect to my red5 server from a remote client. I also have not found any tutorials on how to install red5 so that remote clients can connect to it. However, here is what I have done...
Inside My MXML Flex File I try to connect to the computers IP that the server is running on(My Server is running from within Eclipse). The line for connecting looks like this netConnection.connect(rtmp://192.168.2.12/myApp, true);
All that happens is after a lot of minutes go by, I just get NetConnection.Connect.Failed and there is no log being output by Eclipse. Almost like it never even registers the connection that the remote client is trying to make.
The other interesting thing is that I am ABLE to connect to my Red5 Server using a different computer within my local home network just fine. But only when it is remote I am unable to connect.
I have changed my Red5-web.properties file and added this...
webapp.contextPath=/myApp
webapp.virtualHosts=*, 127.0.0.1, localhost, 192.168.2.14, 174.122.104.3
The 174 one is my website where the Flex Swf Resides on.
I think maybe somehow my computer is not setup or configured to allow these remote connections and is rejecting them or something, I'm not quite sure why a remote client can't connect. Does anyone have any idas?
Your help is greatly appreciated.
You may uninstall the red5 and reinstall it.
When it ask you the server ip address type your server's LAN adress (192.168.2.* or 10.0.0.* whatever). This solved my problem.
In my opinion, if you have at least one domain name that you own, the best way for you to go is to set up an Apache Http Server to your server machine, and create subdomains for both red5, rtmp and rtmpt. Make the Apache handle your incoming requests, and decide their correct routing there.
In case you don't own a domain, or the previous way is too time-taking to set up and get it work, you should just make sure that the ip address you're trying to connect to is not an internal IP.
In your example above you are trying to connect from the client to a 192.168... address. If you try to connect to it from within your LAN, it works, since that ip there is registered to your machine.
But when you take your notebook to your neighbor, and using his internet connection to access your site and connect to red5, the client (flex application) will also try to connect to that 192.168..., and your neighbor's router has no idea about your LAN, probably it doesn't have such an internal IP address either, but SURELY cannot connect to your server.
So instead of using 192.168... in your connection string, you should try using your external IP address (the 174... one):
netConnection.connect("rtmp://174.122.104.3/myApp", true);
This will work always, as far as you have a static IP address.
Also make sure, that your red5 server is accessible over the 80 port, or if it's not, specify the correct port number there.
For that you can do following thing...
These steps I took and it's solved my problem...
1.During the installation, you must have given ip 127.0.0.1 (localhost) and port :5080
2.firstly open the port (5080 and 1935) on firewall.
Visit http://windows.microsoft.com/en-in/windows/open-port-windows-firewall#1TC=windows-7
3.Now to go red5->conf->red5.properties and open this file in notepad++. (or any other editor)
4.repalce http.host and rtmp.host ip with your ip address (ipv4)
5.start the red5 service.
6.Now check http://yourip:5080
It will start working, and you can access it from other system also (in the same network Obviously )