In the old release of light-4j, we can start the server with both HTTP and https with port 8080 and 8443. However, after the upgrade to the latest version, we cannot enable both anymore. Here is the output.
HOST IP null
Http Server started on IP:0.0.0.0 Port:8443
Https Server started on IP:0.0.0.0 Port:8443
By default only 8443 which is the HTTPS/HTTP2 port is enabled right out of the light-codegen. The reason is the most our users are using Consul with Kubernetes and Consul only gives host and port as the result of the lookup. That is why we can only enable either HTTP or HTTPS not both at the same time. As we provide default certs for both client and server, it doesn't make sense to use HTTP in my opinion unless you have tools that don't support HTTPS.
Related
I am trying to do load testing with JMeter for a spring boot application running locally on port 8080.
Request configured is a GET request, and protocol is https. I get following error message:
javax.net.ssl.SSLException: Unsupported or unrecognized SSL message
at java.base/sun.security.ssl.SSLSocketInputRecord.handleUnknownRecord(SSLSocketInputRecord.java:439)
at java.base/sun.security.ssl.SSLSocketInputRecord.decode(SSLSocketInputRecord.java:184)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:108)
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1151)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1062)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:402)
Any input on it would help?
Your are most probably using https to hit the server while you should use http as port 8080 is usually for http.
Otherwise change port to 8443 for https
Did you cross-check the port number on JMeter?
make sure that the same port is defined in JMeter as well.
https://localhost/application/sub/url
For the above URL, the port number is 443 which is the default port for https
https://localhost:8080/application/sub/url
Whereas the above URL uses 8080 for communication.
Please make sure the correct port has been specified.
Additionally, also note that that JMeter itself doesn't allow unsigned certificates. Make sure the certificates are properly signed via Certificating Authority.
Please is it possible to configure reverse proxy using nginx for Grafana and Prometheus on same server. I have configured Prometheus access through https(listening on port 443 and direct output to port 9090). This works fine but configuring Grafana which is on same server to be accessed through https has been impossible. I tried it listening on port 80 and direct its output to port 3000, but it always default to http port. I also tried another port for listening but never worked.
Has anyone done this before and please can you share your valuable experience. Thanks.
Maybe this docker compose can be helpful https://github.com/vegasbrianc/prometheus/blob/master/README.md
The suggestion is to move the ssl termination to any web server (NGinx, Traefik, HAProxy) and forward the request in plain text to the underline services (prometheus and grafana). Here some examples: HAProxy exposes prometheus and Traefik
I have port 9200 proxied via 80 on my server running elasticsearch. I have a camel route that needs to index documents to this server.
Is it supported in the camel-elasticsearch plugin? ie access elastic search via a non 9300 port?
I understand that port 9300 uses a native elasticsearch transport protocol.
What are my options here? Can I proxy 9300 via apache? I'm not sure if that works.
Or does the camel-elasticsearch plugin support http transport? Please help. Thanks.
The port you are referring to, it is the HTTP port:
http.port A bind port range. Defaults to 9200-9300.
http.publish_port The port that HTTP clients should use when communicating with this node. Useful when a cluster node is behind a
proxy or firewall and the http.port is not directly addressable from
the outside. Defaults to the actual port assigned via http.port.
http.bind_host The host address to bind the HTTP service to. Defaults to http.host (if set) or network.bind_host.
http.publish_host The host address to publish for HTTP clients to connect to. Defaults to http.host (if set) or
network.publish_host.
http.host Used to set the http.bind_host and the http.publish_host Defaults to http.host or network.host.
So you really don't need a proxy, you can have elasticsearch listen directly on port 80.
If you already have a process running on port 80; then you can proxy the connections to 9200 (and leave elastic search as default).
Java Transport Client ---> Apache HTTP Proxy(80) ----> ES (9300) [ Can
I do this? As I understand that Java Transport Client uses a non-http
protocol? ]
The protocol has nothing to do with the port.
Simply pass 80 to InetSocketTransportAddress. See the documentation for a complete example.
My server offered by boss can access by port 80.
How can I configure the Web UI port 7180 to 80?
It doesn't work that I modified the server_port in /etc/cloudera-scm-agent/config.ini
I can't access the UI, so the following does not work:
Cloudera Server Ports
I need configure it in config files.
I have strong belief that you should NOT change this port. It's possible in general, however you may meet some issues like those one in your case.
I can suggest you to use reverse proxy server such as Nginx or Apache. It's much safer and maybe even faster.
So as result I'll get the following proxying chain which is fully transparent to clients:
Client (your Boss) connects to server via port 80
Nginx (or Apache) is listening port 80
Nginx sends HTTP requests to Cloudera on port 7180
Nginx returns request result to client (your Boss)
I have couchdb 1.2 running on the port 5984 by default and I've enabled the bind address 0.0.0.0 so that I can access the couch from the outside world. At the same time I've enabled the "required user" to true(which by defaults enables the basic auth for couchdb). I can access the couch from outside and I'm majorly using this for replication.
I have nginx in front of my application and so all the requests coming to http://example.com are reidrected to https://example.com and the requests are served by my passenger server which runs my rails application.
As I've enabled the couch from out side the world, currently I can access my couchdb either by http://ip_address:5984 or http://example.com:5984 (observer its not https).
I want to enable https to the requests which are served by couchdb. Couple of solutions which I've thought and will not be useful for me are -
1. Add a proxy to couchdb either through location ex: all requests to https://example.com/couchdb/ can be proxy passed to http://127.0.0.1:5984 (or)
2. Add a proxy by listen port ex: listen on a different port say "https://example.com:5985" and proxy pass the requests to http://127.0.0.1:5984.
3. I can't listen to 5984 and proxy pass it to http://...:5984 as the port is already being used by couchdb.
Is there a way I can say nginx to proxy pass all the requests to port 5984 through https?
ie any requests to http://example.com:5984 should be redirected to http**s**://example.com:5984
I guess the simple answer for my question would be its not possible to proxy pass requests from http://example.com:5984 to {https://example.com:5984}. For solving this problem i've enabled default https for couch so i can access my couch only through {https://example.com:5984}. SSL for couch was implemented from couchdb1.1