It appears that when I start my heroku server remotely, it chooses a random value for the port. This is handled fine on the server by using the process.env.PORT value but how does a hard-coded client know what port to use to connect to the heroku server? There seems to be no way to force the heroku port value - this seems to be for cool server restart ability and container issues and to prevent port collisions. That's cool but how can I use a server who's port changes from time to time?
While your app needs to listen on a random port, from an outsider point of view, you will always open a connection on port 80 or 443.
Heroku has a router through every connection goes first.
Whenever a request goes to appname.herokuapp.com or a custom domain you have configured, it is sent to that router.
The router knows about all your running dynos (and the port the app runs on), and will pick one randomly to send the connection to.
Related
I'm looking for a command like:
ping google.com
But I also want to use the port, like google.com:8080
I want to know if a client can connect to my servers socket listener at a certain port.
My core problem is, 100% of users are able to connect to my websocket port at 8080, but only single digit x% are able to connect to websocket port at 2053. This is independent of device. After research I've found out that some ISPs might be blocking this port.
I have a web app running on a Amazon EC2 Instance on port 8080, the webapp while starting, starts a Socket io server listening on port 9092.
in the client file connecting to the Socket io server i have this:
io.connect('http://<IPADDRESS>:9092');
Unfortunately, this request is getting blocked as shown :
I thought the problem was about inbound rules of my EC2 instance, i therefore allowed traffic for the purpose as shown:
But the requests are still blocked...
NOTE: When my app is hosted locally, everything works fine.
So why is amazon behaving this way and what am i supposed to do to come across this issue?
UPDATE:
netstat -a -n | grep 9092 outputs this on instance:
Also have a look on what firefox shows me about a request attempt timings:
It turns that i was binding my server to the localhost address, as if it were accessed from the localhost.
Thanks to #robertklep comment, i did bound the server to the ec2 instance address and it's working now.
The easiest way to establish a socket connection with your server from outside of EC2 is to listen to all the incoming traffic:
server.listen(3000, '0.0.0.0');
This is only recommended for testing and development environment. Do not use this for production.
I have a web page to control a thermostat on a raspberry pi, and I'm running into difficulties when trying to get websockets to work from a remote client. It seems to work fine when on LAN however. I'm obviously missing something (and likely something basic), but I can't seem to figure out what it is.
The pi's local ip is 192.168.1.134. The web page (served from apache server) has the URL http://192.168.1.134:8010/thermostat.html. The page starts up some javascript, which then tries to connect to the pi's main program using websockets via ws://192.168.1.134:9000. (the server on the pi is running libwebsockets). The websocket comes up, and it seems to work fine. I then tried to connect via a remote client (a cell phone, where wifi was turned off) from http:\\23.239.99.99:8010\thermostat.html. The html/js files load fine, but the web socket attempts to connect to uri ws:\\23.239.99.99:9000, and this fials.
As far as I can tell, the NAT seems to be configured properly:
name ext ext protocol int int ip addr interface
port port port port
start end start end
Thermostat3 8010 8010 TCP 8010 8010 192.168.1.134 eth3.1
Thermostat5 8000 8000 TCP/UDP 80 80 192.168.1.134 eth3.1
Thermostat_ws 9000 9000 TCP/UDP 9000 9000 192.168.1.134 eth3.1
I checked, and the router does not have any firewalls set up, neither does my modem. I didn't install a firewall on the pi (I checked, and there's no odd iptables rule). Does anyone know what I'm missing?
--- EDIT ---
I'm still stuck on this. I called my ISP and they assure me there are no firewalls on their servers. Is there any way to tell if port 9000 is being blocked, and by who?
Bind your apache server to 0.0.0.0 address to make it accessible from remote machines
Try this tool to determine if the port is inaccessible (use the custom port): http://www.whatsmyip.org/port-scanner/
Everything else looks fine. As a sanity check I would try putting the ws port to 8010 to see if that works. I would also recommend using a tool like Advanced Web Client to isolate networking issues.
This is interesting. I once had a similar problem. I set up a WebSocket (I was using a nodejs ws) and once I tried to access it from remote client I was not able to reach it with ws://yourip:port but instead I had to use http://yourip:port. I don't know if you have the same problem, mine was due to a proxy I was using.
I still have an advice for you how you might be able to solve your problem. I don't know how concerned you are about security but as far as I understood your idea you basically connect to your raspberry pi through a WebSocket and tell it to change the temperature.
Back when did a similar project I found it rather hard to secure my WebSocket connection. I was basically sending a password plus command through the WebSocket to my server which then checks wether the password is correct. Otherwise everyone on the internet could heat your house. Not cool...
But therefore, I had to tunnel the connection through https to prevent a middleware attack.
I quickly threw the towel and decided to go with a completely different solution. Basically I set up a nodejs express server (can easily be configured with a self signed certificate to use https or used behind a nginx/apache https server) and authenticated with username and password. When someone made a POST request to /api/thermostats?id=0 with a temperature request, the server checks if the user is authenticated and then executes a terminal command from within node.
Maybe this idea also fits your demands.
All,
I have a web application running on tomcat on an amazon ec2 instance and I have a DNS name on godaddy which redirects to this web app on ec2 with an elastic ip.
Everything works fine when I open the port number 80 to all inbound traffic but recently I received an email from Amazon support saying Denial of Service (DoS) attacks were launched from my instance to IP(s) xxx.xx.xx.xxx via UDP port(s) 80.
How can i make the application accessible by closing port 80 to outside world?
Thanks in advance,
keran
http is over TCP. Only open TCP on 80, keep UDP on 80 closed. The webapp should work.
I have a web application running on tomcat on an amazon ec2 instance and I have a DNS name on godaddy which redirects to this web app on ec2 with an elastic ip.
A re-directs is an HTTP thing (and not very effecient, nor good for bookmarking). Do you mean your web app has an A record?
Everything works fine when I open the port number 80 to all inbound traffic
Yup, you need to open port 80 to serve traffic.
but recently I received an email from Amazon support saying Denial of Service (DoS) attacks were launched from my instance to IP(s) xxx.xx.xx.xxx via UDP port(s) 80.
There are 2 possible explanations:
1) Your software is buggy and trying to send data to their box via UDP. This isn't that likely, but is possible if you accidentally enabled/misconfigured collectd, syslogd, statsd, or some other package.
2) Your software is buggy and let a hacker take over your box. It could have been your web application, or it could have been some other service (if you have other ports open to the world).
Either way, a good system administrator could use TCPDump to figure out where the problem is.
How can i make the application accessible by closing port 80 to outside world?
You Can't. If you want to serve traffic to the world, you need an open port. Blocking port 80 TCP will not fix your problem because "incoming traffic on TCP port 80" (used for web servers) has nothing to do with "outgoing UDP port 80". If your box is sending UDP traffic, then it's a broken/misconfigured program running on your box.
That said, you can use a proxy service like CloudFlare to "hide" your servers behind their load balancers. But that won't fix your fundamental problem, which seems to be that your box insecure. If you are going to put a server on the Internet, you need to level up your security knowledge, or hire a system administrator.
If your content is "static" (i.e. not constantly changing, like a simple blog that's updated a few times per day), you should look into serving it from S3. S3 doesn't require a System Administrator, while EC2 does.
I've created a simple client/server program with the help of winsock in vb6. It perfectly works on LAN but the problem is it doesn't work on WAN. All ports are already open, Firewall is already Off, I have dynamic IP so I used No-ip to get named IP address.
One more think I want to ask is , is it important to open port on both client and server? For eg- I've created the program on port 50505 and on the client computer the port is open but is it important to open 50505 on server also??
Here is my project.
If anyone could find the problem please let me know. I would appreciate a lot
Okay, first make sure that in the client side program that the Localport is not set to anything because Windows will assign it one, but the RemotePort is set to 50505. On the server side, the RemotePort is set to nothing, and the LocalPort is set to 50505.
Next you need to make sure your server has a static IP on your network.
So if your router's LAN IP is 192.168.1.1 you need to set your server's to
something like 192.168.1.50, just make sure that it doesn't get put in the range or the
DHCP server (That's the server that gives each computer a IP address from the router).
Next you need to setup your router for "Port forwarding". Be default your router had no idea what to do with data that the internet sends to it. You have to setup the router to forward any data from port 50505 to your server on your network.
While this seams really long and drawn out, it shouldn't take more than 5-10 min's to setup.
Good luck!
You need to configure the router that the server is behind to forward connections on that port to the computer running the server.
Otherwise, the client will not be able to connect to the server.