How to open HTTPS port in Google cloud? - https

Hello today configured vps on Google Cloud and put Vesta control panel, but the problem is not open one https that is, and the ip server and the domain itself does not open on https. Set up Google Cloud firewall and opened ports 80,443 but https does not open the site itself is not the ip of the server. Checked through online services port 443 is closed but settings of the server and a firewall of Google and ip tables say that port 443 is opened (checked by several services port 443) and in the browser through ip of the server and the domain on https do not open. Please tell me how to open port 443?
Same with ports 8443,8080.

I am not able to comment but here are some steps that might help to isolate the issue:
Check to see if the port is open or closed or filtered using nmap
nmap [ip_address]
Firewall rules are defined at the network level and therefore make sure that you follow this document while creating the firewall rules to allow incoming traffic on TCP port 80 and 443 (same for other ports). In this document in step 11, choose " specified protocols and ports" and enter tcp: 80, tcp: 443.
As you previously stated, you need to make sure there is no firewall running inside the VM blocking those connections.
You also need to verify if the application running on your vps is listening on port 443. To check this, try with this command.
sudo netstat -ntlp | grep LISTEN
In the output, if you don't see the application beside port number, check if your vps is rightly configured to ports for your application.

I was having the same issue with NGinx. And Found the root cause finally to be the Firewall (GCP VM Firewall) having a lower priority for the rule. ie: I had 65534 (which is super low priority) for the "Ingress 443" rule. Which did block the traffic coming into the SSL. Instead when I set this rule to 1, traffic started flowing and issue sorted.
What finally helped me was https://cloud.google.com/vpc/docs/using-firewalls
Thanks #Md Zubayer for the tip.

Related

How to install peerjs server on windows server with multiple IP addresses

I have installed the peerjs server on my windows server as per github, and successfully get the message:
“Started PeerServer on ::, port: 9000, path: /myapp”.
I then opened port 9000 in the windows firewall, and find the following two entries in the netstat listing:-
TCP 0.0.0.0:9000 vmBCE3892:0 LISTENING
[node.exe]
TCP [::]:9000 vmBCE3892:0 LISTENING
[node.exe]
My server has 2 different IP addresses for 2 different web applications under IIS.
To check peerjs connectivity I used telnet as follows:-
telnet ipaddress 9000
with each IP address, neither would connect.
I cannot see how to tie the peerjs server to one of the ipaddresses or the corresponding domain name.
It seems that my ISP blocks all ports other than 80 & 443, despite them appearing to be available in my firewall. As for the two IP adresses, either would have reached peerjs server had the port been open.

Port forwarding in zte router F670L

Trying to post a website via port forwarding but everytime I use an open port check tool it says that the port cannot be reached. I was wondering if someone out there has done port forwarding in this router. Thank you.
These are the settings for my port forwarding:
Protocol: TCP
WAN host start & end IP: Blank
WAN Start and End Port: 8080
LAN host start and end port: 8080
WAN Connection: TR069
LAN host address: my IP
I have set up a static IP address, and even changed the port of httpd.exe to 8080 and 8081 (xampp) because I thought my ISP was blocking port 80.
Any type of help is appreciated. Cheers.
I was battling this over a month only to discover that I have a CGNAT (Carrier given NAT [NAT from ISP]) So no matter what settings I changed on my router my ports will never be opened.
Today finally my ISP removed the NAT from my account and I was able to proceed to open ports.
So I am sharing this info now for any others who may have difficulty opening their ports.
For the ZTE F670L GPON ONT router, you need to login as an admin:
Username: admin -
Password: Web#0063
Proceed to Internet in the main tab and select Security in the left panel then
in the sub tabs select Port Forwarding.
I also have DMZ enabled. Here are the screenshots of my settings.
(Please be sure that your PC/device IP is static)
Screenshot of my static IP on my PC
https://i.imgur.com/Ug51E7k.png
Screenshot of port forwarding settings for port 16000 UDP (I opened both TCP and UDP)
https://i.imgur.com/F3KP6PG.png
Screenshot of DMZ settings. (Not always necessary)
https://i.imgur.com/4MZWP1A.png
If your ports are not opened after just the normal port forwarding settings, you can try to enable DMZ as in the above screenshot. If still no luck, contact your ISP and ask them to remove NAT from your account.
I hope this helps
I kept blaming my poor router when in fact it was just my ISP.
What I did to solve this problem was made a listener request in my case on Linux, using the following command "nc -l -p PORT", before that you need to set up correctly the port forwarding on the F670L, then you go to a web port checker and just fill with your ip, and the port that you opened.
It will work only with the first request, then the port will close.
Hope you can solve it

How do I route all traffic to my EC2's ip address to a specific port?

I have a basic web application running on a port in an EC2 instance. I have also created an A record in Route53 which points a domain name that I own towards the ip address of the EC2 instance.
When I directly access ip-address:port, it works fine, but because the a record does not point towards that specific port, the website cannot be accessed through the domain name.
How do I specify a port that all requests to that ip address should be routed to?
port is referenced by protocol you are using.
if you use http you will connect to port 80. https uses 443, ftp 21, smtp 25 and there are many others (they are called default ports for service but they may use every other defined).
You are probably running application, listening on some different port (but using protocol http) and that's why you can reach it by entering http://ip-address:port
what you can do to reach it by entering only http://ip-address is to set it to listen on port 80 (you will need root privileges to do this) or set redirect from port 80 to your applications port (you can use pure port redirection using iptables or (better) reverse proxy software. It can be apache as mentioned in comment above, or nginx or haproxy or something else (you haven't specified operating system anyway - those are mainly for linux).
Hope that helps

Can't access ec2 instance via fsockopen in PHP pointed at my ec2 public IP and designated port

Before anything else, I have read about 30+ StackOverflow answers and none of them seem to address my particular flavour of this problem. Below I list all the answers I have already tried before asking for more advice.
I am trying to access my ec2 instance via socket in PHP from a different machine via fsockopen, pointed at my ec2 public IP (I have an Elastic fixed IP address 54.68.166.28) and designated port.
Behaviour: I can access the instance and the ChatScript application running inside from within the instance, via the public IP directly on the browser. But if I run the exact same webpage with the exact same socket call on an external machine targeting my instance's IP address (double checked it is the correct one) I get a 500 Internal Server Error when connecting on port 1024 (for my custom TCP connection), another 500 on port 443 (HTTPS). On port 80 (HTTP) it hangs 20+ seconds then gives me status 200 success, except it does not connect properly to the application and responds with nothing.
Troubleshooting:
I have set up my security group rules to accept incoming TCP from anywhere:
HTTP (80) TCP 80 0.0.0.0/0
HTTP (80) TCP 80 ::/0
HTTPS (443) TCP 443 0.0.0.0/0
HTTPS (443) TCP 443 ::/0
Custom (1024) TCP 1024 0.0.0.0/0
Custom (1024) TCP 1024 ::/0
Outbound rules span port range 0 - 65535 with destination 0.0.0.0/0, so should work.
I ssh every time without problems into the instance on port 22. SCP also works fine.
Checked $sudo service httpd status: running, which is why my UI displays there fine.
Checked $sudo /sbin/iptables -L and all my policies are set to ACCEPT with no rules
Checked $ netstat --listen -p and the app I am targeting is listening on port 0.0.0.0.0:1024.
Checked Network Utility and ports 80 and 1024 are registered as open. Port 443 is not. Pinging did not work for any of them, with 100% packet loss.
Checked my instance is associated to the security group with all the permissions - it is. IP is clearly correct or I could neither ssh nor serve webpages... which I can.
I stopped and restarted the instance.
I replaced the instance.
I think this is due diligence before asking for help... now I need it!
I realised my configuration was correct: the problem was that the hosted domain I used for the GUI, like most hosted domains, does not open custom ports, so tcp did not work.

Windows: how to pass all traffic to a specific port via an HTTP proxy?

Short version of the need:
Pass all traffic of a specific port (TCP) via a proxy
It should be an HTTP proxy with port 8000
Description
I have an application that needs to reach an external IP with a specific port (TCP). But the standard corporate network blocks outbound traffic to this port.
I can, however, access that port when working with the corporate HTTP proxy that works on port 8000.
Alas, my application does not have any proxy settings, and IE's proxy settings are irrelevant.
Port forwarding and tunneling won't do me any good (already tried netsh anyway), since I need not only to reach the proxy, but I need it to actually function as a proxy.
Can anyone recommend on a method / software that will allow me to pass all traffic to port X via a proxy?
It has to be the traffic of a specific port, since there is a web server installed on that machine and I don't want to temper with it.
Thank you!
Windows doesn't route by port. The real answer is send the traffic to a firewall or layer 3 device that can route by port.
But,
If you know the ip address of the destination you could force that traffic to the proxy if the proxy address is on the same subnet. If it's not on the same subnet your computer will try to send the traffic to that as a gateway but it won't be avaiable (it won't be routed). But, it's so simple it's worth a try.
Example....
Computer 192.168.1.10, 255.255.255.0
Proxy 192.168.1.254 255.255.255.0
Destination IP. 68.68.68.68
route add -p 'destination ip' 'destination subnet range' 'where to send traffic, normally the next hop gateway'
Using example addresses (replace the two addreses with yours but keep 255.255.255.255)
Open Command prompt as administrator, Type route add -p 68.68.68.68 255.255.255.255 192.168.1.254
Using 255.255.255.255 forces it to only route one address.
-p will make the route stay after a reboot.
If it doesn't work you can remove the route simply route delete 'destination ip'
Route delete 68.68.68.68

Resources