I'm using tinyproxy to reverse proxy. I have three subdomains pointed to the same server, and we need them to point to specific ports internally. That is, port 80 from any particular subdomain, mapped to a particular port. See the config example below.
The config looks like this:
Port 80
#Allow 127.0.0.1
#ReverseOnly yes
upstream 127.0.0.1:8115 "website.example.com"
upstream 127.0.0.1:3000 "api.example.com"
upstream 127.0.0.1:9000 "socket.example.com"
When I pull up any subdomain, all I get is:
Access denied
The administrator of this proxy has not configured it to service requests from your host.
Generated by tinyproxy version 1.8.3.
I cannot find adequate documentation anywhere. I'm thinking of contacting the maintainers. Please help.
I hope you already got the answer, but if you have not, here is the setting to allow client connecting to your proxy:
#
# Allow: Customization of authorization controls. If there are any
# access control keywords then the default action is to DENY. Otherwise,
# the default action is ALLOW.
#
# The order of the controls are important. All incoming connections are
# tested against the controls based on order.
#
Allow 127.0.0.1
#Allow 192.168.0.0/16
#Allow 172.16.0.0/12
#Allow 10.0.0.0/8
Allow 0.0.0.0/0
In my example here, I allow 0.0.0.0/0 because I'm configuring a reverse proxy from the Internet to my other VPS.
Also, your configuration above is for forward proxy, not reverse proxy.
To enable reverse proxy function, you need at least the following:
ConnectPort 80
ConnectPort 443
ReversePath "/" "http://<your server IP>:8080/"
ReverseOnly Yes
ReverseMagic Yes
Related
I have a basic web application running on a port in an EC2 instance. I have also created an A record in Route53 which points a domain name that I own towards the ip address of the EC2 instance.
When I directly access ip-address:port, it works fine, but because the a record does not point towards that specific port, the website cannot be accessed through the domain name.
How do I specify a port that all requests to that ip address should be routed to?
port is referenced by protocol you are using.
if you use http you will connect to port 80. https uses 443, ftp 21, smtp 25 and there are many others (they are called default ports for service but they may use every other defined).
You are probably running application, listening on some different port (but using protocol http) and that's why you can reach it by entering http://ip-address:port
what you can do to reach it by entering only http://ip-address is to set it to listen on port 80 (you will need root privileges to do this) or set redirect from port 80 to your applications port (you can use pure port redirection using iptables or (better) reverse proxy software. It can be apache as mentioned in comment above, or nginx or haproxy or something else (you haven't specified operating system anyway - those are mainly for linux).
Hope that helps
Hello today configured vps on Google Cloud and put Vesta control panel, but the problem is not open one https that is, and the ip server and the domain itself does not open on https. Set up Google Cloud firewall and opened ports 80,443 but https does not open the site itself is not the ip of the server. Checked through online services port 443 is closed but settings of the server and a firewall of Google and ip tables say that port 443 is opened (checked by several services port 443) and in the browser through ip of the server and the domain on https do not open. Please tell me how to open port 443?
Same with ports 8443,8080.
I am not able to comment but here are some steps that might help to isolate the issue:
Check to see if the port is open or closed or filtered using nmap
nmap [ip_address]
Firewall rules are defined at the network level and therefore make sure that you follow this document while creating the firewall rules to allow incoming traffic on TCP port 80 and 443 (same for other ports). In this document in step 11, choose " specified protocols and ports" and enter tcp: 80, tcp: 443.
As you previously stated, you need to make sure there is no firewall running inside the VM blocking those connections.
You also need to verify if the application running on your vps is listening on port 443. To check this, try with this command.
sudo netstat -ntlp | grep LISTEN
In the output, if you don't see the application beside port number, check if your vps is rightly configured to ports for your application.
I was having the same issue with NGinx. And Found the root cause finally to be the Firewall (GCP VM Firewall) having a lower priority for the rule. ie: I had 65534 (which is super low priority) for the "Ingress 443" rule. Which did block the traffic coming into the SSL. Instead when I set this rule to 1, traffic started flowing and issue sorted.
What finally helped me was https://cloud.google.com/vpc/docs/using-firewalls
Thanks #Md Zubayer for the tip.
Short version of the need:
Pass all traffic of a specific port (TCP) via a proxy
It should be an HTTP proxy with port 8000
Description
I have an application that needs to reach an external IP with a specific port (TCP). But the standard corporate network blocks outbound traffic to this port.
I can, however, access that port when working with the corporate HTTP proxy that works on port 8000.
Alas, my application does not have any proxy settings, and IE's proxy settings are irrelevant.
Port forwarding and tunneling won't do me any good (already tried netsh anyway), since I need not only to reach the proxy, but I need it to actually function as a proxy.
Can anyone recommend on a method / software that will allow me to pass all traffic to port X via a proxy?
It has to be the traffic of a specific port, since there is a web server installed on that machine and I don't want to temper with it.
Thank you!
Windows doesn't route by port. The real answer is send the traffic to a firewall or layer 3 device that can route by port.
But,
If you know the ip address of the destination you could force that traffic to the proxy if the proxy address is on the same subnet. If it's not on the same subnet your computer will try to send the traffic to that as a gateway but it won't be avaiable (it won't be routed). But, it's so simple it's worth a try.
Example....
Computer 192.168.1.10, 255.255.255.0
Proxy 192.168.1.254 255.255.255.0
Destination IP. 68.68.68.68
route add -p 'destination ip' 'destination subnet range' 'where to send traffic, normally the next hop gateway'
Using example addresses (replace the two addreses with yours but keep 255.255.255.255)
Open Command prompt as administrator, Type route add -p 68.68.68.68 255.255.255.255 192.168.1.254
Using 255.255.255.255 forces it to only route one address.
-p will make the route stay after a reboot.
If it doesn't work you can remove the route simply route delete 'destination ip'
Route delete 68.68.68.68
The title says almost everything. I want to use apache under windows and then redirect one or more domains to my computer using a service like No-IP. Is it possible?
Yes you just need to set port forwarding to your local machine (PORT 80 for HTTP, 443 for SSL, 21 for FTP ( if you want to run a ftp server aswell)) on your router, and set a dynamic dns there that points to NO-IP. Most likely you can add one DynDNS entry.
Yes.
You don't even need a Dynamic DNS service (like no-ip) if you have a static IP address. In that case, just register a domain name and create two DNS records -
NAME TYPE VALUE
example.com. A public.ip.address.here
www.example.com. CNAME example.com.
Most ISPs now assign static IPs (even if they claim otherwise), and if not, you can get one for a small fee ($5/month extra). Or upgrade your account to business class.
This way you don't have to introduce another layer (Dynamic DNS) into your set up.
Then install a WAMP such as - xampp (really popular here) - UniformServer -
Wamp-Developer Pro (the one I use) -
WampServer (another good one)
You'll also need to port-forward your router (ports 80 and 443) to the LAN IP, and create two rules in the Windows Firewall to unblock incoming port 80 and 443 requests.
The only thing that can go wrong is if your ISP blocks incoming port 80 (http) and 443 (https) requests. You can call and get them to unblock that, or again, update the account to business class to remove all the headaches.
We have couple of http sites running behind load balancer ( with failover capability using hearbeat) and one https site. Everything is running fine but now i want to
add another https site. I couldn't find any references for hosting multiple https sites.
Has anyone hosted multiple https sites using HAproxy ? Can you please tell me how can i achieve this ? pls help me with your inputs.
Thanks,
Santhosh
You have to write rules to pick the backend either based on the frontend (IP address), Host header or TLS SNI ("Server Name Indicator"). What's best depends on your application really. If you need support for clients that don't support SNI (really old); then they won't get real TLS and you have to pick the backend based on the Host header.
Since I wrote the answer below haproxy has added ssl as a new feature. I use it on https://manage.ntppool.org/ and it's working nicely. You need the latest 1.5 development release (or 1.6 if that's out by the time you read this).
In HAProxy 1.8 http/2 is supported, too.
In 2012 the answer was:
HAProxy itself doesn't support SSL, you have to run an "SSL unwrapped" in front. Popular options are stunnel and stud. For HTTP you can also use Apache or Nginx.
You can launch any number of HTTPS enabled website using HAProxy. You have to do SSL offloading at HAProxy box. And ha-proxy will redirect requests to your server(site-box) via HTTP. You can distinguish between requests coming for your 2 different https website by parsing your URI, after SSL-ffloading at HA-Proxy
See HA-Proxy docs for more details, see hdr_dom and acl sections this will solve your problem.
Just for reference, you can get it with:
frontend http
bind :80
redirect scheme https code 301 if !{ ssl_fc }
frontend https
bind :443 ssl crt /etc/haproxy/ssl
reqadd X-Forwarded-Proto:\ https
option http-server-close
option forwardfor
# ACL for example1.com
acl ACL_example1.com hdr(host) -i example1.com
use_backend backend1 if ACL_example1.com
# ACL for example2.com
acl ACL_example2.com hdr(host) -i example2.com
use_backend backend2 if ACL_example2.com
backend backend1
balance roundrobin
server server1 192.168.1.10:80 check
server server2 192.168.1.20:80 check
backend backend2
balance roundrobin
server server3 192.168.1.30:80 check
server server4 192.168.1.40:80 check
In /etc/haproxy/ssl you must to have certificates in .pem format containing crt and key:
example1.com.pem
example2.com.pem
And use HAProxy above version 1.5