i'm using the WSO2 ESB to integrate several services on the Windows virtual machine.
I used the simple proxy to map the services deployed on it. But the problem is what i can't access them from outside it nevetheless the port 8280 where services are deployed is open for internet, but i can see only blank page instead. What could be wrong?
Another question is i was trying to map the WSO2 ESB management console itself to be availbe from outside the machine using simple proxy, and i'm failed, it loads me the this is what i see on trying the service.
Could you please give me a hint on how to resolve this issue? is it possible to share the esb mgmt console using the ESB itself?
Thanks a lot in advance,
Do u have proxy in the middle? It looks like on screenshot webpage missing all pictures, meanwhile css was loaded successfully.
Another question which kind of virtual machine u use? For example in virtualbox by default virtual machine behind NAT.
I wasn't able to connect to server on virtual machine from host only opposite way server on host available in virtual machine.
To make server in virtual machine available on host need to configure network as bridge.
Not sure if it helps, but I think I had a similar problem in our corporate network after I applied all the security patches (poodle,Diffie-Hellman etc.). I had to configure the addresses in catalina.xml (if i remember right) that are/under which allowed to access the admin console. Cannot tell you more details because I'm on holiday :-)
Maybe it's worth to give it a try.
Another example from real life. HTTP Response from external resource was application/json, status of response 200 OK. ESB configured to use
<messageFormatter contentType="application/json"
class="org.apache.synapse.commons.json.JsonStreamFormatter"/>
but content was simple text/plain.
During parsing body of http response exception was thrown and just silently was written to log, without any fault message processing. Just empty response to client.
To clarify that services reachable, there is echo service by default on server, which respond content equal to request. Try to use it.
was trying to map the WSO2 ESB management console itself to be availbe
from outside the machine using simple proxy
By default the management console tries to enforce the port 9443 for dynamic links (JSP) pages. That's why you see only part of the pages and you shouldn't be able to log on.
what you can do is edit the repository/conf/tomcat/catalina-server.xml and to the Connector running the port 9443 you can add an attribute proxyPort="443", the carbon console will be happy to run on 443.
For the services, my educated guess would be on the firewall / network rules, however without other information I cannot answer (or - they are working, just you may not try to access them by simple browser request)
Related
I just configured an NGINX instance on the Jelastic platform.
In my environment's firewall inbound rules there are now a few default rules added.
With source All. (HTTP, HTTPS, ...)
I changed the source of these firewall rules to Local LAN.
So I expect that when I go to my Jelastic public URL in my browser on my own computer, I do not get a website but I'm blocked by the firewall.
This is not happening. I do not want the website to be used from the outside. This environment will host some REST API's and workers running on the inside and only triggered by other environments I have.
Kind regards.
Roel
We recommend following this guide to disable access to your container (CT) from the outside: https://docs.jelastic.com/release-notes-59/#restrict-node-access-via-shared-load-balancer-slb
However, please keep in mind that you'll not be able to access this CT from another CT too.
UPDATE:
little clarification
If "Access via SLB" disabled, the nodes within the layer are inaccessible via SLB (including the Open in Browser button in the dashboard) and return the 403 "Forbidden error" instead of the intended service. Herewith, access via the private network from the other nodes of the environment, access via SSH and access via endpoints from the public network is not affected.
We also want to draw your attention to that described feature is available from the Jelastic PaaS 5.9 release
I have developed a Jooby-Application which is hosted on a netty server. I can access the application on localhost and tests were fine. Now I want to make the app accessable over internet and dont know what is the best way to reach this goal?
The complete application is hosted on a Windows Server, because it uses Excel. (Read/Write over Apache POI. For macros it has to be Windows) Should I try to connect the running netty-server with IIS or can I just forward the requests from outside to localhost? The last mentioned approach propably is a bad idea regarding security issues.
It works with reverse proxy over IIS. I had to install some features like Application Request Routing and URL Rewrite. Then I can start the jooby application (netty server) as usual on a specific port at localhost and set a reverse proxy to it.
I am not sure why being on a window is necessary, anyways, Netty is just a Java network programming framework, it can run on any platform where Java is installed.
You need to host a server, you can buy a VPS, install windows as OS, install Java, you can run your application as you like.
What I understand is you need to test it, for that you can use any port forwarding service like https://pagekite.net/support/intro/features/ to enable "world access" to localhost
the request from ihs is passed to plugin then to the application server and server received it.there is no cluster environment here.the server is up and running fine.But the response is not going back to plugin.how to troubleshoot?
(I would have made this a comment, but I don't have enough rep points).
You may need to engage IBM WebSphere Support to assist with this, but typically, for that type of issue, you would need to trace both sides of the connection (IHS plugin and WebSphere). Specifically,
Set LogLevel="Trace" in the plugin-cfg.xml
Set the following trace spec on the AppServer:
=info:com.ibm.ws.webcontainer=all:com.ibm.wsspi.webcontainer*=all:HTTPChannel=all:GenericBNF=all:TCPChannel=all
Reproducing the failure and reviewing the http_plugin.log and trace.log may provide some clues.
Do you receive some type of error in the browser? timeout? Is there anything (firewall, proxy) sitting between the IHS server and WebSphere AppServer?
It could be DNS problem with your WebSphere server. Can you please let us know about your IHS and plugin. Is it installed on same server where WebSphere is or on different server? If IHS and plugin is on different server just check that WebSphere server is able to resolve the IP address of IHS server using hostname. If not try to update host file with IP and hostname of your IHS server. It should work.
Does the client or the plugin not getting the response? Will that the request result in secure connection (i.e HTTPS/SSL...)?
The WAS server should extract most of the ports correctly if IHS/plugin is used in between. If using different webServer/load balancer(LB), the WAS server may not extract the listerning ports on the webServer/LB correctly.
You can take a look at the sample setting in PK55330 where a different web server is used in place of the IHS.
http://www-01.ibm.com/support/docview.wss?uid=swg1PK55330
Regards,
I am writing a javascript/strophejs xmpp client, and have been so far using it to connect to a xmpp server hosted at hosted.im, via a public BOSH service (http://bosh.metajack.im:5280/xmpp-httpbind). The html/javascript is also hosted online, at testserver.host56.com (not the real url).
Now, I decided to host the xmpp server on the amazon web cloud, and use my own Bosh service, hosted on this server as well.
Now, my ec2 instance is at myAWSDNS.us-west-2.compute.amazonaws.com (also not real url).
I also have a BOSH service up and running, at myAWSDNS.us-west-2.compute.amazonaws.com:7070.
Finally, I have also allowed traffic to this ec2 instance through both the instances firewall and through the AWS Security Group policy.
However, when trying to connect to this instance's xmpp server (openfire), using my JS/strophejs client, I get the following message in the Chrome javascript console:
XMLHttpRequest cannot load http://myAWSDNS.us-west-2.compute.amazonaws.com:7070/. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://myAWSDNS.us-west-2.compute.amazonaws.com' is therefore not allowed access
Why am I getting this issue, if the origin is on the same domain as the requested resource?
The Ec2 instance is running Windows Server 2012.
This is the code I use to log in:
var conn = new Strophe.Connection("http://myAWSDNS.us-west-2.compute.amazonaws.com:7070/");
conn.connect("chris#myAWSDNS.us-west-2.compute.amazonaws.com", "myPassword", somecallback);
Thanks,
best regards,
Chris
As previously mentioned, even if you're on the same domain, the ports must also match otherwise CORS is required.
You may not be using the correct URL for your connection manager, all of the ones I've seen use an address ending in /http-bind/ or similar.
Have you tried connecting with Strophe.Connection("http://myAWSDNS.us-west-2.compute.amazonaws.com:7070/http-bind/");?
Also, you can test for the presence of the crossdomain.xml file by simply visiting http://myAWSDNS.us-west-2.compute.amazonaws.com:7070/crossdomain.xml to ensure that CORS has been successfully enabled.
The browser will not allow since the ports are different. I don't know what you have at AWS, but you can proxy the request in both direction, like as:
http://myAWSDNS.us-west-2.compute.amazonaws.com/http-bind/ <---------> http://myAWSDNS.us-west-2.compute.amazonaws.com:7070/
See item no 5: Connecting with Strophe.js of the tutorial for Apache use case.
I am wondering how the proxy will bypass the content filter within firewall?
For example, if you are in China and try to connect to facebook, the GFW will block it. But if you use proxy server, then you can connect through. What is the logic here?
Thanks,
The Firewall blocks the web address from being accessed. A proxy has a different web address and is therefore accessible. However, the proxy is able to access the web address as it is outside the firewall. It sends the HTML code from the webpage to be accessed to your computer.
Think of the proxy as a middleman. It gets you what you want and then sends it to you, without you ever accessing the webpage directly and alerting the firewall.