Can anyone help me setup web polygraph for testing an HTTPS servers via proxy servers in middle
linux machine:192.168.21.7
proxy server :192.168.21.9
https server : 192.168.21.11
This link contains the needed information:
http://www.web-polygraph.org/docs/userman/simple.html
Basically polygraph has couple files which are bundled with it and use for testing.
The manual I gave you give example that uses polysrv but on different distributions you will probably have different names for the tool(on ubuntu it's polygraph-server and polygraph-client)
You need to set the listening service ip+port outgoing "robot" ip and then start it using command line.
For https setup we will configure our pg file on server and client with SslWrap module.
Details of same can be found in http://www.web-polygraph.org/docs/reference/models/ssl.html
Related
I have developed a Jooby-Application which is hosted on a netty server. I can access the application on localhost and tests were fine. Now I want to make the app accessable over internet and dont know what is the best way to reach this goal?
The complete application is hosted on a Windows Server, because it uses Excel. (Read/Write over Apache POI. For macros it has to be Windows) Should I try to connect the running netty-server with IIS or can I just forward the requests from outside to localhost? The last mentioned approach propably is a bad idea regarding security issues.
It works with reverse proxy over IIS. I had to install some features like Application Request Routing and URL Rewrite. Then I can start the jooby application (netty server) as usual on a specific port at localhost and set a reverse proxy to it.
I am not sure why being on a window is necessary, anyways, Netty is just a Java network programming framework, it can run on any platform where Java is installed.
You need to host a server, you can buy a VPS, install windows as OS, install Java, you can run your application as you like.
What I understand is you need to test it, for that you can use any port forwarding service like https://pagekite.net/support/intro/features/ to enable "world access" to localhost
I'm using both JIRA and Confluence on the same server, running on Windows, using Apache Tomcat.
I have two domains pointing at the server, jira.company.com and confluence.company.com.
JIRA is running fine on port 80 in the Apache Tomcat instance, and I can get to that on the JIRA.company.com domain just fine.
Confluence is currently running on port 8090 on the same machine. What I'm trying to do is get Confluence working on the confluence.company.com domain.
Most of the documentation I can see is about configuring virtual hosts and reverse proxies in httpd.conf, however in Apache Tomcat all I have to work with is the server.xml file.
I understand I can add another host to the JIRA server.xml file to point to a different docBase for Confluence, but I have a feeling this breaks Atlassian's own recommendations found here.
When I add an additional host entry into Confluence's server.xml it's ignored, and the confluence.company.com domain sends me through to JIRA.
I've done some searching and found similar questions but they don't seem to apply to my configuration - they all mention httpd.conf which isn't present on my server.
My questions:
Can I run Confluence on the subdomain by adding an extra entry in JIRA's server.xml? If possible, is this bad?
Is there another way to get my Confluence Apache instance listening on port 80 but on it's own domain name?
I can do all this on IIS with my eyes shut, but in Apache/Tomcat I'm a little lost. Thanks in advance!
Tomcat is not really meant to directly handle incoming requests as usually an Apache or other proxy is put in front of it to hide the ports and provide other useful features you would need for Single Sign On etc. Note that there is a difference between the Apache Webserver, which is commonly only called "Apache" and "Apache Tomcat", which is only an application server made by the Apache Foundation community and named "Tomcat". Tomcat only supports basic webserver functionality.
In any case, you can use the IIS as a webserver and proxy to forward the requests and at the same time hide the ports of the applications. I personally haven't used IIS but Atlassian offers a thorough explanation for the Confluence and/or JIRA integration with IIS as a proxy: https://confluence.atlassian.com/adminjiraserver071/integrating-jira-applications-with-iis-802593039.html
The page covers JIRA for the most part but section 4 also has additional information if you want to hook up both JIRA and Confluence on the same server, which is exactly your use case.
i'm using the WSO2 ESB to integrate several services on the Windows virtual machine.
I used the simple proxy to map the services deployed on it. But the problem is what i can't access them from outside it nevetheless the port 8280 where services are deployed is open for internet, but i can see only blank page instead. What could be wrong?
Another question is i was trying to map the WSO2 ESB management console itself to be availbe from outside the machine using simple proxy, and i'm failed, it loads me the this is what i see on trying the service.
Could you please give me a hint on how to resolve this issue? is it possible to share the esb mgmt console using the ESB itself?
Thanks a lot in advance,
Do u have proxy in the middle? It looks like on screenshot webpage missing all pictures, meanwhile css was loaded successfully.
Another question which kind of virtual machine u use? For example in virtualbox by default virtual machine behind NAT.
I wasn't able to connect to server on virtual machine from host only opposite way server on host available in virtual machine.
To make server in virtual machine available on host need to configure network as bridge.
Not sure if it helps, but I think I had a similar problem in our corporate network after I applied all the security patches (poodle,Diffie-Hellman etc.). I had to configure the addresses in catalina.xml (if i remember right) that are/under which allowed to access the admin console. Cannot tell you more details because I'm on holiday :-)
Maybe it's worth to give it a try.
Another example from real life. HTTP Response from external resource was application/json, status of response 200 OK. ESB configured to use
<messageFormatter contentType="application/json"
class="org.apache.synapse.commons.json.JsonStreamFormatter"/>
but content was simple text/plain.
During parsing body of http response exception was thrown and just silently was written to log, without any fault message processing. Just empty response to client.
To clarify that services reachable, there is echo service by default on server, which respond content equal to request. Try to use it.
was trying to map the WSO2 ESB management console itself to be availbe
from outside the machine using simple proxy
By default the management console tries to enforce the port 9443 for dynamic links (JSP) pages. That's why you see only part of the pages and you shouldn't be able to log on.
what you can do is edit the repository/conf/tomcat/catalina-server.xml and to the Connector running the port 9443 you can add an attribute proxyPort="443", the carbon console will be happy to run on 443.
For the services, my educated guess would be on the firewall / network rules, however without other information I cannot answer (or - they are working, just you may not try to access them by simple browser request)
the request from ihs is passed to plugin then to the application server and server received it.there is no cluster environment here.the server is up and running fine.But the response is not going back to plugin.how to troubleshoot?
(I would have made this a comment, but I don't have enough rep points).
You may need to engage IBM WebSphere Support to assist with this, but typically, for that type of issue, you would need to trace both sides of the connection (IHS plugin and WebSphere). Specifically,
Set LogLevel="Trace" in the plugin-cfg.xml
Set the following trace spec on the AppServer:
=info:com.ibm.ws.webcontainer=all:com.ibm.wsspi.webcontainer*=all:HTTPChannel=all:GenericBNF=all:TCPChannel=all
Reproducing the failure and reviewing the http_plugin.log and trace.log may provide some clues.
Do you receive some type of error in the browser? timeout? Is there anything (firewall, proxy) sitting between the IHS server and WebSphere AppServer?
It could be DNS problem with your WebSphere server. Can you please let us know about your IHS and plugin. Is it installed on same server where WebSphere is or on different server? If IHS and plugin is on different server just check that WebSphere server is able to resolve the IP address of IHS server using hostname. If not try to update host file with IP and hostname of your IHS server. It should work.
Does the client or the plugin not getting the response? Will that the request result in secure connection (i.e HTTPS/SSL...)?
The WAS server should extract most of the ports correctly if IHS/plugin is used in between. If using different webServer/load balancer(LB), the WAS server may not extract the listerning ports on the webServer/LB correctly.
You can take a look at the sample setting in PK55330 where a different web server is used in place of the IHS.
http://www-01.ibm.com/support/docview.wss?uid=swg1PK55330
Regards,
I followed the example in the following SO question to successfully set up an Apache forwarding proxy: Setting up an Apache Proxy with Authentication
It works well, except that when accessing sites via https, it says it cannot find the site. For example, Chrome gives
Error 111 (net::ERR_TUNNEL_CONNECTION_FAILED): Unknown error.
And on the server, I do not even see something in the access logs. For my proxy settings, I have configured the same for http and https (i.e. port 80 on my proxy server).
Do you perhaps have an example of how to set up a forward proxy with Apache for https?
It seems the only thing I was missing is that I had not enabled mod_proxy_connect which was achieved with
sudo a2enmod proxy_connect
To quote the mod_proxy_connect documentation page:
This module requires the service of mod_proxy. It provides support for
the CONNECT HTTP method. This method is mainly used to tunnel SSL
requests through proxy servers.
Are you attempting to terminate the SSL or just trying to create a forward proxy without handling any SSL certs? The issue that you are having is because during HTTPS proxying, the browser attempts to create an HTTP tunnel and it seems that your server is not correctly configured to handle tunneling. You can see another example here: Implementing a Simple HTTPS Proxy Application.
Here is another helpful thread on proxying HTTPS traffic with HTTP tunneling: Tunnel over HTTPS.
If you can choose something else other than Apache, I would suggest you use a robust forward proxy such as Squid or TrafficServer that are built to handle this type of setup.