Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
I currently I use ip in acl, and I want to use username and password to do this.
Here's what I had to do to setup basic auth on Ubuntu 14.04 (didn't find a guide anywhere else)
Basic squid conf
/etc/squid3/squid.conf instead of the super bloated default config file
auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid3/passwords
auth_param basic realm proxy
acl authenticated proxy_auth REQUIRED
http_access allow authenticated
# Choose the port you want. Below we set it to default 3128.
http_port 3128
Please note the basic_ncsa_auth program instead of the old ncsa_auth
squid 2.x
For squid 2.x you need to edit /etc/squid/squid.conf file and place:
auth_param basic program /usr/lib/squid/digest_pw_auth /etc/squid/passwords
auth_param basic realm proxy
acl authenticated proxy_auth REQUIRED
http_access allow authenticated
Setting up a user
sudo htpasswd -c /etc/squid3/passwords username_you_like
and enter a password twice for the chosen username then
sudo service squid3 restart
squid 2.x
sudo htpasswd -c /etc/squid/passwords username_you_like
and enter a password twice for the chosen username then
sudo service squid restart
htdigest vs htpasswd
For the many people that asked me: the 2 tools produce different file formats:
htdigest stores the password in plain text.
htpasswd stores the password hashed (various hashing algos are available)
Despite this difference in format basic_ncsa_auth will still be able to parse a password file generated with htdigest. Hence you can alternatively use:
sudo htdigest -c /etc/squid3/passwords realm_you_like username_you_like
Beware that this approach is empirical, undocumented and may not be supported by future versions of Squid.
On Ubuntu 14.04 htdigest and htpasswd are both available in the [apache2-utils][1] package.
MacOS
Similar as above applies, but file paths are different.
Install squid
brew install squid
Start squid service
brew services start squid
Squid config file is stored at /usr/local/etc/squid.conf.
Comment or remove following line:
http_access allow localnet
Then similar to linux config (but with updated paths) add this:
auth_param basic program /usr/local/Cellar/squid/4.8/libexec/basic_ncsa_auth /usr/local/etc/squid_passwords
auth_param basic realm proxy
acl authenticated proxy_auth REQUIRED
http_access allow authenticated
Note that path to basic_ncsa_auth may be different since it depends on installed version when using brew, you can verify this with ls /usr/local/Cellar/squid/. Also note that you should add the above just bellow the following section:
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
Now generate yourself a user:password basic auth credential (note: htpasswd and htdigest are also both available on MacOS)
htpasswd -c /usr/local/etc/squid_passwords username_you_like
Restart the squid service
brew services restart squid
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 11 months ago.
Improve this question
I'm having a hard time viewing Wildfly welcome page on port 8080 + tried apache on port 80 too, and they timeout. I can ssh to the server and using (curl localhost:8080) and (curl localhost:80) show Wildfly and apache welcome pages respectively. I have checked the Security List and Security groups and even opened ALL traffic just to see if they are causing this problem, but unfortunately the problem still there.
I'm using ubuntu 20.04 image and the UFW (firewall) is inactive so the problem isn't from there.
By default every oracle instances come with 2 firewall.
Hardware Firewall (Known as VCN)
Software Firewall (They use a very hard iptables rules and regular ufw doesn't work with that.)
The 2nd option is very annoying and also took me about 3 days to solve my problem. You can follow my following instructions and hopefully it will also fix your problem.
1st you have to open the port on the Hardware Firewall (VCN) and when you believe you have opened the port then by login to the server using ssh use this command to clear the default oracle iptables rule.
sudo iptables -F
But remember whenever you will reboot the server you will need to again run the flash command. So if you don't want to run this command every time after server reboot. Then after running the flash command run this command to save your flashed iptables rules.
sudo netfilter-persistent save
So, you will not need to run the iptables falsh command every time on the startup of the server.
Closed. This question is not about programming or software development. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 5 months ago.
Improve this question
I have made "streamlit dashboard app" and I need to deploy it on the pvt linux server of my team. I understand running "streamlit run app.py" - gives me the url and everyone within the startup-company with access to server is able to access it with that url and port 8501.
I used "nohup" cmd and make sure the process isnt killed but I am not sure if this is the right way?
I need to host this just like any other webapp port-number 8501 not visible on the url-bar.
I gave extensive searches but most of the contents are just about hosting it on heroku and streamlit hosting.
Sorry If am being naive about web dev and hosting but thats the reason I opted stremalit even if I get direction I can find my way.
Hosting instructions are available at https://discuss.streamlit.io/t/streamlit-deployment-guide-wiki/5099
There's more than a couple of links in there.
The one that seems most relevant to your need
is Standalone executable --> nginx -->
https://discuss.streamlit.io/t/streamlit-docker-nginx-ssl-https/2195/5
That will let nginx worry about unruly internet clients,
password authentication, IP whitelists,
https certificates and the like,
proxying requests along to your port 8501.
Alternatively, note that $ streamlit run --help
comments on --server.port INTEGER.
You can also adjust this by setting
the environment variable STREAMLIT_SERVER_PORT.
If you are trying to modify the URL to localhost, it can be done by changing the streamlit configuration. Streamlit provides four different ways to set configuration options. Please refer: https://docs.streamlit.io/library/advanced-features/configuration
Below are two of the four methods which you can use to configure your streamlit app.
Method 1:
Using config.toml file. Place this file in a folder named .streamlit, which should in the same folder as the .py file you are trying to run.
Folder structure:
ParentFolder
|__ main.py (# your python script )
|__ .streamlit
|__ config.toml
Config File
[server]
port = 7777
baseUrlPath = "/url_path/"
[browser]
serverAddress = "0.0.0.0"
Method 2: Adding the config parameters in the command line.
streamlit run main.py --server.port 7777 --server.baseUrlPath /url_path/ --server.serverAddress = '0.0.0.0'
The above config will run your app on the URL: http://localhost:7777/url_path/
I am a bit late but this issue bothered me for a while as well. My best shot so far is to use redir to redirect incoming traffic from port 80 to port 8105 :
sudo apt-get install redir
sudo redir --laddr=0.0.0.0 --lport=80 --caddr=0.0.0.0 --cport=8501
Then open port 80 and voila...
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 7 years ago.
Improve this question
I am running Ubuntu 14.04LTS and have FileZilla 3.7.3 installed, I also have a VM running WIN7 with WinSCP 5.5.1.
Under WIN7 when using WinSCP, in the editing dialog under the advanced tab there is a category “Connection” with two options, Proxy and Tunnel . The server I need to FTP or SFTP requires a tunnel, so my setting are Connection through ssh tunnel checked off as yes. The host name Tunnel.rr.net on port 22 and I have to enter in my user name and password, file protcall is set to SFTP, local tunnel port is set to Autoselect and no private key is needed. I know these setting are correct because it works just fine for me I my WIN7 VM, I select the server I need, I see it connect to the tunnel and than my server.
I am new to FileZillaile and the setting options seem to be a bit more extensive, the closest thing I see equivalent is under settings in Generic Proxy. So I set my tunnel host, user name and password which I know are correct because I have no issue with WinSCP.
When I set the Generic proxy to HTTP/1.1 using CONNECT method I get error, Error: Proxy error: HTTP response was absent
& Error: Could not connect to server, when I set it to SOCK 5 I get an error Error: Proxy error: SOCKS proxy returned unexpected version
& Error: Could not connect to server.
Again, I am new to FileZilla so it must be a setting that missing glaring because it is too simple under WinSCP.
So what would the equivalent of “tunnel” be on with WinSCP , in FileZilla?
FileZilla does not support anything equivalent to WinSCP SSH tunneling feature.
You can of course tunnel it through an external SSH tunnel. E.g. via PuTTY or OpenSSH ssh.
See my guide Setting up tunnel using PuTTY for SFTP/SCP session.
(The guide is for WinSCP, but works for any SFTP/SCP client.)
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 4 years ago.
Improve this question
I'm using windows 7 and I want to redirect one of the ports on localhost to IP which is accessible from another jump host.
Is there any tool to do that,
I want to achieve following--
localhost:5000->windows_server(with credentials)->local ip for windows server
I would personally recommend looking into the the free, open source STunnel, to see if it suits your requirements.
https://www.stunnel.org/index.html
This can be run via the command line, its own GUI, and as a Windows Service that can automatically start at boot time.
Stunnel can act as a tunnel for clients from you local machine to a remote server (and optionally provide a tunnel to clients to connect to endpoints on your local machine).
The basic principal is that you edit a configuration file to provide mapping of a local port to a remote host and port combination.
There are comprehensive examples included in the default configuration file; the Windows version can be viewed here:
https://www.stunnel.org/config_windows.html
I use this to connect to a Redis cache service that is hosted on Azure, and I did so by adding a simple entry as shown below:
; ***************************************** Example TLS client mode services
[redis-cli]
client = yes
accept = 127.0.0.1:6380
connect = xxxxxx.redis.cache.windows.net:6380
The basics are straightforward; you are stating that connections are accepted to your local machine (127.0.0.1) on port 6380, and are being connected to the specified remote host and port. There is good documentation available for other scenarios.
Now, the original question does not specify what type of credentials you need to pass, or what the client application is. In the scenarios that I encounter, it is the client that passes the credentials to the connection, and STunnel handles the port forwarding.
Perhaps look at the authentication options for Stunnel here:
https://www.stunnel.org/auth.html
And ideally, supply some more background information.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
Please forgive the embarrassingly dumb newb question.
Here's the scenario:
As part of a task I have to SSH into a server and create some files. I was given the servers name (some.server.com) and an SSH key (id_rsa.username) to use. I am told to use the username and the provided key to login. Since I am relatively new to the workings of SSH this is what I have done:
I have downloaded id_rsa.username to my Downloads directory.
I have tried loggin in with
ssh -i downloads/id_rsa.username username#some.server.com
But I get ssh: connect to host some.server.com port 22: Operation timed out
I have tried using port 2222 and also 11234 ( I used that port once on a different server).
Is there anything I am doing wrong on my end? I don't have access the server admin to ask any questions so I have to try to figure this out myself.
in my case, I change the rule of ufw, and that rule ban the ssh connect
so run sudo ufw allow sshsolve the problem
"Operation timed out" means that you're not making a TCP connection to the remote server. The remote computer may be down, or there may be a firewall blocking access to the the remote server, or your local computer may not have suitable network access. It's not really possible to say what the exact problem is, based on the information here.
If you're in a corporate network, you should contact your local computer support staff for assistance. It's not unheard of for companies to block outgoing SSH from their corporate network.
Otherwise, if you need help troubleshooting network connectivity, you'd probably get better results on Superuser.