Magento2 website with nginx(with SSL termination) and varnish cache - nginx

I have hosted magento2 website with Nginx, SSL termination, and varnish cache. Varnish cache is running on port 8080 and the Magento2 website is hosted on Nginx port 8081. Http and Https traffic is accepted by the same Nginx and forwarded to the varnish cache(SSL terminated).
NGINX Varnish Magento2 all are running in the same server
I have two questions,
If I tried to access the magento2 website which is running on port 8081, directly from the internet, it bypasses the SSL termination and directly connects to the website. How can I restrict that?
When configuring magento2 baseurl, If I want to host it on a different port rather than the default 80 port, Do I need to give the port number at the baseurl configuring step? eg:- php bin/magento setup:install --base-url=http://www.example.com:8081

Assuming you want to block the port from the public internet, you have multiple options. Assuming you have SSH access, you can block the port with iptables:
/sbin/iptables -A INPUT -p tcp --destination-port 8081 -j DROP
/sbin/service iptables save
Assuming you're using a non-standard HTTP port (not 80 or 443), yes, you would need to specify that in the configuration.

nginx shouldn't be listening on 8081 to the outside world to begin with. You probably need something like
server_name localhost;
in your nginx configuration

Related

How to host WordPress website on NGINX container using AWS FARGATE

I need two containers in one task defination. One for wordpress and another for nginx, however the traffic should route from nginx to wordpress. This should be done using aws fargate.
How to connect two containers ? so that nginx should send traffic to wordpress container !
In AWS Fargate, all containers in the same task can access each other at 127.0.0.1 or localhost over their respective ports.
Let's say you have Nginx configured to listen on port 80 and WordPress configured to listen on port 9000. To setup Nginx and Wordpress as you describe, you would have your Application Load Balancer forward traffic to the Nginx container on port 80, and you would configure Nginx to forward traffic to WordPress at 127.0.0.1:9000.

Config nginx to listen to all ports

I have a flask app deployed in an EC2, configured with nginx/gunicorn3. Security group in the EC2 is both(inbound and outbound) set in all traffic.
I am having an issue with nginx configuration.
I have set it to listen to port 8080 and it only works on this port (neither port 80 will do).
What I want to do is to hit the domain without the port 8080 and return the desired results. Any ideas?
You can do the following to solve the issue:
1- Change the Nginx configuration to listen on port 80 and expose port 80
2- keep port 8080, but use a load balancer in front of the EC2 node and link the domain name to the load balancer instead of the EC2 node.

Nginx and iptables overlapping

I'm a little confused with nginx and iptables, I want to redirect all traffic to port 443 or port 8443 on my server, I also have mongodb running on port 27017, by blocking it, will I be able to access the database from my node.js app (which is running on port 8443)? should I use nginx to redirect or iptables? it seems that sometimes they overlap each other. So, which one is better to handle this?

How to hide web application port in reverse proxy

I have use nginx for reverse proxy which listen on port 80. and I have a web application listen on port 9999, I config nginx with reverse proxy to redirect client request from port 80 to port 9999.
Now I found that when access 80 port, browser will show web application response (this is correct.), however, if browser directly access 9999 port, it will also show web application response.
So, How can I configure nginx that browser can only access port 80, not port 9999. Thanks!
i will recommend you two solutions:
You can bind your application to listen on localhost:9999 rather than *:9999
you can edit your firewall to don't allow traffic for 9999 port and only allow for port 80. for that you can edit iptables by going to /etc/sysconfig/iptables

CouchDB port 80

Is it possible to run couchdb on port 80? I'm looking to host a couchapp from it and don't want my users to have to type a port number in the url.
When I change the port to 80 in the couchdb config it becomes unavailable, and I have no access to it on 80 or any other port. I have to change the port back in the local.ini file.
Is this not a recommended setup? Would I be better hosting behind a reverse proxy? If so, any tips on how to get it working behind an IIS reverse proxy? I tried that too using ARR and URL Rewrite, with no success.
EDIT:
First, this chapter of the CouchDB definitive guide seems to suggest it is ok to server web apps directly from couch. Curious what the community thinks:
http://guide.couchdb.org/editions/1/en/standalone.html
Second, I installed CouchDB on a second machine that does NOT have IIS installed on it and it ran on port 80 just fine, so I suspect that even though I've turned off all websites in IIS it is still hogging port 80. Any way to make IIS give up port 80?
Ok I figured it out. By default IIS listens for port 80 on ALL IPs. So it also grabs 127.0.0.1 and listens on port 80 there as well, EVEN IF YOU TURN OF ALL WEBSITES listening on 80.
To remedy this you need to add an IP address to the IP listen list. By default this list is empty and IIS decides to just listen to all IPs. But if you add an IP or IPs to this list IIS will only listen to those IPs.
First here's how you can see what IPs are in the listen list:
netsh http show iplisten
If the list is blank IIS is listening on all IPs. To add an IP to the list:
netsh http add iplisten XXX.XXX.X.XXX (where the X's are your IP)
Now IIS and CouchDB can exist together on port 80 in happiness, as long as they both have their own IP's to listen to.

Resources