Lightsail avoid direct IP navigation through HTTP - http

I have a full working Lightsail instance.
I successfully configured and bind to it my custom domain and, in order to use SSL, I created a Distribution with the associated certificate. Since I want to avoid using HTTP, in the DNS records I mapped my domain not to my static IP, but to my distribution.
Everything is working fine and if I navigate to www.exemple.com I am redirected to https://www.exemple.com
The problem is that my server is still accessible from outside the distribution through HTTP and if I navigate to its IP xxx.xxx.xxx.xxx, I reach it via HTTP.
Is it possible to avoid to reach the server from outside the distribution or to avoid it allow HTTP?
Thank you in advace!

Related

Wordpress Gcloud Load Balancer HTTPS front end, but IP on port 80 still open on the back end

I'm trying to put a simple Wordpress site on Google Cloud with SSL.
I set up a load balancer using an instance group, as described here: https://docs.bitnami.com/google-templates/how-to/configure-lb-ssl-google-templates/
except I used one-click deployment instead of bitnami.
unmanaged instance group with the vm as a member
load balancer with the instance group on the backend, port 80
front end HTTPS, port 443
The front end works, this is my test site: https://thescanclub.com
However, insecure access is still possible to the backend I.P. and also the database! I must have left out a firewall or something. How would you fix this?
Back end IP to the vm: 34.150.136.72
PS... this is a small test site and may get a new vm if I have to redo it.
The Google Managed Certificate that you created resides within the Front End of the Load Balancer. This means that it will only use the Google's SSL certificate, and redirect from HTTP to HTTPS when you access your Wordpress site through the Load Balancer's front end IP address or through the domain (thescanclub.com).
Digging the A record of your domain, you'll see that it is not pointed to the VM's public IP but rather to a different one which I presume is the HTTPS Load Balancer's front end IP.
If you wish to access the website directly from the VM's public IP, then it will be best to set up a letsencrypt SSL certificate within the Bitnami instance and set up the HTTP to HTTPS redirection through it. Hope you find this documentation helpful.

Pass mixed content with reverse proxy

I have a website and users create their own app. But i can't embed these apps on my website via iframe, because my website has SSL certificate and got this error:
Mixed Content: The page at 'https://domain' was loaded over HTTPS, but requested an insecure resource 'http://IP_ADDR'. This request has been blocked; the content must be served over HTTPS.
My workflow is like that:
Click create button
Deploy EC2 instance from AWS
Get IP EC2 address from AWS
Embed this app via iframe
I want to embed these IPs to my website, IP addresses are dynamic. Anyone can create machine anytime.
What is best practice solution for this issue?
Best practice (and also the only I can think of) solution IMHO would be to use proper HTTPS for the iframe content also. You'd need a possibility to automatically create DNS records though (you can do so with AWS Route 53). Regarding SSL you could use a wildcard certificate (e.g. Let's Encrypt). Nginx could be configured to proxy_pass by DNS name as opposed to IP. Then your workflow would become this:
Click create button
Deploy EC2 instance from AWS
Get IP EC2 address from AWS
Create DNS record
Embed this app via iframe

Access Multiple Web Sites Hosted on single server on local network from workstations

I am trying to set up a secondary web site hosted on our local domain controller running IIS-8.
I already have one site working successfully thought our network, the default site.
I have successfully got the second one to work on the localhost (the domain controller Server 2012-R2), but I can't seem to access it from any of the other workstations on our network.
I added the new site.
Set the binding to IP address:192.168.1.1, Port:80, Host Name:dyo.mysite.com
I have modifed C:\Windows\system32\drivers\etc\hosts to show 192.168.1.1 dyo.mysite.com, and I have added an alias to the forward lookup Zone in the DNS Manager. (Name:byo.mysite.com, FQND:byo.mysite.com.mydc.com, Target Host: 192.168.1.1)
I can't seem to access the site from any of the network work stations. I have tried many combinations of addresses, http://byo.mysite.com, 192.168.1.1/byo.mysite.com, \mydc\byo.mysite.com, etc.
I would imagine that I am probably missing something simple. I just don't know it is.
Any insight would be greatly appreciated.
To get your server accessed from other workstation. You have to promise
Your IIS site can be accessed via IP address directly.
the client workstation is using your DNS
Your client workstation is not bypassing your DNS server by .pac proxy
So could you get access the website via IP address by disabling default website and set the site to unassigned IP or 192.168.1.1 with null domain name?
If you want to access the website via byo.mysite.com. Then you shouldn't set FQDN like byo.mysite.com.mydc.com. because Web browser will never consider byo.mysite.com as an alias but a different server. That's why When you set FQDN like byo.myDC.com, you could get work by access http://dyo and you could also access website via byo.mysite.com.mydc.com but fail with byo.mysite.com.
How to set DNS correctly
To get it work, please create an new primary Forward Loopup Zone named mysite.com. Then create a new HOST(A) record to map to your machine name like dc.mysite.com and 192.168.1.1. Then create an Alias(CNAME) called www to map to this A NAME. Then the FQDN will be www.mysite.com.
Finally bind your IIS site and access the website should work.
PS: Please make sure your other workstation is not using a proxy.

Netlify and ngrok linking

I have a front-end deployed on Netlify and a back-end is deployed on localhost which is exposed using ngrok.
Is it possible to link them so that when I click on the Netlify link, it would send request to my localhost server exposed from ngrok ?
Netify can proxy to a dynamic backend, that is an intended use case. The problem we'll have is using "localhost" - netlify needs a valid hostname to connect to. So, if your ngrok is exposed (not firewalled) at some public IP, you can put that into your redirects configuration:
/backend-stuff-in-this-path/* https://1.2.3.4/:splat 200!
will send all requests to the path /backend-stuff-in-this-path/ANYTHING to the server at 1.2.3.4/ANYTHING
This may not be incredibly useful since your machine will change IP addresses sometimes one presumes, but if you were using localhost anyway, you weren't planning to put it in production quite yet. Note that redirects are deploy-specific, so you do need to redeploy to change the location if your IP changes.

Proxy + HTTPS = Page doesn't load

I've developed a web app, which uses HTTPS and which works fine when I access is it (live). Yet some customers, who use proxy servers, can't access the site. I already tried to use a real certificate (a cheap one and only a trial, but yet valid), but that didn't help.
Everytime one of these users tries to access the site the browser tries to load it until a timeout occurs. One user even was shown an authentication (but I'm not 100% sure if this was due to a proxy, still waiting for response from the customer)
For which reasons can this happen and what can I do about it?
I'm using IIS, ASP.NET (C#) and JS. Sideinfo: The URL contains a port, the internal structure of the network the IIS is running in (not mine) doesn't allow it otherwise.
443 is dedicated port for HTTPS connectivity. Add type 'HTTPS' with default port 443 in Site bindings of hosted site directory. Check after whether SSL is enabled or not? in IE(browser)->Tools->Internet options->Advanced->Security.
If the HTTPS port in your web app's URL isn't port 443, you'll have a problem with corporate proxies that don't like non-standard HTTPS ports.
i.e. I hope your URL looks something like this: http://example.com:443/...

Resources