I am currently running a service with systemctl, and it is running as an http proxy, not normal http. Is this something that Google does? I am using port 8080 and I can't connect to it via http. My daemon is using port 8080, while using the type http-proxy (I am seeing this with the command nmap -sV -sC -p 8080 35.208.25.61 -vvvv -Pn). Instead, I want the daemon I'm running (wings.service) to use http, so it can use that type of connection to connect to my panel.
The panel is part of a piece of software along with the daemon, it's called pterodactyl. Anyways, I have tried everything on what to do, and I think this problem that I am addressing is the problem that causes dysfunction on my panel. I might just have to move to a different service to host my bots for discord.
Let me know if there's anything I can do to fix this.
As per I can understand you are unable to access the panel via web URL.
Pterodactyl web server can be installed using NGINX or Apache web servers, and both web servers by default listed on port 80 based on Pterodactyl web server installation guide, so you must enable HTTP port 80 traffic on your Compute Engine VM instance
The default firewall rules on GCP do not allow HTTP or HTTPS connections to your instances. However, it is fairly simple to add a rule that does allow them following this steps:
1.-Go to the VM instances page.
2.- Click the name of the desired instance.
3.- Click Edit button at the top of the page.
4.- Scroll down to the Firewalls section.
5.- Check the Allow HTTP or Allow HTTPS options under your desired VPC network.
6.- Click Save.
Note: The Pterodactyl panel and Daemon installation are not the same for each operating system, if after checking the VPC firewall rules on the VM settings and also the status of the web server in the instance (NGINX or Apache) you still cannot access your panel, please provide a step by step list with all commands you followed to complete the installation, including the OS version you used.
Related
I'm currently trying to setup a tunneling tool, specific for game servers.
So you can start the server locally and everyone can join without open your ports or getting unsecure.
Basicly I do a reverse ssh tunnel to one of my dedicated linux servers where the game port get mapped to a different port (for example 8888). So the server is now exposed to the internet and available for anyone and the user don't have to get unsecure and open his own ports. Everyone can connect to the following ip: SERVERADRESS:8888.
The command which gets executed looks like this:
ssh -N -R "*:8888:localhost:25565" root#SERVERADRESS
This works fine just as i want. But I also want to secure my "forwarding" server, so I'm relativ new to networking but I found reverse proxy's. I watched some tutorials and I installed the "Nginx Proxy Manager" tool which comes with a web interface and looks very good and easy. So there is an option to create an Stream (Picture below), there you can enter the incoming port and the forward Host + port, for example: REVERSEPROXY:7777 -> FORWARDINGSERVER:8888. So with this I want to hide the ip adress from the server where all the ssh tunnels. Sadly this Stream tool won't work, I already saw some other topics with that. They all said to enter the port into the docker-compose.yml which I already did + restart. But for now it won't work. Any other soloutions for this problem? Or completly different ideas to protect my server?
https://i.stack.imgur.com/FolLe.png https://i.stack.imgur.com/KuJbt.png https://i.stack.imgur.com/2SN4a.png https://i.stack.imgur.com/9kzbj.jpg
I try to do my own tunneling tool, but with a protection so that my server getting damaged.
I have a local jupyter lab instance, running on mint-2 computer with command jupyter lab --ip "*", and it listens to port 8888. I can access it just fine via the URL mint-2:8888.
I also have a server instance ubuntu-2. I reverse ssh tunnel from mint-2:8888 to ubuntu-2:8888, meaning I can access it on my mint-1 laptop just fine via the URL ubuntu-2:8888 anywhere in the world.
However, it is not encrypted with TLS, so I wanted to improve this. On ubuntu-2 I have an nginx load balancer container that strips https traffic, and redirects http traffic to other locations. I have set up jupyter.ubuntu-2:443 so that it redirects to ubuntu-2:8888 so that it redirects to mint-2:8888. This version initially seems to open up just fine, and I can navigate directories. However, whenever I want to launch a new terminal or notebook instance, or even create new directories, it wouldn't work. Here's the network log when I save a modified notebook:
My question is, why won't the requests go through, considering I can still interact with the interface just fine everywhere else, but just not when creating folders/notebooks/terminals. I am thinking that JupyterLab might be using UDP and I'm considering passing UDP traffic through nginx, but this doesn't really make sense, as this is clearly a PUT request. Any other help regarding where to find more logs or speculation on what might have gone wrong is much appreciated.
I dig into it a little more, and managed to figured it out.
JupyterLab has CORS policy that doesn't allow requests to ubuntu-2. I then added c.NotebookApp.allow_origin = "*" to JupyterLab's config at ~/.jupyter/jupyter_lab_config.py, as mentioned here.
Then I found out that everything is still not functional, and this is because Jupyter requires both HTTP and WebSocket protocols, and my current server setup only allows http traffic. So I need to enable generic TCP traffic on ubuntu-2's HAProxy load balancer. Because I have multiple virtual hosts on the server, I need to distinguish between them, so I used Server Name Indication, server name included in TLS traffic.
I'm trying to use Google's Colab feature to connect to a remote run-time that is configured with HTTPS. However, I only see an option to inform the port on the UI, not the protocol.
I've checked the Network panel and the website starts a WebSocket connection with http://localhost:8888/http_over_websocket?min_version=0.0.1a3, HTTP-style.
Full details of my setup:
I have a public Jupyter server at https://123.123.123.123:8888 with self-signed certificate and password authentication
I've followed jupyter_http_over_ws' setup on the remote
I started the remote process with jupyter notebook --no-browser --keyfile key.pem --certfile crt.pem --ip 0.0.0.0 --notebook-dir notebook --NotebookApp.allow_origin='https://colab.research.google.com'
I've created a local port forwarding with ssh -L 8888:localhost:8888 dev#123.123.123.123
I've turned on network.websocket.allowInsecureFromHTTPS on Firefox
I've went to https://localhost:8888 and logged in
Naturally, when the UI calls http://localhost:8888/http_over_websocket?min_version=0.0.1a3 it fails. If I manually access https://localhost:8888/http_over_websocket?min_version=0.0.1a3 (note the extra s) it gets through.
I see three options to solve it:
Tell the UI to use secure WS connection
Run a proxy on my local machine to transform the HTTPS into plain HTTP
Turn off HTTPS on my remote
The last two I think will work, but I wouldn't like that way.
How to do #1?
Thanks a lot!
Your option 1 isn't possible in colab today.
Why do you want to use HTTPS over an SSH tunnel that already encrypts forwarded traffic?
Note - I am fully aware that there are lot of similar issues posted before, but I tried NSG settings, psping but nothing seem to work
All, I brought up a RHEL7.3 server on Azure and installed JDK1.8 and Tomcat8. After starting Tomcat, I tried an http request from my browser:
http://XX.yy.zz.abc:8080/ but I was unable to get the index page
I also created an inbound security rule to allow HTTP and also allow IP range from our company.
Even worse is, when I tried pinging to this IP from my desktop computer, I am unable to ping the same - it is timing out.
Please note that in the past, I've been able to bring up servers and be able to connect from desktops without any issues - in a similar azure-companynetwork setup.
Am I missing anything here?
Ok, so pings do not work, you shouldn't even try that. What you should check is the firewall on you RHEL VM and check you've allowed port 8080 on you NSG, also your VM should have a PublicIP attached
According to your description, you had better check as the following ways:
1.Please ensure you could access your web by using 127.0.0.1:8080 on your VM.
2.Check your service listening.
netstat -ant|grep 8080
Please ensure 8080 is listening on tcp not tcp6.
3.Open firewall port on RHEL.
sudo firewall-cmd --zone=public --add-port=8080/tcp --permanent
More information about RHEL firewall please refer to this link.
4.Open port on Azure NSG.
NSG could be associated with NIC and subnet, you should check all of them.
All,
It looks like there is an input firewall inside of RHEL7.3 that is preventing connections. I just stopped it using
service firewalld stop
I am able to get the home page.
Something I have been struggling with for a while, but I'm not able to come up with a proper solution.
This is the situation:
Host 1 - IBM HTTP Server, Customization Toolbox and WAS Plugins
Host 2 - WAS + Application
These are the steps I executed to configure the plugin and propagate it from Websphere:
1. I used the Customization Toolbox, selected the correct WAS Plugins directory and created a new Web Server Plugin
2. I copied the new configureSERVER.bat to my Application Server on Host 2, and configured the current profile.
3. On Host 1, I created an Administrator account.
When I open the WAS-console on Host 2, I can see the actual Web Server, so that went ok. When I select "Generate plugin" and "Propagate Plugin", I get no errors. I checked the HTTP Server, and indeed, my plugin-cfg.xml is neatly created and exists.
To make sure everything is all right, I opened the http://HOST1/snoop on Host 1 and I saw the correct diagnostics. So far, so good.
After that, I deployed my application, which runs on port 9044. However, this application runs on HTTPS, so we need to make sure that the IBM HTTP Server accepts SSL connections. I generated my own selfsigned certificate, imported it in the httpd.conf and restarted the server. (If someone is interested, I'll put some more details on how to do this).
Now, when I open https://HOST1/snoop I can see the diagnostics, which is good news. It means it accepts connections on https and reroutes it to Host 2. But the problem is, I have no idea how to access my application, which is running on port 9044.
Something that puzzles me is the details when I run the snoop-servlet.
When I run it via http (so without SSL), this is the output:
Local address XXX.XXX.XXX.XXX
Local host XXXXXXXXXX
Local port 9080
That is correct, because the port on Websphere is 9080 for that particular servlet. However, when I open https://HOST1/snoop (so, via SSL), this is what being generated:
Local address XXX.XXX.XXX.XXX
Local host XXXXXXXXXX
Local port 9044
So, apparently, 443 is being rerouted to 9044 on the second host, but the Snoop servlet runs on 9443, not 9044 (which is my application). But, then I wonder, why can I access the servlet, if it is running on another port.
So, if there's anyone who can give me some guidance, that would be nice.
This is the VHOST:
<VirtualHostGroup Name="default_host">
<VirtualHost Name="*:9080"/>
<VirtualHost Name="*:80"/>
<VirtualHost Name="*:9443"/>
<VirtualHost Name="*:5060"/>
<VirtualHost Name="*:5061"/>
<VirtualHost Name="*:443"/>
<VirtualHost Name="*:9044"/>
</VirtualHostGroup>
Event though you have 2 ports (I'm assuming you created custom transport chain and assign 9044 port to it), you added that port to default_host, which is visible in the VirtualHostGroup in the plugin. Your application is probably mapped also to the default_host, so it is available using all ports - 9080, 9443 and 9044. Second transport should be visible in the plugin config for your server with port 9044. Since it is also ssl transport plugin could choose that one to route request to your server. There is no way to force plugin to use specific port for communication to WAS for given application.
However you didn't specify what you actually want to achieve? Since your app should now be available via https.