hi i like to connect through an nginx to an azure sql db to have an single point of access to my network.
Goal is to access to the nginx publicip:1234 which is translated to mydb.database.microsoft.com:1433
I have configured a nginx on centos with stream addon.
config looks like:
stream {
upstream mssql {
server mydb.database.microsoft.com:1433;
server mydb.database.microsoft.com:1433;
}
server {
listen 1234;
proxy_pass mssql;
}
}
The mssql is configured to accept connections from the publicip of the nginx machine as well as has a service endpoint to the vnet where the nginx is connected to.
When i try to connect to the db through the nginx i receive the following error message:
.... connect() to IPOFDB:1433 failed (13: Permission denied) while connecting to upstream, client: MYIP server:0.0.0.0:1234 ...
The only idea why it my fail is that the outgoing ip from nginx is not the publicip which is whitelisted for the db and it does not use the vnet endpoint connection.
any ideas.
Thanks for your help.
Disable SElinux permanently and reboot
or
semanage port -a -t http_port_t -p tcp 1234
Related
I run 3 servers on VPS But nginx can not connect to server that run in port 80.
nginx can connect another port.
Does anyone know?
Nginx cannot connect to the 80 port if this port is using by another application like Apache, NodeJs ... to further info can you show your nginx error log from systemctl ?
I am running Artifactory Pro (5.3.1), and was trying to use the docker registry functionality.
I created a docker repository, and gave it a port 5001 in the "Registry Port" config.
However, there's nothing running on port 5001 ("telnet localhost 5001" refuses to connect), and the logs show this:
[http-nio-8081-exec-7] [ERROR] (o.a.s.s.SshAuthServiceImpl:210) - Failed to start SSH server
java.net.SocketException: Permission denied
at sun.nio.ch.Net.bind0(Native Method) ~[na:1.8.0_72-internal]
at sun.nio.ch.Net.bind(Net.java:433) ~[na:1.8.0_72-internal]
at sun.nio.ch.Net.bind(Net.java:425) ~[na:1.8.0_72-internal]
at sun.nio.ch.AsynchronousServerSocketChannelImpl.bind(AsynchronousServerSocketChannelImpl.java:162) ~[na:1.8.0_72-internal]
at org.apache.sshd.common.io.nio2.Nio2Acceptor.bind(Nio2Acceptor.java:66) ~[sshd-core-0.14.0.jar:0.14.0]
Any idea what could cause a "permission denied"? There's nothing running on that port (same error for any other port). It's on Ubuntu 14.04.
I had a misunderstanding how the docker registry worked with Artifactory.
The Artifactory service doesn't actually open the port assigned to the repo (5001 in this case), but the reverse proxy will listen on it and forward it (with the right X-forwarded-port) to the "normal" Artifactory service port (e.g. 8081).
After setting up the reverse proxy for it, it worked fine.
I would like to set up nginx to distribute different servers from request pointing dirrerent domain.
The nginx server environment is below.
CentOS Linux release 7.3.1611 (Core)
nginx 1.11.8
* in configure with --with-stream parameter. build & install from source.
My image is.
server1.testdomain.com ssh request ->(global IP) *nginx server -> (local IP)192.168.1.101 server
server2.testdomain.com ssh request ->(global IP) *nginx server -> (local IP)192.168.1.102 server
nginx server is same glocal IP and same server.
nginx.conf is ...
stream {
error_log /usr/local/nginx/logs/stream.log info;
upstream server1 {
server 192.168.1.101:22;
}
upstream server2 {
server 192.168.1.102:22;
}
server {
listen 22 server1.testdomain.com;
proxy_pass server1;
}
server {
listen 22 server2.testdomain.com;
proxy_pass server2;
}
}
But...
nginx: [emerg] the invalid "server1.testdomain.com" parameter in・・
error occurred. It seems like impossilbe to execute such as listen "22 server1.testdomain.com".
And,
I tried to write "server_name" in "server".
nginx: [emerg] "server_name" directive is not allowed here in・・・
don't permit to use "server_name" in "server".
How do I write config file to distribute difference server for difference domain request?
If you have a idea or information, could you teach me?
Its not possible with nginx because stream module is L3 balancer. SSH protocol works at L5/7.
Its not possible at all because ssh negotiation does not include destination host name.
You can do what you want only using two different IP or using two different ports. In both cases nginx can forward connection, but much better to use iptables in this case.
I have next setup:
Local host - my work PC
Project VM - Vagrant box with project files, runned on my work PC
Remote host - remote PC, from which I need to access hosts on Project VM
Project VM setup (/etc/hosts on Local host):
192.168.100.102 host1.vm.private
192.168.100.102 sub1.host1.vm.private
192.168.100.102 sub2.host1.vm.private
"host1" subdomains resolved by application router and served by nginx (config for "host1.vm.private" on Project VM):
server {
listen 80;
server_name ~^(.+\.)?host1\.vm\.private$;
...
}
I need to make "sub(1|2|N).host1.vm.private" reachable from remote host. How this can be done?
So, i found the solution: Trouble SSH Tunneling to remote server
The main issue is that invalid HTTP header was sent and nginx cant resolve a virtual host.
Run on local PC ssh -R 8888:192.168.100.102:80 <remote_pc_credentionals>. Or, run "inversed" command with ssh -L flag on remote PC.
Add "sub1.host1.vm.private" to /etc/hosts on remote PC: 127.0.0.1 sub1.host1.vm.private
OR
Send "Host" header with each request: curl -H "Host: sub1.host1.vm.private" "http://localhost:8888/some/path"
I am trying to use dplyr to connect to a remote database, that I usually query through a ssh tunnel.
I first set up a ssh tunnel like the following:
alias tunnel_ncg='ssh -fNg -L 3307:127.0.0.1:3306 mysqluser#myhost mysql5 -h 127.0.0.1:3306 -P 3307 -u mysqluser -p mypassword'
At this point I can access the database by connecting to localhost:3307. For example:
mysql -h '127.0.0.1' -P 3307 -u mysqluser
If I try to access the same database through dplyr, I get an error complaining that it can't connect to the local MySQL socket:
> conDplyr = src_mysql(dbname = "mydb", user = "mysqluser", password = "mypassword", host = "localhost", port=3307)
Error in .local(drv, ...) :
Failed to connect to database: Error: Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2)
My understanding is that RMySQL/dplyr are trying to looking for a socket file in the local computer, however they should really be looking for it in the remote server. Is there a way to fix this, or a work-around?
UPDATE:
If I try to connect through dbConnect/RMySQL, the connection works fine:
> dbConnect(dbDriver("MySQL"), user="mysqluser", password="mypassword", dbname="mydb", host="127.0.0.1", port=3307)
<MySQLConnection:0,1>
As silly as it sounds replacing localhost with an IP address (127.0.0.1) solves the problem.
src_mysql(
dbname = "mydb", user = "mysqluser", password = "mypassword",
host = "127.0.0.1", port=3307)
For an explanation take a look at the MySQL documentation:
On Unix, MySQL programs treat the host name localhost specially, in a way that is likely different from what you expect compared to other network-based programs.
For connections to localhost, MySQL programs attempt to connect to the local server by using a Unix socket file. This occurs even if a --port or -P option is given to specify a port number.
To ensure that the client makes a TCP/IP connection to the local server, use --host or -h to specify a host name value of 127.0.0.1, or the IP address or name of the local server.