I want to monitor the server that contains VPN(strongswan) installed using zabbix.
From my Zabbix server it is not able to access the zabbix client installed in my VPN server. Is their any way to open zabbix default port 10050?
sudo ufw status verbose
command output shows:
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), deny (routed)
New profiles: skip
To Action From
-- ------ ----
10050/tcp ALLOW IN Anywhere
10050 ALLOW IN Anywhere
22/tcp ALLOW IN Anywhere
10050/tcp (v6) ALLOW IN Anywhere (v6)
10050 (v6) ALLOW IN Anywhere (v6)
22/tcp (v6) ALLOW IN Anywhere (v6)
I think its better to use Iptables rule, below command will allow zabbix server ip in tcp mode.
iptables -I INPUT -p tcp -s <zabbix server ip> --dport 10050 -j ACCEPT
Related
I have setup Nginx fully and in my config file located etc/sites-enabled/SITENAME when listen is set to port 1234, 8888, 8080, etc nginx works perfectly. However when setting listen to port 80, nginx does not serve pages or even show any errors. I just get timeout errors instead.
I am using ufw. My ufw settings look like:
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip
To Action From
-- ------ ----
22/tcp ALLOW IN Anywhere
80/tcp ALLOW IN Anywhere
1234 ALLOW IN Anywhere
8080 ALLOW IN Anywhere
22/tcp (v6) ALLOW IN Anywhere (v6)
80/tcp (v6) ALLOW IN Anywhere (v6)
1234 (v6) ALLOW IN Anywhere (v6)
8080 (v6) ALLOW IN Anywhere (v6)
I have checked for other proccesses using port 80, there is none apart from Nginx.
Other info that may be helpful:
I am using nginx in a virtual environment
I am not on root user account, instead I am on a restricted user account in the sudo group so I can use sudo commands
I have not edited any other Nginx config files.
Thanks for the help!
Have an error while trying to load https page with Haproxy (instaled on load balancer server) + Lets Encrypt (instaled on load balancer server) + Nginx (instaled on worker nodes). Please, need your help with this (P.S. Http works good!). Bellow I have attached config files:
UFW rules (all nodes):
To Action From
-- ------ ----
22/tcp ALLOW Anywhere
80 ALLOW Anywhere
443 ALLOW Anywhere
22 ALLOW Anywhere
21 ALLOW Anywhere
3306,4444,4567,4568/tcp ALLOW Anywhere
4567/udp ALLOW Anywhere
8080 ALLOW Anywhere
8443 ALLOW Anywhere
8444 ALLOW Anywhere
8445 ALLOW Anywhere
8443/tcp ALLOW Anywhere
443/tcp ALLOW Anywhere
22/tcp (v6) ALLOW Anywhere (v6)
80 (v6) ALLOW Anywhere (v6)
443 (v6) ALLOW Anywhere (v6)
22 (v6) ALLOW Anywhere (v6)
21 (v6) ALLOW Anywhere (v6)
3306,4444,4567,4568/tcp (v6) ALLOW Anywhere (v6)
4567/udp (v6) ALLOW Anywhere (v6)
8080 (v6) ALLOW Anywhere (v6)
8443 (v6) ALLOW Anywhere (v6)
8444 (v6) ALLOW Anywhere (v6)
8445 (v6) ALLOW Anywhere (v6)
8443/tcp (v6) ALLOW Anywhere (v6)
443/tcp (v6) ALLOW Anywhere (v6)
/etc/haproxy/haproxy.cfg
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
stats timeout 30s
user haproxy
group haproxy
daemon
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-A>
ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY130>
ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets
tune.ssl.default-dh-param 2048
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 50000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
frontend serv
bind :80
bind :443 ssl crt /etc/haproxy/certs/sp.net.pem
default_backend serv
option forwardfor
backend serv
balance roundrobin
server spnode1 192.168.88.30:80 check
server spnode2 192.168.88.29:80 check
To create a single .pem file for Haproxy, was used this code:
DOMAIN='sp.net' sudo -E bash -c 'cat /etc/letsencrypt/live/$DOMAIN/fullchain.pem /etc/letsencrypt/live/$DOMAIN/privkey.pem > /etc/haproxy/certs/$DOMAIN.pem'
Final file was pasted to directory /etc/haproxy/certs/
Thank you for any help!
I resolved my problem with hosts modify:
nano /etc/hosts
added next lines
192.168.88.39 sp.net
93.188.37.*** sp.net
I installed Apache on one of my computers so that I can easily access my site by typing the IP of any system, but Apache easily shows the index.hml file and the phpmyadmin subdomain, but when I copy WordPress, it shows the following error gives:
in chrome in another pc:
(This site can’t be reached
www.risemisse.com’s server IP address could not be found.
DNS_PROBE_FINISHED_NXDOMAIN)
and in localhost:
easily show my wordpress site
and then i copy files and directory in html directory and it show me simillar error:
in html directory :
in /etc/apache2/sites-enabled:
<VirtualHost *:8080>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>
i added in ports.cnf: LISTEN 8080
and in /etc/hosts :
127.0.0.1 localhost
127.0.1.1 mohamamdjavad-pc
# I aded this
127.0.0.1 risemisse.com
127.0.0.1 www.risemisse.com
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ufw :
Status: active
To Action From
-- ------ ----
Apache Full ALLOW Anywhere
8080 ALLOW Anywhere
22/tcp ALLOW Anywhere
OpenSSH ALLOW Anywhere
80 on enp1s0 ALLOW Anywhere
24800 ALLOW Anywhere
443/tcp ALLOW Anywhere
80/tcp ALLOW Anywhere
Apache Full (v6) ALLOW Anywhere (v6)
8080 (v6) ALLOW Anywhere (v6)
22/tcp (v6) ALLOW Anywhere (v6)
OpenSSH (v6) ALLOW Anywhere (v6)
80 (v6) on enp1s0 ALLOW Anywhere (v6)
24800 (v6) ALLOW Anywhere (v6)
443/tcp (v6) ALLOW Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6)
Thank you for helping me to use the Apache computer on another computer.
It was correct when I entered my IP into these ( settings > general > WordPress Address (URL) & Site Address(URL) )
I just finished a Flask app that I want to host on my laptop (under Ubuntu 18.04) through a Virtual Machine (using Vagrant).
My network configuration is the following one :
network configuration
I defined a domain name (through No-IP website), I configured my internet router for port forwarding (from 80 to 8080 and from 443 to 8443) and I added dynamic DNS to link my domain name to my internet router public IP address.
The command host my_domain_name gives me back my internet router public IP address.
Then I created a Vagrant private network (with 192.168.33.10 IP address) and a Vagrant port forwarding :
Vagrant.configure("2") do |config|
config.vm.box = "ubuntu/bionic64"
config.vm.network "forwarded_port", guest: 80, host: 8080, auto_correct: true
config.vm.network "forwarded_port", guest: 443, host: 8443, auto_correct: true
config.vm.network "private_network", ip: "192.168.33.10"
config.vm.provider "virtualbox" do |vb|
vb.memory = "1024"
end
end
Then I set a server using nginx + gunicorn + supervisor (following this tutorial instructions https://blog.miguelgrinberg.com/post/the-flask-mega-tutorial-part-xvii-deployment-on-linux).
My nginx configuration is :
server {
# listen on port 80 (http)
listen 80;
server_name www.my_domain_name;
location / {
# redirect any requests to the same URL but on https
return 301 https://$host$request_uri;
}
}
server {
# listen on port 443 (https)
listen 443 ssl;
server_name www.my_domain_name;
# location of the self-signed SSL certificate
ssl_certificate /home/vagrant/my_flask_app/certificates/certificate.pem;
ssl_certificate_key /home/vagrant/my_flask_app/certificates/key.pem;
# write access and error logs to /var/log
access_log /var/log/my_flask_app_access.log;
error_log /var/log/my_flask_app_error.log;
location / {
# forward application requests to the gunicorn server
proxy_pass http://localhost:8000;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /static {
# handle static files directly, without forwarding to the application
alias /home/vagrant/my_flask_app/app/static;
expires 30d;
}
}
I configured the firewall on the VM so that following ports are opened :
~$ sudo ufw satus
Status: active
To Action From
-- ------ ----
22/tcp ALLOW Anywhere
80/tcp ALLOW Anywhere
443/tcp ALLOW Anywhere
22/tcp (v6) ALLOW Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6)
443/tcp (v6) ALLOW Anywhere (v6)
And for the host machine (my laptop) :
~$ sudo ufw status
Status: active
To Action From
-- ------ ----
22/tcp ALLOW Anywhere
80/tcp ALLOW Anywhere
443/tcp ALLOW Anywhere
8080/tcp ALLOW Anywhere
8443/tcp ALLOW Anywhere
22/tcp (v6) ALLOW Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6)
443/tcp (v6) ALLOW Anywhere (v6)
8080/tcp (v6) ALLOW Anywhere (v6)
8443/tcp (v6) ALLOW Anywhere (v6)
When, in a browser, I try to access the website through 192.168.33.10 it's working fine.
But when I try to use http://www.my_domain_name I get the Welcome to nginx! page.
I really don't get what I am doing wrong.
Since it's my first time dealing with website hosting I would gladly enjoy any help :-)
I think you may be misunderstanding the role of a private network. It's useful when you have multiple VMs that need to talk to each another, but it's not necessary in your case. It is necessary that whatever is listening from within the VM be listening on 0.0.0.0 and not 127.0.0.1. Fortunately, nginx already does the former.
On a laptop (running Ubuntu 14.04, because it's old), I provisioned a VM using
Vagrant.configure("2") do |config|
config.vm.box = "ubuntu/bionic64"
config.vm.network "forwarded_port", guest: 80, host: 8000
ssh'd in, and installed nginx.
I could reach nginx from my laptop via http://0.0.0.0:8000 and from elsewhere on my intranet via (in my case) http://192.168.1.94:8000. It wasn't necessary to use ufw from within the VM ("forwarded_port" takes care of that). Why ufw wasn't necessary from this laptop... may depend on something I forgot about doing a few years ago.
With the intranet part working, exposing nginx (and whatever happens to be proxied behind it) in your VM to the internet is a matter of router configuration.
I set up my Flask web application with Gunicorn 20.0.4, Nginx 1.14.2 and Supervisor on my Raspberry Pi (Linux 4.19.97-v7l+ armv7l) in my local network. I have followed the tutorial as far as possible: https://www.youtube.com/watch?v=goToXTC96Co&t=2749s.
Everything seems working as expected, but only on my local network. But if I use any other server other than my local server to open the URL, the website not be available.
If I change proxy_pass mode, I get a response from outside the network, bad gateway or a header to big error.
Supervisor Config
[program:warteschlange]
directory=/home/pi/Dokumente/warteschlange
command=/home/pi/Dokumente/warteschlange/venv/bin/gunicorn -w 9 app_4:app
user=pi
autostart=true
autorestart=true
stopasgroup=true
killasgroup=true
stderr_logfile=/var/log/warteschlange/warteschlange.err.log
stdout_logfile=/var/log/warteschlange/warteschlange.out.log
nginx/sites-enabled/ Config File
server {
listen 80;
server_name 192.168.1.242;
location /static {
alias /home/pi/Dokumente/warteschlange/static;
}
location / {
proxy_pass http://localhost:8000/; #here runs gunicorn
include /etc/nginx/proxy_params;
proxy_redirect off;
}
nginx/sites-available/ Config File
The default file untouched, maybe this causes the problem
ufw status
Status: active
To Action From
-- ------ ----
80/tcp ALLOW Anywhere
Nginx HTTP ALLOW Anywhere
Nginx Full ALLOW Anywhere
80/tcp (v6) ALLOW Anywhere (v6)
Nginx HTTP (v6) ALLOW Anywhere (v6)
Nginx Full (v6) ALLOW Anywhere (v6)
edit this line as the following:
command=/home/pi/Dokumente/warteschlange/venv/bin/gunicorn -w 9 --bind:0.0.0.0:your_flask_port app_4:app