I have a CentOS VM instance in google cloud and I have installed docker on CentOS. I have created a container with web interface. I am not able to access it When i try to access it from outside (In browser Other tab). What do I need to do to access it from outside of cloud?
There are several leaps between your browser your containerised web interface.
The first will be from the IP through the GCP firewall into the Instance, you might be getting stuck here, when you created the instance, in the Firewall section, did you select "Allow HTTP traffic and Allow HTTPS traffic"?
If you click through to your instance details in the GCP dashboard you can see under Firewalls if this is selected, also if you look under Network you can see which network profile your instance it using, you can click the network listed to check if it is set up to allow the traffic you are trying to send though.
If this all looks right and traffic is getting to the instance but not the web interface, it could be that the port from docker is not mapped to the port of the host, when you started the container did you use the -p option to map the ports?
If this is also right, then it could be that the Docker image is not exposing it's port internally, in the Dockerfile used to create the Image for the container is there a line starting with EXPOSE, or does if build FROM an Image that does?
There are more possible points of failure in this chain but I have tried to list some likely answers. If none of this helps then let me know in the comments and we can try and debug the issue.
Related
I have deployed my services in one of GCP compute engine where we make external HTTP service calls to pull data and process them for our purposes. From last two days, this call is failing with connection timeout. I have tried the same in my system. Things do work smoothly. No changes which are applied in the cloud account at all. Any possible issues which is causing this issue?
I have validated the firewall rules. Everything looks to be fine. Appreciate your valuable suggestions.
regards
Manjunath
it's been a while now since you've asked. Is this still happening? If yes please read on. Otherwise please close the posting.
Your message is quite short on details. I'm going to recap what I got:
What I got from your description
The GCE VM should be connected to the public net (I suppose it's having one of the setups: a direct public IP or an instance group member with Load Balancer or an inter connected VPC with another cloud subscription or GCP project through which it connects to the internet, without an own public IP for the VM)
The VM is not a GKE cluster instance
The VM is hosting some kind of "services" (I suppose this is some kind of containerized services?)
These services relay on establishing outbound connection to the internet
From running the same services on your local machine you can see no malfunction, the service code is ok (I suppose you deploy exactly the same code and an almost identical configuration to the VM?)
No changes have happened to the cloud account (I suppose you mean the subspriction and the project as well?)
Nothing from all this has been changed at all??
Things I'd be controlling in this situation
As your descriptin of the situation is unfortunately very rough, I'd try to give you a rough overview how I'd propose you to proceed in this order. Meanwhile please provide more details on the VM situation described above:
Public IP - No instance group with Load Balancer, No inter connected VPC:
Go to Compute Engine > VM Instances and check the External IP column. Go to Column Display Options in the top right corner of the table and enable the column if you don't see it. Make sure there is an IP here.
If the external IP exists, log in to your VM and make sure that you can ping any public internet site you know working
Trace the connection to the public site to get the route your network flow is taking
Ping the host from the next hop to your local network connection and make sure it's "really" reachable
Check whether you are having a local Firewall on your VM and disable it for a testing moment, ping again the router (or next host on the route towards the public site, from your tracing step above)
Meanwhile please provide more details on the VM situation described above
Im' looking to build a similar application to https://www.proxysite.com/ but am not sure on the best architecture.
Looking to have a data flow like this.
User Web Browser -> myproxysite.com -> Ngninx Proxy Server (somehow rotating IP for each client session) -> Targetsite.com
Then the user would need to maintain a full session on Targetsite.com as a logged in user.
In this example, targetsite.com is always the same site and is pre-determined. The challenge we are facing is that targetsite.com is blocking our users based on IP, many of whom are accessing it from the same office network.
So my questions are:
Does this seem correct?
Is there anyway for me to configure nginx with a rotating proxy service like luminati? Or do I need to add an API software layer to handle the actual IP changes?
Any guidance on this one would be greatly appreciated!
While I can't help you with your application, I do want to suggest an alternative. You mentioned an office so it sounds like the users who will use the proxy are workers.
Luminati (now BrightData) has a proxy manager which you can host on any server. The proxy manager allows you to create ports (ie port 24000) and configure it with whatever proxy you want (doesn't have to be BrightData's proxy). It has a ton of different parameters that you can include for each proxy (including IP rotation) and each port can be configured to have a unique setup.
Then you simply go to your user PC, open the browser proxy settings, type the IP address of the server that the proxy manager is running on and the specific port you configured and voila. You have central control of the managing the proxies and your user's browser is proxied.
A big benefit of this is the logs in the proxy manager show all activity on each port you setup, so you can monitor traffic and the success rates right there.
Proxy manager: https://prnt.sc/13uyjgj
I am currently running a service with systemctl, and it is running as an http proxy, not normal http. Is this something that Google does? I am using port 8080 and I can't connect to it via http. My daemon is using port 8080, while using the type http-proxy (I am seeing this with the command nmap -sV -sC -p 8080 35.208.25.61 -vvvv -Pn). Instead, I want the daemon I'm running (wings.service) to use http, so it can use that type of connection to connect to my panel.
The panel is part of a piece of software along with the daemon, it's called pterodactyl. Anyways, I have tried everything on what to do, and I think this problem that I am addressing is the problem that causes dysfunction on my panel. I might just have to move to a different service to host my bots for discord.
Let me know if there's anything I can do to fix this.
As per I can understand you are unable to access the panel via web URL.
Pterodactyl web server can be installed using NGINX or Apache web servers, and both web servers by default listed on port 80 based on Pterodactyl web server installation guide, so you must enable HTTP port 80 traffic on your Compute Engine VM instance
The default firewall rules on GCP do not allow HTTP or HTTPS connections to your instances. However, it is fairly simple to add a rule that does allow them following this steps:
1.-Go to the VM instances page.
2.- Click the name of the desired instance.
3.- Click Edit button at the top of the page.
4.- Scroll down to the Firewalls section.
5.- Check the Allow HTTP or Allow HTTPS options under your desired VPC network.
6.- Click Save.
Note: The Pterodactyl panel and Daemon installation are not the same for each operating system, if after checking the VPC firewall rules on the VM settings and also the status of the web server in the instance (NGINX or Apache) you still cannot access your panel, please provide a step by step list with all commands you followed to complete the installation, including the OS version you used.
I currently have a GCE instance that is running Jenkins, and I want to be able to access it from the browser. It's running on an IP address OTHER than the primary internal address Google gives me. So for example, the primary internal IP is 10.128.0.8, but Jenkins is running at 10.0.1.15:8081.
How do I direct traffic from <EXTERNAL_IP>:8081 to 10.0.1.15:8081 ?
Please note that my Linux skills are shaky and my networking skills are non-existant, so if you can tell me HOW to do whatever it is I need to do, bonus. :) Thanks!
1- First you need to create a Firewall rules on the current instance's network eg:
gcloud beta compute --project=<project-name> firewall-rules create jenkins --description="8081 port jenkins" --target-tags=jenkins --network=<network-name> --action=ALLOW --rules=tcp:8081
Then you have to add that rule in the instance (selecting the tag created above) eg:
gcloud compute instances add-tags <instance-name> --tags jenkins
2- Other way it's by Cloud Console from VPC network/Firewall rules and then add the Firewall Rule Tag on your instance.
However you should use the Alias IP Ranges (from this documentation may respond your question + your FR rules created for External IP).
We have a Google Cloud project with several VM instances and also Kubernetes cluster.
I am able to easily access Kubernetes services with kubefwd and I can ping them and also curl them. The problem is that kubefwd works only for Kubernetes, but not for other VM instances.
Is there a way to mount the network locally, so I could ping and curl any instance without it having public IP and with DNS the same as inside the cluster?
I would highly recommend rolling a vpn server like openvpn. You can also run this inside of the Kubernetes Cluster.
I have a make install ready repo for ya to check out at https://github.com/mateothegreat/k8-byexamples-openvpn.
Basically openvpn is running inside of a container (inside of a pod) and you can set the routes that you want the client(s) to be able to see.
I would not rely on kubefwd as it isn't production grade and will give you issues with persistent connections.
Hope this help ya out.. if you still have questions/concerns please reach out.