I have use nginx for reverse proxy which listen on port 80. and I have a web application listen on port 9999, I config nginx with reverse proxy to redirect client request from port 80 to port 9999.
Now I found that when access 80 port, browser will show web application response (this is correct.), however, if browser directly access 9999 port, it will also show web application response.
So, How can I configure nginx that browser can only access port 80, not port 9999. Thanks!
i will recommend you two solutions:
You can bind your application to listen on localhost:9999 rather than *:9999
you can edit your firewall to don't allow traffic for 9999 port and only allow for port 80. for that you can edit iptables by going to /etc/sysconfig/iptables
Related
I want to define out port of my nginx server.
Actually some thing like port forwatding by iptables in nginx.
Request:
Client via(ip:port) send to nginx(ip:80).
Nginx via( nginx ip:client port) send to server B(ip:80).
Response:
Server B via(ip:80) send to nginx(ip:client port).
Nginx via(ip:80)send to client(Ip:port)
I have a server running nginx on it listen to port 80.
It recives requests from client and acording to location in request, forwards it to diferent proxy servers.
Problem:
I need to nginx connects to my proxy server by port which client conects to it.
For example:
Client connects to port 80 of my nginx server via port 1000 and now I want to my nginx connects to lisetenig port of my other server via port 1000.
Forwarded Ip is no matter.
And connection protocol is tcp http.
I have hosted magento2 website with Nginx, SSL termination, and varnish cache. Varnish cache is running on port 8080 and the Magento2 website is hosted on Nginx port 8081. Http and Https traffic is accepted by the same Nginx and forwarded to the varnish cache(SSL terminated).
NGINX Varnish Magento2 all are running in the same server
I have two questions,
If I tried to access the magento2 website which is running on port 8081, directly from the internet, it bypasses the SSL termination and directly connects to the website. How can I restrict that?
When configuring magento2 baseurl, If I want to host it on a different port rather than the default 80 port, Do I need to give the port number at the baseurl configuring step? eg:- php bin/magento setup:install --base-url=http://www.example.com:8081
Assuming you want to block the port from the public internet, you have multiple options. Assuming you have SSH access, you can block the port with iptables:
/sbin/iptables -A INPUT -p tcp --destination-port 8081 -j DROP
/sbin/service iptables save
Assuming you're using a non-standard HTTP port (not 80 or 443), yes, you would need to specify that in the configuration.
nginx shouldn't be listening on 8081 to the outside world to begin with. You probably need something like
server_name localhost;
in your nginx configuration
I have a flask app deployed in an EC2, configured with nginx/gunicorn3. Security group in the EC2 is both(inbound and outbound) set in all traffic.
I am having an issue with nginx configuration.
I have set it to listen to port 8080 and it only works on this port (neither port 80 will do).
What I want to do is to hit the domain without the port 8080 and return the desired results. Any ideas?
You can do the following to solve the issue:
1- Change the Nginx configuration to listen on port 80 and expose port 80
2- keep port 8080, but use a load balancer in front of the EC2 node and link the domain name to the load balancer instead of the EC2 node.
So I have this little add on in Chrome called Live HTTP Headers.
There is this one url I go to, lets say "www.example.com"
When I inspect the headers I see:
GET / HTTP/1.1 Host: www.example.com:443
So port 443 is directly being asked for, but how come? Should not it be :80 ?
Port 443 is default port number for HTTPS, so
http://www.example.com comunicates on port 80, but
https://www.example.com comunicates on port 443.
Of course, you could always have a different port number and in this case is mandatory to explicitly show the port number in use, i.e.:
https://www.example.com:1443
You can actually run a webserver on any port within the valid range of 0 to 65535.
Internet Assigned Numbers Authority (IANA) do have port recommendations for serving and receiving different types of network traffic which you can read about here https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.txt
But technically I think you can do whatever you like.
As others pointed out 443 is the default https port. But this just means example.com have configured their webserver to serve secure http (https) content on port 443. They could if they wanted to, serve it on 8443. Most browsers however are configured to automatically send https traffic to 443 if no port is specified in the url. This means if you wanted to server https traffic on port 8443 the user would have to put in the address https://example.com:8443 explicitly.
Is it possible to run couchdb on port 80? I'm looking to host a couchapp from it and don't want my users to have to type a port number in the url.
When I change the port to 80 in the couchdb config it becomes unavailable, and I have no access to it on 80 or any other port. I have to change the port back in the local.ini file.
Is this not a recommended setup? Would I be better hosting behind a reverse proxy? If so, any tips on how to get it working behind an IIS reverse proxy? I tried that too using ARR and URL Rewrite, with no success.
EDIT:
First, this chapter of the CouchDB definitive guide seems to suggest it is ok to server web apps directly from couch. Curious what the community thinks:
http://guide.couchdb.org/editions/1/en/standalone.html
Second, I installed CouchDB on a second machine that does NOT have IIS installed on it and it ran on port 80 just fine, so I suspect that even though I've turned off all websites in IIS it is still hogging port 80. Any way to make IIS give up port 80?
Ok I figured it out. By default IIS listens for port 80 on ALL IPs. So it also grabs 127.0.0.1 and listens on port 80 there as well, EVEN IF YOU TURN OF ALL WEBSITES listening on 80.
To remedy this you need to add an IP address to the IP listen list. By default this list is empty and IIS decides to just listen to all IPs. But if you add an IP or IPs to this list IIS will only listen to those IPs.
First here's how you can see what IPs are in the listen list:
netsh http show iplisten
If the list is blank IIS is listening on all IPs. To add an IP to the list:
netsh http add iplisten XXX.XXX.X.XXX (where the X's are your IP)
Now IIS and CouchDB can exist together on port 80 in happiness, as long as they both have their own IP's to listen to.