I have a ngnix server set up and running locally for some development testing. I want to be able to connect to it over the net. I have a device on the local network that I want to connect to the server with. How would I do this? The device and my comp are both connected in a VPN. The VPN gives me an ip address. Shouldn't the device be able to connect to that ip address since localhost and the ip are the same?
server {
listen 8080;
server_name localhost;
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm;
}
If your server only listen on localhost(127.0.0.1), other machines have no way to access your server.
You must listen on a specific IP, and other machines can connect to your server through this IP.
There is a big diffrence from localhost (127.0.0.1) and the computers IP address
for example:(192.168.80.10) The diffrence is that localhost is only accessable from your computer.
You'll have to use your computers IP address when you want to connect from a diffrent machine over your local network (or in your case a VPN solution). To get your computers IP address for windows:
Press start.
type in cmd into the search bar.
when a black console shows up, type in ipconfig
Look for IPV4-address, and to the right is your computers local IP.
You might not need to change the config files of the server, because the server might be automaticly set up to listen to your local IP. I would suggest trying to conenct localy with your local IP address before trying to change configuration files.
Hope this helped!
-kad
Related
I set up a wireguard instance in a docker container and use nginx proxy manager to set up all reverse proxy settings. Now I want the website to be only accessible when I am connected to the VPN.
I tried to add localhost as the forward address and set the only allow to the local server ip, but it doesn't work and just displays a cant connect to server message in my browser.
Add this to a server block (or a location or http block) in your nginx configuration:
allow IP_ADDRESS_OR_NETWORK; # allow only connections from Wireguard VPN network
deny all; # block the rest of the world
The allowed network has to match your specific Wireguard VPN network. All peer IP addresses which should have access must be part of the network range. Depending on your NAT settings, you should verify the actual IP address or network by checking the access log: tail -f /var/log/nginx/access.log
Be sure to reload your nginx config to apply changes: service nginx reload
See also http://nginx.org/en/docs/http/ngx_http_access_module.html for usage hints on the HTTP access module.
I have a server which hosts several Docker containers including an Nginx reverse proxy to serve content. In order to get status of this server I have added the following location block:
location /nginx_status {
stub_status on;
access_log off;
allow 127.0.0.1;
allow 172.0.0.0/8;
deny all;
}
Under normal circumstances I would only have opened up 127.0.0.1 but that means that the host machine would not have access (only the Nginx container itself would) so I opened up all of the 172 addresses. Is there a cleaner/more secure way of doing this or is my approach reasonable for a production environment?
When docker starts it creates an interface docker0 that is an ethernet bridge, and assigns it an IP address. Docker tries to choose a smart default, and the 172.17.0.0/16 range is a good default. The host will route all traffic destined for that network to the docker0 bridge, and it's not accessible externally unless you've mapped a port.
In your question you've allowed 172.0.0.0/8, some of which is not RFC1918 private address space. You could restrict this further to either all of the addresses in the Docker network driver source I linked before, or simply 172.17.0.0/16 since that's the first in the list and is usually used.
i am on a Windows machine and need to connect to an application on a Unix box under a certain port.
i've been told it's open but i'm still having difficulties getting in, is there anything in can do on my end to debug this? how can i check if the port of the Unix server is really open from my IP address?
You can use Telnet.
E.g. telnet example.com 80 to check if the server at example.com accepts connections on port 80.
Is it possible to run couchdb on port 80? I'm looking to host a couchapp from it and don't want my users to have to type a port number in the url.
When I change the port to 80 in the couchdb config it becomes unavailable, and I have no access to it on 80 or any other port. I have to change the port back in the local.ini file.
Is this not a recommended setup? Would I be better hosting behind a reverse proxy? If so, any tips on how to get it working behind an IIS reverse proxy? I tried that too using ARR and URL Rewrite, with no success.
EDIT:
First, this chapter of the CouchDB definitive guide seems to suggest it is ok to server web apps directly from couch. Curious what the community thinks:
http://guide.couchdb.org/editions/1/en/standalone.html
Second, I installed CouchDB on a second machine that does NOT have IIS installed on it and it ran on port 80 just fine, so I suspect that even though I've turned off all websites in IIS it is still hogging port 80. Any way to make IIS give up port 80?
Ok I figured it out. By default IIS listens for port 80 on ALL IPs. So it also grabs 127.0.0.1 and listens on port 80 there as well, EVEN IF YOU TURN OF ALL WEBSITES listening on 80.
To remedy this you need to add an IP address to the IP listen list. By default this list is empty and IIS decides to just listen to all IPs. But if you add an IP or IPs to this list IIS will only listen to those IPs.
First here's how you can see what IPs are in the listen list:
netsh http show iplisten
If the list is blank IIS is listening on all IPs. To add an IP to the list:
netsh http add iplisten XXX.XXX.X.XXX (where the X's are your IP)
Now IIS and CouchDB can exist together on port 80 in happiness, as long as they both have their own IP's to listen to.
I have some linux application that runs on a VM and listens TCP connections on different ports. The VM is behind a NAT. I would like to install a Proxy on that VM to listen connections and to redirect them through correctly ports.
I would like to redirect the traffic(maybe iptables) from the VM's host to the Proxy, inside the VM.
Can you tell me what Proxy should I use and give me a short configuration example?
What you're talking about looks like using a server software within a guest on the host network, which would be perfectly served using Port Forwarding. See VMWare documentation