I have a computer at home running Ubuntu 10.10. I am trying to make a server and host my own website, and I am running a LAMP (Linux, Apache, MySql, PHP) server. But my IPS blocks incoming traffic on port 80. To get around this, I want my server to take HTTP requests from port 8080, in addition to port 80. But after I tried to add port 8080 to the accepted ports file, my browser cannot access it. It says "The server at mywebsite.com is taking too long to respond.". Does anyone know why it is timing out and not returning the webpage, or how I can fix this? Here is what I've done so far:
The port.conf file contains:
NameVirtualHost *:80
Listen 80
Listen 8080
The apache2.conf file contains:
# Include the virtual host configurations:
Include sites-enabled/
NameVirtualHost *:80
NameVirtualHost *:8080
The sites-available/default file contains:
<VirtualHost *:80 *:8080>
ServerAdmin webmaster#localhost
Lastly I restarted apache:
$: /etc/init.d/apache2 restart
All this, as far as I can tell, should add port 8080 to for HTTP requests. When I type in "localhost" or "localhost:8080" into the web browser, it returns my website. If I type in "mysite.com" or "mysite.com:80", the site also works. But my website does not work when I search for "mysite.com:8080"; rather it times out. The reason "mysite.com:80" works is because I am accessing the site from within my local network, so I don not need to go through the modem, which would block port 80. Does anyone know why this is not working?
FIX: I'm dumb and forgot to add port 8080 on the list of acceptable ports on my Ubuntu firewall.
Have you had a look at the requests with wireshark or something like that? localhost will be going through the loopback device, and I'm guessing that when you request mysite.com the request is going out over a real network device. Check whether the request is getting back in again from your network - port 8080 might be blocked somewhere else.
Related
(This SO thread seems to be very similar, but does not answer my problem)
I have a loadbalancer listening on https://loadbalancerurl:443/
which terminates SSL and forwards requests to the IHS (IBM HTTP Server) on port 80.
I need to configure the IHS as a reverse proxy, such that requests get forwarded to https://targeturl:443/
browser --443--> loadbalancer --80--> IHS --443--> target
The reason we need to do this on the IHS, is because on that server we have direct and quick access to change the target url on demand, whereas the loadbalancer is out of our control.
This means, that i need to activate SSL in the IHS, but only for the outgoing requests to the targeturl, but not for the incoming requests.
Pages like
this from IBM
or this blog post
assume that SSL is incoming and outgoing.
Here is the relevant code block of the httpd.conf file:
LoadModule ibm_ssl_module modules/mod_ibm_ssl.so
SSLProxyEngine on
<VirtualHost *:80>
# ServerName webserverhostname # not needed so far
SSLEnable # without this i get "SSL0263W: SSL Connection attempted when SSL did not initialize."
KeyFile store.kdb # without this i get "SSL0170E: GSK could not initialize, no keyfile specified."
SSLStashFile store.sth
ProxyPass / https://targeturl/
ProxyPassReverse / https://targeturl/
</VirtualHost>
SSLDisable
where the store.kdb contains the CA certificates of the targeturl, as indicated in the SO thread
However, the server continuously spits out the following error message:
SSL0227E: SSL Handshake Failed, Specified label could not be found in the key file, or the specified label is not a 'personal certificate' (no private key). Label='(null)'
As far as i understand, this means that IHS is failing to handle incoming https traffic, which should not happen. It should not happen because the <VirtualHost *:80> specifies port 80, and also because any traffic that reaches the IHS has the SSL terminated by the loadbalancer.
Am i misunderstanding the error message? If not, how can i get this working?
edit to show working solution:
LoadModule ibm_ssl_module modules/mod_ibm_ssl.so
SSLProxyEngine on
<VirtualHost *:80>
# ServerName webserverhostname # not needed so far
# SSLEnable # this would activate SSL for incoming traffic
KeyFile store.kdb # this contains the CA certificates of the target server
# SSLStashFile store.sth # would only be needed for incoming SSL
ProxyPass / https://targeturl/
ProxyPassReverse / https://targeturl/
</VirtualHost>
# SSLDisable
SSLEnable should not be present in a virtual host that doesn't actually handle inbound SSL.
SSLStashFile is also not needed. It is unfortunately named.
You should deep dive on the error_log entries you get in the config without these two. There is likely an early SSL error that does not fail startup. The only necessary config even without frontend SSL is just:
SSLProxyEngine on
ProxyPass / https://example.com/
KeyFile /path/to/key.kdb
I have the Gitlab CE installed on a Ubuntu Virtual machine.
I have purchased a domain that directs traffic like gitlab.mydomain.com to the ubuntu server running gitlab.
Now I am going to also send every request to mydomain to the same Ubuntu.
I would like to configure the existing nginx in the gitlab CE to forward www request to a raspberry pi running Debian and nginx with ip 192.168.0.241.
I already modified the gitlab.rb file to include custom nginx configuration files.
But now what should this configuration include so that only www traffic in http and https are forwarded correctly?
so far i have this:
server {
servername www.mydomain.com;
location / {
proxypass http://192.168.0.241:80;
proxysetheader Host www.mydomain.com;
}
}
But what about https? If this works, I suppose I have to add a redirect HTTP to https rule also?
Or should I be better to let all traffic arrive on the RPI and then use the local nginx there to forward any request to gitlab.mydomain.com to the Ubuntu virtual machine?
Thank you for your advice,
Didier
I managed to successfully forward the request by letting all request arrive on the rpi nginx and then forward the gitlab request to nginx of the omnibus package.
What to remember is that you need also to copy the ssl certificates then of the gitlab server to the rpi.
I have an application that is not nginx running on localhost. I want to setup a server on nginx but one that isn't running on localhost so I can use them simultaneously.
My /etc/hosts file would ideally look something like this:
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost
127.0.0.1 a.website.loc
127.0.0.2 another.website.loc
127.0.0.1 is the route running on an app that is not nginx.
127.0.0.2 is the route I want nginx running on.
My nginx.conf would ideally look something like this:
server {
# listen ???;
server_name another.website.loc;
root /path/to/another_website;
}
So how do I set this up on nginx? Or would I set it up on localhost too but running on a different port?
Thanks! PS I am running on a macOS Sierra.
To listen another IP you should have another network card with the other IP.
But you have to options:
Modify your OS hosts file to assign another name to your server, and then on nginx
server {
server_name yournameonhostsfile
use another port (as you stated on your question):
server {
listen 8000;
at first sorry for my bad english.
I am using Plesk 12 on my Ubuntu 14.04 Server. In the past i made Tor hidden services for my Domains simply whit the Apache virtual Host Files. And it Works fine.
But now i am using Plesk and now i dont understand hor to make a Exsiting Site reachable over a Hidden Service.
The Site www.example.com is available an the Host settings are :
<VirtualHost 85.214.50.74:7080 >
ServerName "example.com:80"
ServerAlias "www.example.com"
ServerAlias "ipv4.example.com"
ServerAdmin "admin#example.com"
.....
Now i added a second Virtual host :
<VirtualHost 85.214.50.74:8081 >
ServerName "xxxxxxxxxxxxxxxx.onion:80"
ServerAlias "xxxxxxxxxxxxxxxx.onion"
ServerAdmin "admin#xxxxxxxxxxxxxxxx.onion"
......
In the Torrc the Hidden service ist Corret and it generated a kex and a hostname. But if i reload Apache and Nginx and restart Tor, i cant reach the Hidden service.
You shouldn't add the onion site as a virtual host. Apache doesn't serve the requests to the .onion site directly.
Instead, edit your torrc file and add something like:
HiddenServiceDir /var/lib/tor/example.com
HiddenServicePort 8081 127.0.0.1:80
This runs a hidden service on port 8081 that proxies to port 80 on the local host. When you first start Tor it will generate all the keys and the onion address for your site which you can find in /var/lib/tor/example.com/hostname
If you have multiple virtual hosts, you might need to change the HiddenServicePort to use the hostname (or serveralias), but make sure it resolves locally so you're proxying to the local machine.
Currently, I've got used to creating development domains like: projecttowork.dev.
Now I have a project, where I have to use subdomains as well, so like: module1.project.dev
I would like to start using Vagrant, because it looks awesome and I work together with some other people, and it would be great to have the same server everywhere.
In Vagrant, of course I can forward a port, like :8000 and get the server on virtual machine, but I can not figure out, how to "forward" a domain.
I tried different ways, but without any success.
Some details:
OS: Windows 8
Vagrant box: basic Ubuntu 12.04 LTS
Webserver on client: Nginx
Webserver on host: Apache (if needed)
How could I redirect this development domain to the virtual server?
-My settings in Vagrant file for network is:
config.vm.network "private_network", ip: "192.168.20.20" #choose you own
-In the host machine in /etc/hosts (linux) Windows/system32/driv.../hosts (windows)
192.168.20.20 domain.tld
-On the box check firewall (iptables - if the box is linux).
either deactivate your firewall on the box(I did this) or setup it to allow access from the host machine. (http://www.cyberciti.biz/tips/linux-iptables-examples.html)
-In the box set virtualhost for this domain (just an example):
<VirtualHost *:80>
ServerName domain.tld
DocumentRoot "/path"
RewriteEngine On
<Directory "/path">
Options Indexes FollowSymLinks
</Directory>
</VirtualHost>
Did you use etc/hosts file before to point dev domains to your dev machines IP? Same way, just add 1 row per subdomain to point them to you vagrant box IP, for example:
module1.project.dev 192.168.1.2
module2.project.dev 192.168.1.2
...