I have installed Nextcloud on a Homeserver tha5t also runs Plex. To rout connections from outside the network I am using HAProxy; it is correctly configured and works as expected.
In the process I had to change the Ports Nextcloud is Bind to with the following comand:
$ sudo snap set nextcloud ports.http=81 ports.https=444
which breaks the automatic rerouting for /.well-known/caldav and /.well-known/carddav and directly rerouts me to https://nextcloud.domain.com:444/remote.php/dav/ which is inaccessable outside the LocalHost.
Because NextCloud handles its own SSL, this approach could not work becaues HAProxy cannot detect /.well-known/caldav and /.well-known/carddav on the request address.
I have been looking for the correct HAProxy configuration in the case of NextCloud handeling SSL but with no success so far. so I have decided to try and allow the Port 444 through the Firewall with this comand $ sudo ufw allow from any to any port 444 proto tcp and forwarded it through my Router to the Server. Theoretically I should be able to access https://nextcloud.domain.com:444/remote.php/dav/ even from outside the network, but it only works on LocalHost. My thought is that (unless i forgot somthing) this Port is Blocked by the ISP and cannot be accessed from outside the Local Network. Now back to step 1 again to try and fix the redirecting problem:
Is there a way for HAProxy to catch /.well-known/caldav and /.well-known/carddav and do the correct redirecting to https://nextcloud.domain.com/remote.php/dav/ if NextCloud is handeling its own SSL?
OR
Is there a way to edit the Path NextCloud automatically redirects to?
instead of https://nextcloud.domain.com:444/remote.php/dav/ it should give https://nextcloud.domain.com/remote.php/dav/
the only way to fix this is to let HAProxy manage the SSL.. there is no other way
Related
I have created a virtualmin account to manage multiple servers instead of cPanel and after reading all of the documentation I have yet to see why my subdomain does not load under port 10000.
I'd like to have some form of control if I do plan on giving other users accounts, without having to have them use an IP which does not allow port 443.
After finishing installation they gave me my IP with port 10000
and my domain with port 10000 and the only one that loads is the IP address.
Problem solved. To anyone on Debian facing this issue, run a virtualhost and use a reverse proxy to load the url containing port, and disable SSL only.
You should have panel.example.com running your virtualmin control panel.
I have some issue to configurate Ngrok.
I have installed the Ngrok on linux CentOS server dedicated (IP 192.168.1.124), it works correctly the tunneling is ok.
My question is: how i can reach the web page on 127.0.0.1:4040 in order to check the traffic on my Ngrok server?
The web interface page is only accessible on the server where ngrok is running, but if this is a linux minimal server (without gui and any type of browser) I can't see it.
is there a way to make it accessible also in LAN?
e.g. I have another client that can reach the IP where ngrok is running but if i put on web browser http:\192.168.1.124:4040 nothing is showing.
I see from netstat that this port is not listening so isn't a firewall problem or other.
Is possible to change config of Ngrok? otherwise are there other possibilities ? do i have to use a reverse proxy or something like?
Any ideas?
thanks for your help,
Luca
Locate your ngrok's config file:
$ ngrok config check
Valid configuration file at /home/youruser/.config/ngrok/ngrok.yml
Add to the config file the following line:
web_addr: 192.168.1.124:4040
In case you want to expose it to all interfaces, you can replace that value with 0.0.0.0:4040
I have setup a CentOS VM to test Hadoop. I set a network interface in NAT mode with a paravirtualized network type interface. Port redirection for SSH (TCP 22) works without issues. However some other ports do not seem to fully work (9870, 8042, 9864). I can see some "action" happening. Let me give an example for port 9870.
These are my rules (remember I said the SSH rule works without issues):
RulesX TCP 127.0.0.1 59870 10.0.3.15 9870
When I try to access http://127.0.0.1:59870 I get automatically redirected to https://127.0.0.1:59870 but eventually I get a ERR_TIMED_OUT error.
Tracing the traffic on the VM, I can see the traffic coming in but I cannot see any response back (I have one single network interface):
I am not sure what else to look at.
Any idea is highly welcome. Thank you!
More than likely, you need to open the non-standard ports on Centos firewall.
Open firewall port on CentOS 7
Sorry for the basic question but im a complete noob on those matters.
I have a cloud server where i run a jup[yter notebook server, which normally is run on port 8888.
However when i try to connect to it from work, it doesnt work, which i suspect is due to the firewall.
I can connect from work to a regular ssh session through port 22 or 443.
However the jupyter notebook refuses to be run on those ports, probably because they are allocated already.
I tried to run PortQry to get the open ports on my work server (which is windows) and it reurned port 50248. I tried to have my jupyter server to listen on that one but it didnt work.
I also tried to scan the open port of my work server, but i received a warning from AWS! And the few ports that were returned as seemingly opened didnt work either when i set up my jupyter notebook to listen on them.
I would like to understand:
On my own server: How can i identify which port the jupyter server program can listen on?
On my work machine: How can i identify which one of my own server port would be let through the firewall of my work?
You need to use SSH local port forwarding.
https://help.ubuntu.com/community/SSH/OpenSSH/PortForwarding
You will open a SSH connection to your server but a local port, lets say 4444, will connect over the SSH connection and resolve to 8888 on the remote server.
With this you'd be able to open a browser locally and go to localhost:4444 and it would resolve to your remote hosted site. The command for this locally would be something like -
ssh -L 4444:localhost:8080 yourremoteserveraddress
An alternative option would be to use a SOCKS proxy via dynamic forwarding but this would involve needing to reconfigure your browser.
Always keep in mind any company policies around this type of thing. Even though 22 and 443 are open to the internet, use of them in this manner may break a policy and there is always the possibility of the company using a MITM proxy to monitor for this type of usage, specifically on 443.
I have a simple web application using peerjs here: https://github.com/chakradarraju/bingo. I was planning to use github.io to put up a demo, and github.io will be served only in HTTPS, the default PeerServer that is used by the peerjs library doesn't support HTTPS.
Is there any public HTTPS PeerServer that I can use?
The simple answer to this is no. It's unfortunate that the browsers recently disallowed http for any address except localhost.
One way to do it is set up an SSH port forward so that you can fool the browser into thinking it is talking to localhost. Ok for a demo, but not production. Here is some info (from https://www.ssh.com/ssh/tunneling/example)
In OpenSSH, remote port forwardings are specified using the -R option.
For example:
ssh -R 8080:localhost:80 public.example.com
This allows anyone on the remote server to connect to TCP port 8080 on
the remote server. The connection will then be tunneled back to the
client host, and the client then makes a TCP connection to port 80 on
localhost. Any other host name or IP address could be used instead of
localhost to specify the host to connect to.
Alternatively if you have your own web server, you can use Let's encrypt: https://letsencrypt.org/ to make it run https without needing to buy an SSL cert. Their tools are so good it's a five minute exersize to get https on your server.
Give a try to www
Is can create automatically valid certificates by using letsencrypt or self-signed.
https://go-www.com/post/how-it-works/
Usage of ./www:
-p port
Listen on port (default 8000)
-q quiet
quiet mode
-r root
Document root path (default ".")
-s your-domain.tld
https://your-domain.tld if "localhost", port can be other than 443
This issue can be resolved by setting options.secure to true as mentioned here.