I have a fact table in Postgresql database and I what to build a PowerBI analysis with PowerBI professional.
If I let Postgresql accept connections from all internet IP addresses, it works but it is not safe. I'd like to limit the access only to Power BI servers.
How can I identify PowerBI incoming traffic? Is there a best practice to set up the firewall?
You should not open any connections from Internet. Yes, you can get a list of all Azure IP addresses, but this does not limit them to Power BI only, plus it is a manual process to update the list few times a year. A lot better solution is to install Power BI Gateway in your network, which will allow connecting from Power BI Service to your server on-premise.
In my case I prefered to update once in a while my pg_hba.conf with the white list from the official Microsoft list. The production file is overwrittern with a new file. The script replaces a comment line
#PowerBI
in a template pg_hba.conf file with the new list
With the new list
import requests
whiteListUrl = "https://download.microsoft.com/download/7/1/D/71D86715-5596-4529-9B13-DA13A5DE5B63/ServiceTags_Public_20210524.json"
modelFile = "/path/to/template/pg_hba.conf"
outputFileName = "/path/to/production/pg_hba.conf"
userName = "power_bi"
response = requests.get(whiteListUrl)
whiteLists = response.json()
for group in whiteLists["values"]:
if group["name"]!='PowerBI':
continue
text_file = open(modelFile, "r").read()
whiteList = ""
for address in group["properties"]["addressPrefixes"]:
whiteList += "host all {} {} md5\n".format(userName, address)
text_file = text_file.replace("#PowerBI", whiteList)
textfile = open(outputFileName, "w")
a = textfile.write(text_file)
textfile.close()
Related
I built a webpage on an ESP32 chip, charged to create an access point allowing my computer to connect in order to access this page.
For the moment I can only access it using the IP of my ESP by typing it in a browser but it can be very bothersome.
I'd like to know if it was possible to change the url of the page using words instead of the ESP's IP.
Maybe I'm missing some technical terms but I didn't find any solution on the internet.
PS: I'm using micropython with sockets to serve html files from the board:
def handleClient(client_socket):
headers, data = loadRequest(client_socket.recv(1024).decode('utf-8'))
# print('[*] Received:\n%s\n%s\n' % (headers, data))
if headers['method'] == 'GET' and '/connect' == headers['route']:#'/connect' in headers['route']:
ssid, password, status, code = connect(headers)
client_socket.sendall(RESPONSE_TEMPLATE % (code, status, {'ssid': ssid, 'password': password}, code))
return ssid, password
elif headers['method'] == 'GET' and headers['route'] == '/':
renderWebPage(client_socket)
client_socket.close()
return None, None
there are two parts needed to solve your Q:
publish a name (using mdns)
resolve that name from a client
MicroPython has built-in support for mdns since v1.12.
The essential code is to assign a hostname using the below:
wlan.config(dhcp_hostname="prettyname")
Note that your client also needs to have mdns support in order to be able to resolve that address. That may/will depend on your client.
a complete sample would be:
import network
wlan = network.WLAN(network.STA_IF)
if not wlan.isconnected():
wlan.active(True)
mac = wlan.config('mac')
host = "prettyname"
wlan.config(dhcp_hostname = host)
wlan.connect('myssid', 'mypassword')
while not wlan.isconnected():
pass
host = wlan.config('dhcp_hostname')
print('Wifi connected as {}/{}, net={}, gw={}, dns={}'.format(
host, *wlan.ifconfig()))
Source: MicroPython Forum
Certainly. The easiest option is enabling mDNS. This allows hosts in the same local network to resolve the device's name (e.g. espressif.local) into its IP. Only works in local network and requires an mDNS client on the computer (Mac, Linux and Windows all tend to have it built in these days).
No idea how to do it in Micropython, though. Give Google a try.
What I've got
I'm testing postfix on Virtualbox. Initially I had success by passing incoming mail (towards my domain) to a pipe (approach 1 from this answer https://superuser.com/a/1490699 ) and letting outgoing mail send as normal.
Now I've switched my postfix config to use virtual mailbox features (still on Virtualbox) so I can use Mysql to query that the domain and user exists before accepting mail. With config such as:
virtual_transport = myhook:dummy
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
all working well when testing via postmap -q, and I removed my domain from "mydestination" to ensure mail is not transported to local.
The Issue
I've followed a lot of guides
https://www.linode.com/docs/guides/email-with-postfix-dovecot-and-mysql/
https://wiki.gentoo.org/wiki/Complete_Virtual_Mail_Server/Postfix_to_Database
However these guide are made with Dovecot in mind and I wont be using that.
When sending mail via command line to another user that is found within the virtual mailboxes I get the following error
to=<me#laravel8.test>, orig_to=<me>, relay=none, delay=36, delays=36/0.02/0.05/0, dsn=5.4.4, status=bounced (Host or domain name not found. Name service error for name=laravel8.test type=AAAA: Host not found)
This is despite the domain appearing in virtual_mailbox_domains. Changing to ipv4 had no change
I read that this can be due to Postfix not using /etc/hosts (which points laravel8.test to 127.0.0.1) so I added the following lines to main.cf
lmtp_host_lookup = native
smtp_host_lookup = native
But now I get this error:
to=<support#laravel8.test>, relay=none, delay=0, delays=0/0/0/0, dsn=5.4.6, status=bounced (mail for laravel8.test loops back to myself)
Yes, Is that not what I want? I want mail sent to another user to then transport this mail to my pipe as declared in virtual_transport.
No matter what I do I only seem to encounter more issues.
Please help if possible.
Issue seems to be
/etc/postfix/mysql-virtual-mailbox-domains.cf
was
user = root
password =
hosts = 127.0.0.1
dbname = laravel
query = SELECT domain FROM mailbox WHERE domain='%d' LIMIT 1
When it should be
user = root
password =
hosts = 127.0.0.1
dbname = laravel
query = SELECT domain FROM mailbox WHERE domain='%s' LIMIT 1
I got really confused about when and where %s should be used or %d and %u. Here postfix only sends domain to this mysql query so must be whole string as %s
(I'm afraid I'm probably about to reveal myself as completely unfit for the task at hand!)
I'm trying to setup a Redshift cluster and database to help manage data for a class/group project.
I have a dc2.large cluster running with either default options, or what looked like the most generic in the couple of place I was forced to make entries.
I have downloaded Aginity (Win64) as it is described as being specialized for Redshift. That said, I can't find any instructions for connecting using it. The connection dialog requests the follwoing:
Server: using the endpoint for my cluster (less :57xx at the end).
UserID: the Master username for the database defined for the cluster.
Password: to match the UserID
SSL Mode (Disable, Allow, Prefer, Require): trying various options
Database: as named in cluster setup
Port: as defined in cluster setup
I can't get it to connect ("failed to establish connection") and don't know if I'm entering something wrong in Aginity or if I haven't set up my cluster properly.
Message: Failed to establish a connection to 'abc1234-smtm.crone7m2jcwv.us-east-1.redshift.amazonaws.com'.
Type : Npgsql.NpgsqlException
Source : Npgsql
Trace : at Npgsql.NpgsqlClosedState.Open(NpgsqlConnector context, Int32 timeout)
at Npgsql.NpgsqlConnector.Open()
at Npgsql.NpgsqlConnection.Open()
at Aginity.MPP.Common.BaseDataProvider.get_Connection()
at Aginity.MPP.Common.BaseDataProvider.CreateCommand(String commandText, CommandType commandType, IDataParameter[] commandParams)
at Aginity.MPP.Common.BaseDataProvider.ExecuteReader(String commandText, CommandType commandType, IDataParameter[] commandParams)
--- Inner Exception: ---
......
It seems there is not enough information going into Aginity to authorize connection to my cluster - no account credential are supplied. For UserID, am I meant to enter the ID of a valid user? Can I use the root account? What would the ID look like? I have setup a User with FullAccess to S3 and Redshift, then entered the UserID in this format
arn:aws:iam::600123456789:user/john
along with the matching password, but that hasn't worked either.
The only training/tutorial I have been able to find/do on this is the Intro AWS direct you to, at https://qwiklabs.com/focuses/2366, which uses a web-based client that I can't find outside of the tutorial (pgweb).
Any advice what I am doing wrong, and how to do it right?
Well, I think I got it working - I haven't had a chance to see if I can actually create table yet, but it seems to be connected. I had to allow inbound traffic from outside the VPC, as per the above snapshot.
I'm guessing there's a better way than opening it up to all IP addresses, but I don't know the users' (fellow team members) IPs, and aren't they all subject to change depending on the device they're using to connect?
How does one go about getting inside the VPC to connect that way, presumably more securely?
I have setup an EA pro cloud server and its successfully connected from the client side. The connection to the data base server is also established via client. Now i want to access the content of the database over the the cloud via browser and for that i have to make changes to webea.config on the cloud server. The webea.config has lots of properties, actually i have no idea what all to add against those fields for accessing the database over the browser. Following is the webea_config.ini:
model1 = "Pro Cloud "
model2 = "Pro Cloud2"
[model1 : settings]
sscs_protocol = "http"
sscs_server = "localhost"
sscs_port = "804"
sscs_db_alias = "MY_SERVER"
auth_code = ""
login_prompt = "false"
default_diagram = ""
show_discuss = "false"
On the browser i see as :
But when i click on pro cloud it does not take me to the database contents.
Can anyone please explain me what all do i need to add webea_config.ini file So that i get to the contents inside the database.
maybe localhost isn't known from outside, did you try providing a IP address?
Also i'd first test the same connection in 'Connect to Cloud' option in EA (from the machine where I'm trying to access from browser).
Also please ensure you have set the license and other settings required for PCS to work, refer to https://prolaborate.com/resources/documentation/installation-guide?articles=SetupProCloudServer to double check all configs are in place.
I am trying to understand how to properly configure AppFabric Caching on a web site. We are planning to use SQL Server as the cache manager and as far as I can understand the SQL will contain a list of the cache hosts in the cluster.
However, when running
DataCacheFactory factory = new DataCacheFactory();
I get
Server collection cannot be empty.
which, I guess, is to be expected since I have not added any servers in the web.config.
However, I do not want to maintain a server list on each web server, I want that to be done centrally on the SQL Server. I assume there is a way to point to the SQL Server, but I cannot find information on how to do this.
(I have also tried with the XML configration option, but it cannot even find that file. I have checked the health of the service in power shell.)
How do I centralize the server cache host list?
We are planning to use SQL Server as the cache manager and as far as I
can understand the SQL will contain a list of the cache hosts in the
cluster.
It's false. SQL Server can perform cluster management but it's only for managing the cache hosts, and ultimately, the cache cluster. It's just for internal management and your clients can use this configuration and they don't need to have acces to Sql Server.
DataCacheFactory factory = new DataCacheFactory();
This code will try to load default datacacheclient in config. In your case, it should be empty that's why you get this error.
You can still use code to configure cache host in this way.
// Declare array for cache host(s).
DataCacheServerEndpoint[] servers = new DataCacheServerEndpoint[1];
servers[0] = new DataCacheServerEndpoint("CacheServer1", 22233);
DataCacheFactoryConfiguration factoryConfig = new DataCacheFactoryConfiguration();
factoryConfig.Servers = servers;
DataCacheFactory mycacheFactory = new DataCacheFactory(factoryConfig);
DataCache myDefaultCache = mycacheFactory.GetCache("NamedCache1");
You don't need to specify all host names here, because AppFabric Caching will route request to the correct cache host, event if it is not in your list.