access to vault since other server - kubernetes

I have install a vault in my first server but a when access to my vault since other server
I create a config file config.hcl and i my file i put this
listener "tcp" {
address = "127.0.0.1:8200"
}
listener "tcp" {
address = "myIP:8200"
}
# Advertise the non-loopback interface
api_addr = "https://myIP:8200"
cluster_addr = "https://myIp:8201"
like hashicorp doc
but when i start the server like this vault server -config=./config.hcl
i have this error
Error initializing listener of type tcp: listen tcp4 myIp:8200: bind: address already in use

Related

Unable to establish connection to a tcp socket server on aws ec2

I am trying to run a socket server on an aws ec2 ubuntu instance and then connecting with it using my local machine. I was successful with sending HTTP GET requests to my server hosted on aws ec2 instance and getting a response, but I am unable to connect the server and client using sockets, even after enabling custom TCP on the complete range of ports on the instance.
Here is a screenshot describing my instance's inbound and outbound rules :
screenshot
I used this python code from the internet to test socket networking :
socket_client.py :
import socket
def client_program():
host = "<aws instance public ip address>"
port = 8080 # socket server port number
client_socket = socket.socket() # instantiate
client_socket.connect((host, port)) # connect to the server
message = input(" -> ") # take input
while message.lower().strip() != 'bye':
client_socket.send(message.encode()) # send message
data = client_socket.recv(1024).decode() # receive response
print('Received from server: ' + data) # show in terminal
message = input(" -> ") # again take input
client_socket.close() # close the connection
if __name__ == '__main__':
client_program()
socket_server.py :
import socket
def server_program():
host = "0.0.0.0"
port = 8080 # initiate port no above 1024
server_socket = socket.socket() # get instance
# look closely. The bind() function takes tuple as argument
server_socket.bind((host, port)) # bind host address and port together
# configure how many client the server can listen simultaneously
server_socket.listen(2)
conn, address = server_socket.accept() # accept new connection
print("Connection from: " + str(address))
while True:
# receive data stream. it won't accept data packet greater than 1024 bytes
data = conn.recv(1024).decode()
if not data:
# if data is not received break
break
print("from connected user: " + str(data))
data = input(' -> ')
conn.send(data.encode()) # send data to the client
conn.close() # close the connection
if __name__ == '__main__':
server_program()
Note that the socket server-client are working completely fine when run on my local machine.
Please help if you know about how to fix this .
Edit - I have also tried with disabling firewall on the linux ec2 instance, but the problem still persists.
Thanks.

Caddy web server - alias

There is a Caddy web server in local network listening address https://chat.
A-record (chat - 192.168.10.10) was created in local DNS-server for that local host.
How to configure Caddy for listening https://192.168.10.10:443 as alias?
Current conf file:
https://chat {
bind {$ADDRESS}
tls /var/snap/rocketchat-server/ssl/chat.crt /var/snap/rocketchat-server/ssl/chat.key
proxy / localhost:3000 {
websocket
transparent
}
}
192.168.10.10:443{
redir https://chat{uri}
}

Not able to unseal data from Vault

I am trying to experiment the Vault HarshiCorp.
Version that I am using is Vault v0.11.0:
Starting log as below
Api Address: https://ldndsr000004893:8200
Cgo: disabled
Cluster Address: https://ldndsr000004893:8201
Listener 1: tcp (addr: "ldndsr000004893:8200", cluster address: "10.75.40.30:8201", max_request_duration: "1m30s", max_request_size: "33554432", tls: "disabled")
Log Level: info
Mlock: supported: true, enabled: false
Storage: file
Version: Vault v0.11.0
Version Sha: 87492f9258e0227f3717e3883c6a8be5716bf56
Server configuration as below:
listener "tcp" {
address = "ldndsr000004893:8200"
scheme = "http"
tls_disable = 1
}
#storage "inmem" {
#}
#storage "zookeeper" {
# address = "localhost:2182"
# path = "vault/"
#}
storage "file" {
path = "/app/iag/phoenix/vault/data"
}
# Advertise the non-loopback interface
api_addr = "https://ldndsr000004893:8200"
disable_mlock = true
ui=true
I have input numbers of key value pairs into vault, and was able to retrieve data normally using Vault command line. But certaintly It stopped working and not able to unseal data from both UI and commandline.
UI error :
Any advice on this issue as I am going to use Vault for storing all credential information.
Turns out it was a problem with Vault UI running on chrome browse.
I have to open a new window with incognito windows and it is showing sign in window after I keyed in the token Vault got unsealed

Radiusd server not serving the request

I have set up a radiud server on centos 6.8 and I have a switch that I want to call this radius server for authentication. The switch ip address is 10.2.1.4 which is there in the clients config file. Here is the part of my client conf file
client switch {
ipaddr = 10.2.1.4
secret = testing123
nastype = other
}
Below is the error that I am getting
... adding new socket proxy address * port 55146
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /var/run/radiusd/radiusd.sock
Listening on authentication address 127.0.0.1 port 18120 as server inner-
tunnel
Listening on proxy address * port 1814
Ready to process requests.
Ignoring request to authentication address * port 1812 from unknown client
10.2.1.4 port 1037
Ready to process requests.
Can anyone please help me here?

Sails.js 0.10.x: How to listen on localhost only?

I would like to pipe all traffic through an NGINX proxy and make sure that the node server won't be accessible directly from the outside.
Node's http module has the ability to listen on a given port on localhost only, is there an option to enable sails.js to do the same?
Simply add this line:
config/local.js
explicitHost: process.env.HOST || 'localhost'
Or you could add a policy:
config/policies.js
module.exports.policies = {
'*': 'isLocal'
}
api/policies/isLocal.coffee
# sessionAuth
#
# #module :: Policy
# #description :: Accept only local connections
# #docs :: http://sailsjs.org/#!documentation/policies
module.exports = (req, res, cb) ->
if req.ip is '127.0.0.1' then cb()
else res.forbidden new Error 'Accept only local connections'
Not sure why you want to use Sails to restrict access to only localhost when you're using nginx as a proxy server (nginx is designed to do what you want). You can use an nginx configuration file to restrict local access to your Sails app.
server {
listen 80;
server_name www.yourSailsApp.com;
...
location / {
allow 127.0.0.1;
deny all;
}
}
You may need to add your site to your HOSTS file /etc/hosts:
127.0.0.1 yourSailsApp.com
Alternatively, you can just find the public IP of your server and use that in the nginx configuration instead, in the allow field.