I have a website.example.com The website is hosted on OVH I would like to point a sub domain shop.example.com to another website hosted on another server
(95.110.189.135:8069) the problem is that I can't c name to an IP with a port.
I used Ubuntu for my odoo server
I've got odoo on my vps server with database. Now, It's working on IP with port (example: 55.55.55.55:8069). So now,
How can I change it to IP without port?
If I want a domain name - how can I do this?
I found the solution it's easy to redirect to port 80
to do that add a line of code in the file
etc/rc.local
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8069
then the file will become like this
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8069
exit 0
save and then restart the server
You cannot use plain DNS to transfer traffic to another port. This is not possible with either canonical name (CNAME record) or address (A record). These DNS services are only used for address resolution.
To solve your configuration issue you can use reverse proxy, e.g. Nginx. You can find example configurations from the Odoo.com site at https://www.odoo.com/documentation/11.0/setup/deploy.html#https. This is describing how to use https in port 443 to proxy Odoo in upstream service at port 8069. For public services you should use encrypted https, not http. Point your show.example.com in DNS to your "another" server ip address and on that server have Odoo and Nginx running. Your Odoo can run on port 8069 and your Nginx would run on https 443 and proxy connections to Odoo upstream service on localhost 8069.
Hope this helps you forward. Please check your configuration with someone who have experience with this kind of setups before you go production. This will make sure your configuration is secure.
Related
I am running a server and I have a pointed my domain via cloudflare to my server IP and have a signed SSL certificate via LetsEncrypt for my domain. My server is running an apache webserver using porto 443 for the ssl traffic.
I installed docker and a run a couple of containers. My goal is to get traefik up and running using port 443 as well and route all docker traffic through it. Is that even possible?
I used this here: https://www.linuxserver.io/2018/02/03/using-traefik-as-a-reverse-proxy-with-docker/ to write my traefik.toml file and my docker-compose file.
However, whenever I start up the docker-compose all services are up except traefik.
I receive following error:
ERROR: for traefik Cannot start service traefik: driver failed programming external connectivity on endpoint traefik (2d10b64b47e62e7dcb5f94265529fb647e4ba62dbeeb43c201ea02d39f60b381): Error starting userland proxy: listen tcp 0.0.0.0:443: bind: address already in use
ERROR: Encountered errors while bringing up the project.
I wonder if the reason is that I already use port 443 for my domain?!
How can I fix this?
Thanks for your help!
You are using docker in Linux:
Some of these commands should give you a clue that you are using them:
sudo lsof -i -P -n | grep LISTEN
netstat -tulpn | grep LISTEN
example:
docker-pr 2405 root 4u IPv6 28930 0t0 TCP
*:443 (LISTEN)
if 443 is occupied by docker ... it means that you have in some YML an exposed port 443, besides that of Traefik (if it is some other application proceeds to change port or close it [pkill])
You can try to separate the "Services" of the YML in different YML and turn them on one by one, in order to find the image that is causing you conflicts
(If you separate them remember to create the appropriate external "Networks".)
(by the way ... I recommend that the first image that starts be the one of traefik)
(You can also copy and paste your YML files for better help.)
Edit
RewriteEngine on
RewriteCond %{HTTPS} off
# RewriteCond %{SERVER_PORT} ^9000$
RewriteRule ^(.*)$ https://%{HTTP_HOST}:9443%{REQUEST_URI}
edit2 in toml config traefik: (I have no idea what works, try it)
# Entrypoints, http and https
[entryPoints]
# http should be redirected to https
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
# https is the default
[entryPoints.https]
address = ":9443"
[entryPoints.https.tls]
The other solution that occurs to me is to make your main apache as a Proxy Tunnel, BUT, then you do not need to bring traefik :P
I've got the same issue.
I've tried everything I found on stackoverflow and github.
Only this worked for me:
sudo lsof -i -P -n | grep LISTEN
And I've got somethink like this:
And I decided to kill the first PID (related to 80 port)
sudo kill -9 1876
And then I've started the service with docker on network and everything worked fine. Hooray!!!
I'm trying to use Rundeck on Ubuntu 14.04.
How do I change the web interface port from 4440 (default) to 80?
The port number seems to be referred to in various config locations (including /etc/rundeck/profile and /etc/rundeck/framework.properties) but changing these had no effect for me and I can't find a specific section in the documentation on changing the web port.
Use a proxy pass with either Apache or Nginx. Its a solution..
You needed to modify these files from 4440 to 80
framework.properties
profile
rundeck-config.properties
But you will get the following java exception when trying to run in 80.
java.net.SocketException: Permission denied
Hence apache or nginx proxy pass is the working solution
Do you can use two rules iptables
iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 4440
iptables -I INPUT -p tcp --dport 4440 -j ACCEPT
What I want to do is setup two web servers. One will simply deliver normal content to people that request it and one will put minimal strain on the system and strictly deliver an access denied type of message for hackers.
I looked at http://www.cyberciti.biz/faq/linux-port-redirection-with-iptables/ for ideas on how to create this redirection based on a bad IP address and its suggesting:
iptables -t nat -A PREROUTING --src <source address> -p tcp --dport <new server port number> -j REDIRECT --to-port <new server port number>
I then tested that theory by trying the following on a computer without internet but with apache server running on port 80 and nothing on port 81:
iptables -t nat -A PREROUTING --src 127.0.0.1 -p tcp --dport 80 -j REDIRECT --to-port 81
I then typed in 127.0.0.1 in my web browser and received the same apache response as usual. Instead, I expected a browser message that it could not connect to the remote server.
How to I adjust the iptables command to make computers from listed IP in --src redirect from 127.0.0.1 port 80 to 127.0.0.1 port 81?
I understand I can use apache or php and even apache modules and all that for the redirection but I'm trying to use the least system-intensive approach and I want hackers to have the least amount of system resources available to them so that real visitors can enjoy a quality website, however
I want them to be able to see a message because if a real person gets blocked by accident then at least they can understand what's going on from an error message instead of a connection drop.
Packets on the loopback interface (127.0.0.0/8) don't pass through the NAT tables. Try using an external computer for the test.
Is it possible to run a buildbot-slave from inside a corporate firewall where you are allowed to create only outgoing connection on standard HTTP(s) ports?
How can I achieve that?
In this case you should run your master to use exactly these ports, i.e. running web interface on HTTP(80) port while using HTTPS(443) port for slaves' connections. However this would require master to run with root privileges which is bad. In this case you could redirect traffic from these ports to the actual used in master with iptables. With default master ports for web interface(8010) and slave connections(9989) you'll get something like:
# iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination 127.0.0.1:9989
The same goes for web interface in case you're not using any proxy HTTP server (like nginx, haproxy, lighthttpd, etc).
I have hosted an application in a machine running Red Hat Enterprise Linux 5. I started the jBoss AS using the command.
./run.sh -b 0.0.0.0
and
./run.sh -Djboss.bind.address=<<server_address>>
and
./run.sh --host=<<ipaddress>>
but using any of these commands i cannot access the application remotely. Using the the above commands I cannot even access the application on the host machine itself, using localhost as well as ip address. I am not able to figure out the problem here. I can ping the linux machine from the other windows machines.
Check iptables rules are not blocking firstly
Also are you running as a user? If so, you will not have permission to bind to a port number less than 1024.
try telneting the port from the server itself to check the service is responding e.g.
telnet localhost 8080
presuming that you are running on 8080 in the example above.
you can drop your iptables temporarily for testing if it is safe to do so by:
/etc/init.d/iptables stop
and restart them when you've finished with
/etc/init.d/iptables start
you can make a permanent change to your iptables config by adding the following line to /etc/sysconfig/iptables
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT