I have a domain name registered at ovh.com, let's say it's called domain.com.
This domain is pointing on my router's public IP, then I redirect the https port 443 of my router to my server port 443. So when we go to domain.com it redirects to my server:443.
To be more accurate, domain.com just redirect to my router's public IP. So for example if I use a graphic database manager, I can tell him that the server address is domain.com:[SGBD port] and It will works.
But all my applications are running on this same server. And to add a little more security, I am not using the usual port for all protocols. So let's say my port are the following :
git : 50000
SGBD : 55000
cloud : 60000
website 65000
and some others, for example some TCP ports between 40000 and 50000.
My git and my cloud have a graphical manager I can access by typing domain.com:50000 or domain.com:60000 in my web browser from everywhere. I use the same URL on all my software. domain.com:50000 for my git client, domain.com:55000 for my database client and so on.
This way is working perfectly but there are 2 problems annoying me :
The first one is that I have to tell the port number to everyone who's susceptible to use my applications. But like I said I am not using usual port number for a little more security so I don't want to share these numbers with everyone.
The second problem is more important :
When I am somewhere, for example at work, it's possible that the firewall is blocking the port numbers I am using. So my personal git isn't accessible, same for my cloud etc.
To solve these problem in one move I wanted to add subdomain on my domain and redirect these subdomain to my differents ports. For example :
website : domain.com:65000
git.domain.com ==> domain.com:50000
SGBD.domain.com ==> domain.com:55000
cloud.domain.com ==> domain.com:60000
So in my mind, with this solution I can type git.domain.com in my browser to initiate the communication by https (the https port is almost never blocked), then redirect it to my router's port 50000 from OVH then my router redirect it to the git port of my server.
But obviously this would be to good to be truth.
When creating a subdomain (at least on OVH ?) we can't specify a port. So I can't set git.domain.com is redirecting to myRouterIp:50000 but just to myRouterIp. So with a web browser, typing git.domain.com will redirect to myRouterIp:443, which is already taken by my website.
So i'm a little confused. Do I have to buy one router with a different public IP per application then making all differents subdomain pointing on a different router ? I almost sure it's a bit ridiculous. How do you think I can solve it ?
As you correctly noticed, in your DNS console you can't specify port; the reason is that DNS does not care about ports, its only purpose is to resolve hostnames to IP addresses.
Another thing important for your problem is that most (non http) application clients will, even if they use friendly hostname, resolve that name to IP address before initiating the connection to your router/server, and then use that IP address for communicating to router/server. That means that when request reaches a port on your router/server, there will be no way for router/server to determine which hostname was initially used.
The rare exception to this is HTTP, where the browser is always sending the requested hostname in Host HTTP header. That means that you can run multiple different websites on one IP address on the same port (that is how shared web hosting works, for example). Setting this up should be pretty straightforward, but is probably out of scope on SO, try SF or SU.
For other (non HTTP services), the only solution is to run them on different ports (which you already do), or to have multiple public IP addresses (which might be difficult to get from your ISP). Also, running non-http services on some random non-default ports (and telling that port number to your users) might be (very sightly) more secure than running them on their respective default ports.
Depending on your use case, one other possible solution would be to have your users connect to your local network using secure VPN, and after that they could have access to your services (which would run on different private IP addresses and any port you like).
Related
I have created a virtualmin account to manage multiple servers instead of cPanel and after reading all of the documentation I have yet to see why my subdomain does not load under port 10000.
I'd like to have some form of control if I do plan on giving other users accounts, without having to have them use an IP which does not allow port 443.
After finishing installation they gave me my IP with port 10000
and my domain with port 10000 and the only one that loads is the IP address.
Problem solved. To anyone on Debian facing this issue, run a virtualhost and use a reverse proxy to load the url containing port, and disable SSL only.
You should have panel.example.com running your virtualmin control panel.
I'm trying to implement a web server on my pc, connected to router.
Since my PC is connected to router, It identifies private IP address, starting with
192.168...
However,it could not accept any clients that is not connected to the same router, even I specified tried with public IP address.
Is it possible to implement Web server that can be accept clients from anywhere with my PC connected to local router?
Or should I connect my web server directly to public IP directly without router?
It'll be pleasure to learn from your answers.
The problem may be, that your web server routing may not be configured correctly to your external IP, or your web server ports may be blocked, or another possibility is that your firewall is blocking your service connections outside the local network.
So, a solution to misconfiguration would be, to forward your port to your internal IP of the web server from your router menu.
And, for the case of firewall blocking, you may give special access to your web server through the firewall by setting inbound and outbound rules.
And if all that is correct then most probably your ISP(Internet Service Provider) is not allowing ports to be opened to you, maybe due to dynamic IP or service restrictions.
For the similar problem, you may refer to my answer to another post Here
What router do you have? go into the router using a web browser, mine is 192.168.0.1 with username and password as admin. or username admin, password blank.
Then set a dmz route or for port forwarding 80 to you own internal IP address.
Im just wondering, can 2 or more different external hostname/DNS redirect to multiple local servers but same port?
Let's see, I have 2 DNS internet domain for an example, myserver1.com and myserver2.com, and both I have same A record to my forwarded server IP (e.g: 102.123.123.123). Under my server which only has 102.123.123.123 IP address has 2 application servers but instead of trying to make they work, I use different port for each server applications for an example, serverApp1 listening to 0.0.0.0:2010, serverApp2 listening to 0.0.0.0:2020
My point is, is there any way or how to forward my myserver1.com:2000 to serverApp1 (port 2010), and myserver2.com:2000 to serverApp2 (port 2020) but both myserver1.com and myserver2.com has a same A record?
Im quite sure either it is in iptables or /etc/hosts or BIND issues, but guide me if I missed something. And by the way, the servers and DNS records are accessible from the internet which is the firewalls are configured properly. Thanks.
I don't have much experience in that, but I think you will need a third server/firewall/proxy listening for the incoming host and route it accordingly.
Again, I don't have much experience in that, so I'm not sure if the firewall is able to do that.
I think you can use redirection servers like apache.
In my application we want to access lot of intranet servers from internet. So what we did, we configured a apache with all the mappings in httpd.
So when ever a request to apache comes, it will be redirected appropriately.
For example - I have two servers or hostname in intranet : 1) abc.com:7300/context1
2) xyz.com:8900/context2
We configured a apache with host name abcxyz.com:9000. When a request like
abcxyz.com:9000/context1 comes it will be redirected to abc.com:7300/context1 and when a request like abcxyz.com:9000/context2 comes it will be redirected to xyz.com:8900/context2.
In your case since the requests are going through the single server (102.123.123.123), you can use redirection.
Hope it helps.
I have a web server running out of my home. I have assigned it an address such as 192.168.1.123 on port 80.
I understand that this is running on my local network. If I go to another computer on my network and type in the server's ip address, I can see the server.
Is there a way to access this server from outside my LAN?
Yes, you need to set your router to forward connections to port 80 to your internal IP address (192.168.1.123). Look for Port Forwarding on your router admin screen which I would imagine you access by going to http://192.168.1.1
Keep in mind that your ISP may block port 80 completely in which case you can run your web server on a different port (for example por 8180) and have your router forward connections to port 8180 to your internal IP.
To access your server from outside, you just need to point your browser to your external IP address which you can find out by going to http://www.ipchicken.com
Assuming you have a connection to the internet:
https://github.com/progrium/localtunnel
is a quick way to access your local server from the internet. There might be similar implementations in other languages/platforms. This is just the one I know about.
Remember that security issues need to be carefully considered when opening your local network to the world.
If you use a PHP Webserver you can set it this way:
php -S <YourIPAdresse>:<SomePortNumber> <StartPHPpage>
Example: „php -S 192.168.1.123:9000 index.php"
Just curious. When developing with Casini development server, one has an infinite number of ports. But, the production servers seem to give a particular importance to port 80.
Has that to do with a technical requirement, a convention, or both? I've checked the web but haven't been able to find a clear response so far.
Thanks for helping.
Many services have specifically-assigned ports This allows users to type, for example http://stackoverflow.com and get the website for SO, without needing to enter a port as well. This isn't a technical requirement; however, using a different port requires the user to know an extra piece of information, which must be entered into the URL every time.
When you connect to a server via TCP/IP you specify particular port you connect to. You do not connect to a server and hope that server guesses which port you would like to talk to.
So in most cases you tell browser to use protocol http, say "http://example.com/" then browser uses default port number assigned to that protocol (http) to connect to server "example.com". In this case port is 80. If for example you specify "https://example.com/" then browser looks for default port for https and then connects to port 443 instead.
So if you do not want to tell to every of your users to specify some non-default port for your service (say "http://example.com:60765/") you better use default one.
BTW there is a way to get port number your service listens to by it's protocol name (by asking a service's host's daemon at port 0) but this method seems to be rarely used (if at all).
See also other answers: default protocol numbers are assigned by IANA
It's a convention: you can use whatever port you feel like. You can look at the evolution of RFCs to see when the convention was official (http://www.faqs.org/rfcs/rfc1700.html)
You can see in the RFC 1060 (http://www.faqs.org/rfcs/rfc1060.html ) that it's the ISO Internet Protocol :)
In a production environment your web server is embedded in a server infrastructure (firewalls, proxies) protecting you against attacks from the internet. In such an environment port 80 is normally open for HTTP traffic. If you use this port there is no need to configure your server infrastructure.