I have installed Postgresql 9.3 on OpenShift with the cartridge available at github. The database is started.
I want to connect to it from PgAdmin-III on my local PC. I am supposed to forward ports with:
rhc port-forward <myapp>
Yet, the list of port forwarding does not contain a forwarding for my Postgresql database. Hence, I cannot configure PgAdmin-III with the local port used for forwarding.
C:\>rhc port-forward ligatures
Checking available ports ... done
Forwarding ports ...
Permission denied - bind(2) while forwarding port 8080. Trying local port 8081
Permission denied - bind(2) while forwarding port 8080. Trying local port 8081
Only one usage of each socket address (protocol/network address/port) is
normally permitted. - bind(2) while forwarding port 8081. Trying local port 8082
Permission denied - bind(2) while forwarding port 8080. Trying local port 8081
Only one usage of each socket address (protocol/network address/port) is
normally permitted. - bind(2) while forwarding port 8081. Trying local port 8082
Only one usage of each socket address (protocol/network address/port) is
normally permitted. - bind(2) while forwarding port 8082. Trying local port 8083
To connect to a service running on OpenShift, use the Local address
Service Local OpenShift
------- -------------- ---- -----------------
haproxy 127.0.0.1:8081 => 127.2.56.130:8080
haproxy 127.0.0.1:8082 => 127.2.56.131:8080
node 127.0.0.1:8083 => 127.2.56.129:8080
Press CTRL-C to terminate port forwarding
How do I get a port forwarding for my postgresql-crunchy database?
Update
I have opened an issue at Bugzilla Redhat.
Update II
Issue can be replicated by creating a simple scalable nodejs + crunchydb application at Openshift.
Looking at the manifest.yml file, it does not look like it is publishing it's list of ports correctly (https://github.com/CrunchyData/openshift-postgres-cartridge/blob/master/metadata/manifest.yml) under the "Publishes" section, which is missing, take a look at this manifest for the official postgresql cartridge and compare the Publishes sections (https://github.com/openshift/origin-server/blob/master/cartridges/openshift-origin-cartridge-postgresql/metadata/manifest.yml)
It also seems to be missing the "protocols" section, along with other important information.
It should also probably use more descriptive port names in the "Endpoints" section. I would recommend logging an issue on that github repo with the specifics of the problem you are encountering.
I was able to run the cartridge just now without any problems. I'll take this offline with the user and try to resolve the problem.
Related
I need help port forwarding my webserver from my local ip to external ip.
I have already tried setting up rules in my router for port 8080 (this is the current port for local ip as well (http://localhost:8080)) (Image Attached)
I am using Huawei Router: HG8145V5
I cannot access the webpage from my external ip it shows site cant be reached took too long to respond.
I'm sure its something wrong or extra needed with the port forwarding but cannot find out why.
The webpage is running on apache2.
Port Forward Rules
Webpage Running on 192.168.1.13:8080
I just found out i needed to unable dmz in forwarding rules to enable networking port forwards.
Is there a way to run multiple docker containers on the same ports? For example, I have used the ports 80/443 (HTTP), 3306 (TCP/MySQL) and 22 (TCP/SSH) in my docker-compose file. Now I want to run this docker-compose for different hostnames on the same ip address on my machine.
- traffic from example1.com (default public ip) => container1
- traffic from example2.com (default public ip) => container2
I have already found a solution only for the HTTP traffic by using an additional nginx/haproxy as a proxy on my machine. But unfortunately, this can't handle other TCP ports.
This isn't possible in the general (non-HTTP) case.
At a lower level, if I connect to 10.20.30.40:3306, the Linux kernel selects a single process that's listening on that port and sends the request there. You're not allowed to bind(2) a second process to the same port. (This is also why you get an error if you try to docker run -p picking a host port that's already in use.)
In the case of HTTP, there's the further detail that the host-name part of the URL is also sent in an HTTP Host: header: the Web browser both does a DNS lookup for e.g. stackoverflow.com and connects to its IP address, and also sends a Host: stackoverflow.com HTTP header. That's the specific mechanism that lets you run a proxy on port 80, and then forward to some other backend service via a virtual-host setup.
That mechanism is very specific to HTTP, though, and doesn't work for other protocols that don't have support for it. I don't think either MySQL or ssh have similar mechanisms in their wire protocol.
(In the particular situation you describe this is probably relatively easy to handle. You wouldn't want to make either your internal database or an sshd visible publicly, so delete their ports: from your docker-compose.yml file, and then just worry about proxying the HTTP service. It's pretty unusual and a complex setup to run sshd in Docker so you also might remove that and simplify your stack a little.)
I have my own web site hosted on a dedicated server. I have 2 IP addresses set up.
One is for my web server and the other is for my web socket.
I did this so that my web socket clients can access my server using port 80.
However, when I run my server application I get the error:
An attempt was made to access a socket in a way forbidden by its access permissions
Now if I switch it to a different port it works (which I have allowed through the firewall). There is nothing entered in the Windows Logs.
I am running as an Administrator. I am using Windows server 2012.
Is there anything I can check?
I checked using netstat etc but this IP address is not being used on port 80 anywhere else
I have 2 IP addresses pointing to my server hosted at FastHosts.
So I have a web site (using IIS)
Originally I had a web socket connection/listener listing on port 8090.
I had created a rule in my firewall settings to allow access to this connection.
Indeed for over a year now I have been using this connection using port 8090.
It occurred to me last week that using a clients PC that they could not access the socket over port 8090. I assumed because of firewall issues.
So, I figured if i switched to port 80 for this socket it will not need an exception to that clients firewall rules.
The trouble is I cannot have a web server listening on port 80 and a web socket so I purchased another IP address from my host and 'added' to my network adapter.
I have made sure nothing else is using port 80 for this new IP address. But I get the access denied
As a test I created a default.html page which said 'hi' all with no issues. I then 'stopped' the web server for that IP address
I am attempting to configure my google cloud instance to allow external traffic so I can set up a web socket; however despite adding a rule for all external TCP/IP traffic, I can't access it. My rules are:
gcloud compute firewall-rules list
NAME NETWORK SRC_RANGES RULES SRC_TAGS TARGET_TAGS
default-allow-ssh default 0.0.0.0/0 tcp:22
external-traffic default 0.0.0.0/0 tcp,udp
gcloud compute instances list
NAME ZONE MACHINE_TYPE PREEMPTIBLE INTERNAL_IP EXTERNAL_IP STATUS
pi-server us-central1-a n1-standard-1 **.***.*.* **.***.***.*** RUNNING
I have configured this as a static IP (this is displayed in my cloud dashboard):
Name External Address Region Type In use by
crypto-iris-****** **.***.***.*** us-central1 Static VM instance my_instance_name (Zone a)
I also have some Go client/server web socket code that works perfectly on my computer using localhost:8080 as address. So, my question is: can I simply replace localhost with the external static IP of my instance under these rules?
My client makes use of "github.com/gorilla/websocket" on port 8080. Output of client locally is:
connecting to ws://23.251.148.133:8080/echo
dial:dial tcp 23.251.148.133:8080: getsockopt: operation timed out
exit status 1
Code upon request, if anyone wants to see it.
Problem: my golang/gorilla server was hosting on localhost:8080. I changed it to 0.0.0.0:8080. Smooth sailing after that.
See following post about this, but basically the server was listening to the local loopback address (available only to local machine) instead of the outside world.
https://serverfault.com/questions/78048/whats-the-difference-between-ip-address-0-0-0-0-and-127-0-0-1
All connection attempts on RhodeCode on CentOS 6.3 are refused except from localhost.
Note that iptables is not running, and I am only trying to visit the web interface.
I have googled the exact error message below and looked around SO. I have yet to find a solution.
abort: error: No connection could be made because the target machine actively refused it
If the firewall is down, and I am not trying to modify any repository, what else is preventing me from connecting? EDIT: See #5 below. Not sure how to address it yet.
Things tried and other info
Using localhost, 127.0.0.1 and hostname in production.ini
service iptables stop
Connected over HTTP successfully. In other words, connections are accepted outside RhodeCode.
Made sure no authentication methods were enabled or configured in production.ini
Although the server accepts connections on localhost, netstat -l does not show that port 5000 is listening. Port 5000 is set in production.ini and ps uax | grep paster confirms the server is running. No other software tries to grab port 5000.
Ok, apparently I have been misunderstanding the host configuration. I was running on the assumption that host should be set to 127.0.0.1 or localhost in production.ini for RhodeCode to know what host to look for for another service. This was a faulty presumption on my part, since I am used to pointing web applications to local systems to look for databases.
It turns out that host binds the application to a specific address for access, meaning that it RhodeCode was supposed to only respond to local requests, regardless of what other system policies say. The setup docs did not make this clear because it did not specify that external connections would be refused. All it said was:
This command [paster serve] runs the RhodeCode server. The web app should be available at the 127.0.0.1:5000. This ip and port is configurable via the production.ini file created in previous step
The problem was fixed by binding RhodeCode to 0.0.0.0, which opened it to outside connections. Kudos to Ćukasz Balcerzak for pointing this out in the RC support google group.