I have a domain example.com that is being host on webfaction. However i would like to redirect its subdomain (e.g sub.example.com) to one of my AWS instance which has public DNS of:
https://ec2-xx-xxx-xxx-xxx.ap-southeast-1.compute.amazonaws.com:8083 (please note the port number).
This instance is then assigned with elastic IP address.
So far, the solution that i tried is:
Using CNAME redirection, however it does not work because of this: https://forums.aws.amazon.com/thread.jspa?threadID=55995
Then i proceed to use the old fashion .htaccess:
Redirect permanent / http://ec2-xx-xx-x-xxx.compute-1.amazonaws.com
order deny,allow
However, i want to keep the sub.example.com on the address bar instead of changing it AWS public dns.
Does anyone know what is the best way to solve this? Thanks
If you have assigned an elastic ip to the instance, you should be able to just setup a new 'A' record in your DNS that points directly to that IP address, no?
The listening on the specific port should be handled by the bindings on the instance (either thru apache or IIS)
Related
At a previous company I worked at, we had an NGINX server running as an AWS EC2 instance, with only a private IP address (10.x.x.x), that received inbound public traffic thanks to entries in Route 53. I'm trying to setup the same environment but I seem to be missing a critical piece of the puzzle!
We had a primary domain, then every sub-domain was proxied using NGINX. Every entry (can't remember whether A or CNAME records) pointed to the private IP of the NGINX server and back then (6/7 years ago) it worked. However, I didn't set it up and I don't know what else was involved.
To be clear, the NGINX server has no public IP address, yet it worked last time.
I seem to be unable to have Route 53 forward to a private IP address, but there must be a way to get this working using AWS, as it worked perfectly at my last company. Sadly, there's nobody there I can reach out to, so I'm asking here.
Can anyone assist, please?
I have a domain name registered at ovh.com, let's say it's called domain.com.
This domain is pointing on my router's public IP, then I redirect the https port 443 of my router to my server port 443. So when we go to domain.com it redirects to my server:443.
To be more accurate, domain.com just redirect to my router's public IP. So for example if I use a graphic database manager, I can tell him that the server address is domain.com:[SGBD port] and It will works.
But all my applications are running on this same server. And to add a little more security, I am not using the usual port for all protocols. So let's say my port are the following :
git : 50000
SGBD : 55000
cloud : 60000
website 65000
and some others, for example some TCP ports between 40000 and 50000.
My git and my cloud have a graphical manager I can access by typing domain.com:50000 or domain.com:60000 in my web browser from everywhere. I use the same URL on all my software. domain.com:50000 for my git client, domain.com:55000 for my database client and so on.
This way is working perfectly but there are 2 problems annoying me :
The first one is that I have to tell the port number to everyone who's susceptible to use my applications. But like I said I am not using usual port number for a little more security so I don't want to share these numbers with everyone.
The second problem is more important :
When I am somewhere, for example at work, it's possible that the firewall is blocking the port numbers I am using. So my personal git isn't accessible, same for my cloud etc.
To solve these problem in one move I wanted to add subdomain on my domain and redirect these subdomain to my differents ports. For example :
website : domain.com:65000
git.domain.com ==> domain.com:50000
SGBD.domain.com ==> domain.com:55000
cloud.domain.com ==> domain.com:60000
So in my mind, with this solution I can type git.domain.com in my browser to initiate the communication by https (the https port is almost never blocked), then redirect it to my router's port 50000 from OVH then my router redirect it to the git port of my server.
But obviously this would be to good to be truth.
When creating a subdomain (at least on OVH ?) we can't specify a port. So I can't set git.domain.com is redirecting to myRouterIp:50000 but just to myRouterIp. So with a web browser, typing git.domain.com will redirect to myRouterIp:443, which is already taken by my website.
So i'm a little confused. Do I have to buy one router with a different public IP per application then making all differents subdomain pointing on a different router ? I almost sure it's a bit ridiculous. How do you think I can solve it ?
As you correctly noticed, in your DNS console you can't specify port; the reason is that DNS does not care about ports, its only purpose is to resolve hostnames to IP addresses.
Another thing important for your problem is that most (non http) application clients will, even if they use friendly hostname, resolve that name to IP address before initiating the connection to your router/server, and then use that IP address for communicating to router/server. That means that when request reaches a port on your router/server, there will be no way for router/server to determine which hostname was initially used.
The rare exception to this is HTTP, where the browser is always sending the requested hostname in Host HTTP header. That means that you can run multiple different websites on one IP address on the same port (that is how shared web hosting works, for example). Setting this up should be pretty straightforward, but is probably out of scope on SO, try SF or SU.
For other (non HTTP services), the only solution is to run them on different ports (which you already do), or to have multiple public IP addresses (which might be difficult to get from your ISP). Also, running non-http services on some random non-default ports (and telling that port number to your users) might be (very sightly) more secure than running them on their respective default ports.
Depending on your use case, one other possible solution would be to have your users connect to your local network using secure VPN, and after that they could have access to your services (which would run on different private IP addresses and any port you like).
I have a website. example.com
The website is hosted on bluehost
I would like to point a subdomain pediatri.example.com to another website hosted on another server (95.110.189.135:8080) the problem is that i can't CNAME to an ip with a port.
I tried using an SRV record like that:
I can't change the port to 80 on the other server, and i need the subdomain to point to the ip with the port and everything to work fine. Is there a way to do that? I appreciate every answer and comment. Thanks!
DNS only works at the IP Address level, its only concern is mapping domain names to IP Addresses, there is no way to specify a port number.
Srv records only work for applications that understand them and are specifically programmed to look them up and configure themselves accordingly.
Im just wondering, can 2 or more different external hostname/DNS redirect to multiple local servers but same port?
Let's see, I have 2 DNS internet domain for an example, myserver1.com and myserver2.com, and both I have same A record to my forwarded server IP (e.g: 102.123.123.123). Under my server which only has 102.123.123.123 IP address has 2 application servers but instead of trying to make they work, I use different port for each server applications for an example, serverApp1 listening to 0.0.0.0:2010, serverApp2 listening to 0.0.0.0:2020
My point is, is there any way or how to forward my myserver1.com:2000 to serverApp1 (port 2010), and myserver2.com:2000 to serverApp2 (port 2020) but both myserver1.com and myserver2.com has a same A record?
Im quite sure either it is in iptables or /etc/hosts or BIND issues, but guide me if I missed something. And by the way, the servers and DNS records are accessible from the internet which is the firewalls are configured properly. Thanks.
I don't have much experience in that, but I think you will need a third server/firewall/proxy listening for the incoming host and route it accordingly.
Again, I don't have much experience in that, so I'm not sure if the firewall is able to do that.
I think you can use redirection servers like apache.
In my application we want to access lot of intranet servers from internet. So what we did, we configured a apache with all the mappings in httpd.
So when ever a request to apache comes, it will be redirected appropriately.
For example - I have two servers or hostname in intranet : 1) abc.com:7300/context1
2) xyz.com:8900/context2
We configured a apache with host name abcxyz.com:9000. When a request like
abcxyz.com:9000/context1 comes it will be redirected to abc.com:7300/context1 and when a request like abcxyz.com:9000/context2 comes it will be redirected to xyz.com:8900/context2.
In your case since the requests are going through the single server (102.123.123.123), you can use redirection.
Hope it helps.
I'm implementing the PASV mode in a FTP server, and I send to the client the IP address and port of the data end point. This is stupid because the IP is actually where the client is already connecting, so there ire two options:
How could I get the public IP
address from a given instance? Not
the VIP, but the public one.
How could I get the original target
IP address that the user used from
a Socket object? Considering routers and load balancers in the middle :P
An answer to any of this questions would do, although there is another way that could work... may I get the public IP address doing a DNS look up of myapp.cloudapp.net?
A fourth option would be use the Azure Management API library... but, too much trouble :P.
Cheers.
Not sure if you ever figured this out, but here's my take on it. The individual role instances are all behind the Windows Azure load balancer and have no idea what the original, outward-facing IP address is. Also, there's no Management API call that returns IP address - Get Deployment returns the URL but not the IP address. I think the only option is going to be a dns lookup.
Having said that: I don't think you can host a passive ftp server in your role instance (at least not elegantly). You may open up to 25 input endpoints on your role (up from 5 - see my recent blog post about this update), but there's manual work involved in the configuration. I don't know if your ftp application lets you limit your port range to such a small number of ports. Also:
You'd have to define each port as its own input endpoint (this is the manual labor part I mentioned) - input endpoints don't allow a port range to be specified, unlike the internal endpoints.
You'd have to specify the port number that's used internally, and the port numbers would need to be sequential
One last thing on ftp: you should be able to host an sftp server with no trouble, since all traffic comes through one port.
The hack that I'm contemplating right now is to retrieve http://www.icanhazip.com/. It isn't elegant and is subject to the availability of that service, but it gets the job done. A better solution would be appreciated!