I noticed with Postgres and other databases, the database itself runs a local version of a server.
For example, mine is running on localhost:5432.
Curiously, I went to my web browser and tried typing in that address to see what I'd get, but I got a response that "This Web Page is Not Available".
I also tried things like localhost:5432/mydata but also to no avail.
Shouldn't I be able to see something if I visit the database through my web browser? If yes, how do you do it? If not, why not?
Postgres is a service running on a port. A web server is also a service running on a port (80 and/or 443 usually). There are a lot of things running on various ports on any server, heck, on any single computer. That doesn't mean that everything is interchangeable. Ports 80 and 443 are commonly agreed to serve HTTP(S) connections. HTTP is a specific protocol which specifies how two things can communicate on a specific port. Postgres is not speaking HTTP; you need to speak Postgres' particular protocol if you want to talk to it. The browser does not speak that protocol, and Postgres doesn't by default offer communication in any protocol a browser understands.
A web browser expects to "talk" to servers using a protocol it supports. Webbrowsers support obviously http. Some do support other protocols, like ftp. But your postgres does not speak http. So you don't see anything. The port number is just telling over which channel the server is accessible. Any protocol can be routed over any port, but usually http can be reached over port 80. Your postgress over port 5432.
Related
I am currently developing a service application that pulls data from Mongo and returns it to consumers. There is a layer of authentication involved and I am using Heroku to host the service. Mongo was being hosted on MongoLabs, but there were some significant performance concerns and so we have moved to hosting Mongo on one of our cloud servers. We want to be able to secure access to Mongo using a firewall, white-listing the ip address of the service app on Heroku.
There are a couple of issues with this.
Issues
Well, at least these are main ones...
Heroku, while providing some nice features like easily managing cluster settings, s/w upgrades, etc., draws ip addresses from a pool. While the dns value of an application's url may not change, the underlying ip address can and will change.
to be better secured, mongo-server01 is placed behind a firewall that requires rules to be added using static ip addresses to allow access.
Since Heroku can't provide static ip addresses, we need to consider options for how Heroku can access mongo-server01 while still protecting the data it hosts.
Static IP addresses for outbound requests
There seem to be a couple of options, specifically for Heroku. Fixie and QuotaGuard Static both seem to serve that function, but these seem to be geared toward HTTP and HTTPS communication only (perhaps not even HTTPS).
Mongo doesn't use HTTP, it uses its own network protocol over port 27017, by default
https://groups.google.com/forum/embed/#!topic/mongodb-user/eX_RIv2cZVw
Does this mean these proxies won't work for calls to Mongo? In theory, there doesn't seem to be any reason that a proxy is only for HTTP or HTTPS requests. That being said, there doesn't seem to be any way to get in to these Heroku plugins and configure the proxy to use a different port or to handle Mongo's particular protocol.
If we could get into the proxy, perhaps we could put an additional set of ssh keys in place so the ssl tunnel chain could continue on to mongo-server01. But there doesn't see to be any way to ssh to these proxies or access configuration through the plugin dashboards.
The question (finally!)
How can one connect from Heroku to a firewalled host to get data from MongoDb? Are there proxies that can be used to achieve this?
The simple approach. Won't work because Heroku applications don't use static ip addresses.
Using a proxy. The Heroku proxy plugins don't know how to proxy mongodb protocol. Can't install ssh keys on proxy for ssh tunneling.
What can be done to get a connection without opening up the Mongo server to the world?
I spoke with the folks at QuotaGuard and they do have something that does the trick.
we offer a SOCKS proxy which should do the trick as it proxies at the TCP layer
https://devcenter.heroku.com/articles/quotaguardstatic#socks-proxy-setup
I did need to make a simple change to bin/qgsocksify
#SOCKS_DIR="$(dirname $(dirname $(readlink -f ${BASH_SOURCE[0]})))/vendor/dante
SOCKS_DIR="${HOME}/vendor/dante"
After that, the proxy worked like a charm.
The requests appear to be sent to the wrong host (not entirely sure which host they're being sent to as that response can be sent by 4 different servers).
Chrome returns the right JSON response:
Paw's NSURLConnection library too :
But the default Paw HTTP Library returns a 404 Not Found :
You have actually 2 local servers listening on port 8000, one listens only IPv6 connections (note: it's the default for PHP apps) and another one listening for IPv4 connections.
When you connect to "localhost" you don't specify which IP protocol you want to use, and it sounds like most clients (including Chrome, ASIHTTPRequest and NSURLConnection in Paw) choose to connect to the IPv6 first. Whereas the Paw HTTP Library chooses to connect to IPv4 (we made that choice as IPv4 is still widely used, and wanted to avoid bugs as much as possible).
So when you run your main web app specifying localhost:8000 the server (PHP in your case) actually listens to [::1]:8000 (which is the IPv6 equivalent to 127.0.0.1:8000), and I guess your other server listens to the actual IPv4 127.0.0.1:8000. Chrome and the other libraries connect to [::1]:8000 (IPv6) and get your main PHP application, whereas "Paw HTTP Library" connect to 127.0.0.1:8000 (IPv4) that hits your other server, which returns the 404 we can see in the video.
What you need to do is to specify the actual IP instead of localhost. Use http://[::1]:8000/plans to connect to your main app that listens for IPv6.
I do know that I can't have two programs listening to the same port, but I am wondering if it is possible to fake it somehow, for an example:
My machine has two applications, one listening to port 80 and the other to port 6653.
If I get an incoming connection, let's say mysite.com:80/chat then it would be forwarded internally to the application listening on port 6653 and the data returned from that server would be forwarded back to port 80 somehow.
The reason I want to accomplish this is because there are many firewalls that seem to block connections to ports other than 80.
I have a chat server that I want to run on port 80, perhaps I could get another IP and machine for that, but it feels like too much trouble for a single chat server.
Any helpful feedback would be appreciated. Thanks!
You can probably do this with mod_rewrite if you're running Apache. That link has plenty of examples, including what you want (I think).
EDIT: I see you've updated the tags to say "asp.net". I'm guessing that you're not running Apache, then. I'm sure there is a similar tool for IIS, or you can use a proxy server that does the same thing.
There is a module called URL Rewrite that you can install on Windows Server 2008 (and R2) that is functionally the same as Mod_Rewrite. Download it here: http://www.iis.net/download/URLRewrite
Just curious. When developing with Casini development server, one has an infinite number of ports. But, the production servers seem to give a particular importance to port 80.
Has that to do with a technical requirement, a convention, or both? I've checked the web but haven't been able to find a clear response so far.
Thanks for helping.
Many services have specifically-assigned ports This allows users to type, for example http://stackoverflow.com and get the website for SO, without needing to enter a port as well. This isn't a technical requirement; however, using a different port requires the user to know an extra piece of information, which must be entered into the URL every time.
When you connect to a server via TCP/IP you specify particular port you connect to. You do not connect to a server and hope that server guesses which port you would like to talk to.
So in most cases you tell browser to use protocol http, say "http://example.com/" then browser uses default port number assigned to that protocol (http) to connect to server "example.com". In this case port is 80. If for example you specify "https://example.com/" then browser looks for default port for https and then connects to port 443 instead.
So if you do not want to tell to every of your users to specify some non-default port for your service (say "http://example.com:60765/") you better use default one.
BTW there is a way to get port number your service listens to by it's protocol name (by asking a service's host's daemon at port 0) but this method seems to be rarely used (if at all).
See also other answers: default protocol numbers are assigned by IANA
It's a convention: you can use whatever port you feel like. You can look at the evolution of RFCs to see when the convention was official (http://www.faqs.org/rfcs/rfc1700.html)
You can see in the RFC 1060 (http://www.faqs.org/rfcs/rfc1060.html ) that it's the ISO Internet Protocol :)
In a production environment your web server is embedded in a server infrastructure (firewalls, proxies) protecting you against attacks from the internet. In such an environment port 80 is normally open for HTTP traffic. If you use this port there is no need to configure your server infrastructure.
We have a asp.net 3.5 web application running on a hosting company's web server that's got a very strict firewall setup. The web application communicates with our sql server express 2005 which is on a completely different network.
The problem is that the web applications sends our sql server a random port number to connect to when it connects to our sql server on port 1433. Hence the web application can not connect to our sql server because then they have to open a whole range off port numbers on the firewall which they are not prepared to do.
My question is the following. Can you specify either in your connection string or somewhere in your web.config the port the client sends to sql server to connect back to on?
Thanks
If I'm getting you right, you want to do something that goes against how TCP/IP port handling is supposed to work.
You want the web application to always use the same port when connecting to your SQL server? This would mean you can only have one connection open at any given time, and so only one user at any given time. The client is supposed to communicate with a server from a "random" port. It's the basics of networking. At least how I learned it.
I'm not sure you can even force it to use the same port every time, and even if you can I'd advice against it.
I'd say the problem is the firewall, and not your application. I can understand that the SQL server only wants to speak to the IP address that your site is on, but it shouldn't really care which port the client wants to talk over (something like [website-ip]:* -> [sql-ip]:1433). To me, it seems like who ever set up the firewall has some kind of crazy firewall ideas, but maybe that's just me.
Is it possible that your SQL Server Express is configured to listen on dynamic ports? If the 'TCP Dynamic Ports' value is 0, I think it will be dynamic even if you have a specific port configured. That value should be cleared completely.
You can specify port if you are using TCP/IP.
For ex:
Data Source=190.190.200.100,1433;Network Library=DBMSSOCN;Initial Catalog=myDataBase;User ID=myUsername;Password=myPassword;
where DBMSSOCN=TCP/IP