How generic of a PaaS is OpenShift Origin? From looking at the architecture overview, it seems very web-centric. Can I use OpenShift Origin to build a private cloud where I can run arbitrary apps, not just web-based apps?
As the title of my post indicates, my pressing question is whether it is possible to create an OpenShift app that can open a socket and ingest UDP traffic -- I don't need (and don't want) an haproxy for this app, and I don't want all the UDP traffic to first go through the node host's proxy.
Essentially, I'd like to know if I can deploy an app to a node, and have that app be able to receive UDP packets from an external-facing port on that node. Is this possible?
The RedHat docs, Configuring the Port Proxy, make me think this isn't possible:
applications listen for connections on the loopback interface. The node runs a proxy that listens on external-facing ports and forwards incoming requests to the appropriate application
I'm hoping there is a way around this restriction. Would a custom cartridge work?
As far as I know thats not possible at this time. However I would suggest asking the developers for Openshift origin on either the mailing lists or you could check on #openshift-dev on freenode.
Related
I am currently working on a multiplayer game that is meant to handle 20-50 player connections to a single game instance.
My current client connection model:
Client requests connection from server rest endpoint
Server creates 2 new sockets bound to random ports (1 tcp and 1 udp)
Client gets response and connects
I don't see anything glaringly wrong with this, but I am now questioning whether this is the general way that game server connections are done.
To explain further, I am in the process of learning how to use Kubernetes and Agones to deploy and manage app/game instances by wrapping them in Kubernetes pods. I am mostly working off of information found in the official guides (https://agones.dev/site/docs/getting-started/create-gameserver/) and associated github examples (https://github.com/googleforgames/agones/blob/release-1.15.0/examples).
For Agones, my understanding is that client connections are made via the port specified in "hostPort" in the "GameServer" yaml. I have previously deployed some instances with plain Kubernetes, using the "hostNetwork=true" option, which enables my above network model to work by allowing the game instance to bind directly to host ports and be exposed to the outside network. With Agones though, it seems that using this option is, at the very least, not encouraged (https://github.com/googleforgames/agones/issues/1389).
I'm certainly not an expert on networking, so please forgive my ignorance, but how are the client connections meant to be handled here if I'm only exposing one port? Is all the traffic multiplexed, or can I directly pass off connections somehow to other sockets/ports and have them automatically be exposed to the outside network?
Is all the traffic multiplexed, or can I directly pass off connections somehow to other sockets/ports and have them automatically be exposed to the outside network?
I would multiplex the traffic. It sounds like right now you are using the incoming port to determine "who is who". But you could also include that information in the packet flow to a shared port instead.
Can an Azure Web Job listen on a public TCP port (socket)
I am deploying a Web Application to Azure, and it has a long running Web Job that listens to a TCP port (a custom protocol is involved, so a raw socket is required)
The listener runs, but I want to send data from outside of Azure, from another on-prem machine.
The port is listening OK, it can open an incoming socket, but it is internal (10.0.X.X)
I suspect a public port like this is NOT possible, but I want to be 100% sure of that limitation, before I invest in an alternate solution.
FWIW, the protocol is for HL7
If it is not possible, would a point to point VPN into the Web Application be one option, to tunnel the connection from on-prem to the Web App?
Are there other approaches (maybe Azure Functions) that I should consider instead?
Indeed, you will not be able to listen on a public socket. See wiki for more details about the App Service sandbox.
I have tried it but doesn't work!
See the limitations:
https://github.com/projectkudu/kudu/wiki/Azure-Web-App-sandbox#network-endpoint-listening
But I could create a client application that can listen a non-http port.
Also, It is possible to host the TCPListener app in ServiceFabric. I could host my existing application (WCF Console host) as a GuestExecutable in ServiceFabric without any code changes. I would recommend to go for ServiceFabric..its scalable and very reliable service.
I am using Appache Tomcat to host webpages that can be accessed by authenticated users and a UDP socket has been opened on port 14550 in which devices sends a stream of communication messages. The system is working fine in the local network. I tried to host the this in Openshift and later found that Openshift does not allow external UDP communication. Now I am considering Amazon EC2 instance, new VM in Azure or in GCP. I would like to know that will there be any issue in using the sockets from my application. Thank you in advance.
No, on AWS EC2 everything is allowed, you just need to configure your Security Group to allow specific web traffic, UDP traffic can also be allowed their.
I was also looking for possible workaround for this issue, but it's quite easy irrespective of what platform language you are using to develop socket program on AWS EC2, as am using Node.js nginx in my case, this should work for all supporting platforms.
Configure Security Group
In the AWS console, open the EC2 tab.
Select the relevant region and click on Security Group.
You should have an default security group if you
have launched an Elastic Beanstalk instance in that region for your
app.
click on Actions button at top, and select Edit inbound rules.
here in Type column select All UDP, or you can set some Custom UDP
rule as well to listen at your socket port.
And there just enter port of your UDP server Ex: 2020.
And that's it!
Note: If something is not working, check the "Events" tab in the Beanstalk application / environments and find out what went wrong.
I want to develop an iPhone app with a simple IM feature. I am thinking about setting up an HTTP server on an iPhone. If the iPhone is using wifi and is behind a firewall, how can I make sure that other iPhone clients can connect to it?
It's not the firewall that will disturb the connection as much it is the NAT.
When you are connected through wireless router to connect the internet you are surfing via NAT. it means you dont really have an extenral IP but once you initiate connection the router will map your intenral IP to one of his externatl ports and for certain time window he will pass connections to you if he will get it to the right port.
That being said, there is no actual way of setting a server behind a NAT unless you can configure port forwarding in the router and internal static IP.
Hope i was clear enough, good luck
I do not really think that you need to get an HTPP server up and running on iPhone to make an application that can send and receive messages (IM). The idea of making one iPhone user to directly connect to one another does not seem right to me since the users will need to know IP addresses of one another to do that.
Interconnectivity between different users of the chat can be solved by making your application communicate via a dedicated TCP port. It is generally advisable to choose ports with a number higher than 1024 since those below are generally found on the list of so-called well-known ports and are used for Web (like port 80), FTP (port 21), SSH (22), DNS (53), etc., it will be the responsibility of the user to make sure the port used by your application is open on the firewall. In order to solve this problem you can actually use port 80 for communication if you find that the port you have selected is blocked. You can do this because you know that this port will not be blocked in most cases. Indeed Yahoo Messenger is reported to use this technique when the firewall blocks the port it uses for communication.
The port should be used by your application to connect to the Web-server that will actually store user credentials, perform authentication, message transmission, etc., and the server should reside on capable hardware to be able to support large number of simultaneous connections. I can suggest using either a VPS (like the one provided by Linode) or a cloud (like Amazon EC2, Google Application Engine, Rackspace).
I have an iPhone app which relies on connecting via the local network to a server running on a user's mac/pc.
The server is running an http service on port 8080
I already add exceptions to the default windows firewall, or the default mac firewall to ensure traffic is allowed to reach my app.
However the most common customer issue is that the iPhone can't communicate with the server.
Normally this is the network router blocking traffic - though sometimes the user is running their own firewall which blocks the traffic.
Is there a protocol which will let me say something to the effect of
'will all the firewalls on this network, please allow communication to <an ip> on <a port> if the traffic originates within this network?'
I have looked into upnp - but that seems to concentrate on opening a port to the outside world which I don't want to do.
suggestions?
thanks in advance.
No, there is no such way or protocol aside from UPnP. And I wouldn't recommend it anyway because in company networks it would cause all sorts of problems and security issues if this were possible.
I'd suggest that you set up a FAQ entry or installation section for your software where you describe this common issue and give details to the customers how they can detect and solve this problem.
In general, higher ports (above 8000 or 16000) are not blocked or firewalled. I would seriously consider allocating a random port in that range.
Also, consider to advertise your service with Bonjour. Using Bonjour has the nice side-effect that your iPhone app does not have to know the port number. It can simply browse the network for available servers. If there is just one then connect to that, otherwise present the user with a list to choose.
Is there any way to run the server on port 80? You're likely to encounter fewer issues on a standard port.