A GlassFish application hosted in a Google Cloud VM Instance is running in port 8080. I need to direct traffic of default port 80 to port 8080. What is the best way to achieve that?
I tried to set port 80 as GlassFish port, but failed as on Ubuntu we can't listen on a port lower than 1024.
You can use the Linux feature iptables to redirect traffic received on one port to a different port.
sudo iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
sudo iptables -I INPUT -p tcp --dport 8080 -j ACCEPT
/etc/init.d/iptables save
Double-check the documentation as you do not mention the version of Linux that you are running.
Create an instance group for your VM. Create a Load Balancer with that directs external port 80 traffic to port 8080 on your VM.
Related
I have deployed my web application via AWS EC2. I have made inbound rules as below.
Inbound Rules
I can now access through myIP:8080 but I get an error with myIP or myIP:80. The error message I get is: This site can’t be reached. refused to connect. Try: Checking the connection. Checking the proxy and the firewall. ERR_CONNECTION_REFUSED
What am I doing wrong in here?
I have managed to resolve the issue by port forwarding with the following command:
sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
I've create an test vm instance on gcp:
install apache2 and the service started success apache2 started
the firewall setup as default: firewall setup
the apache ports config: port config
external ip: external ip
it seems ok but I can not access via external ip as the document said https://cloud.google.com/community/tutorials/setting-up-lamp
Please give me some suggestions, thanks.
=================================
curl --head http://35.240.177.89/
curl: (7) Failed to connect to 35.240.177.89 port 80: Operation timed out
curl --head https://35.240.177.89/
curl: (7) Failed to connect to 35.240.177.89 port 443: Operation timed out
netstat -lntup:
result
Assuming that your Linux has dual stack enabled, the netstat with :::80 means that Apache2 is listening on both IPv4 and IPv6 port 80 for all network interfaces. You can check with the following command. A 0 value means that dual stack is enabled.
cat /proc/sys/net/ipv6/bindv6only
Given the above, then most likely your system does not have an iptables rule allowing port 80. Assuming Ubuntu 18.04 (modify for your distribution):
Backup the iptables rules:
sudo iptables-save > iptables.backup
Allow ingress port 80:
sudo iptables -I INPUT -p tcp --dport 80 -j ACCEPT
Optionally allow ingress port 443:
sudo iptables -I INPUT -p tcp --dport 443 -j ACCEPT
I have hosted my MEAN project over aws ec2 (mean bitnami hvm) instance. It is running on port 3000 and I am able to access my instance in the following way:
ec2-xx-xx-xx-xx.amazonaws.com:3000
I want to access the instance without the port number (3000), i.e.: ec2-xx-xx-xx-xx.amazonaws.com
How can I do this?
Run this port forward command on your EC2 instance.
sudo iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 3000
And your port 80 will be redirected to port 3000.
Run your application on port 80 instead of port 3000, or run a proxy (like nginx) that allows you to map ports and paths as needed.
I have a simple VPC on Amazon EC2 with two instances: an SFTP server, and a web server. I want to route incoming traffic from the internet on port 22 to the SFTP server and ports 80 and 443 to the web server.
I'm having trouble finding exactly how to do this. It's extremely simple with all hardware routers I've ever used.
Can anyone point me to documentation/examples/or just tell me how to do it?
Edit:
I wasn't clear that I want remote hosts to be able to make a request to a single IP address, but on different ports, and have different ports routed to different instances; I already have my security groups set so I can accept traffic to the public IP addresses of each instance.
Below are the steps you will need to follow to achieve your use case.
As you said both servers are in VPC you need to make sure they are
in a Public Subnet with a internet gateway attached to it.(This can
be achieved in Private subnet too but will become more complex
process for you) For more information check this
https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenario1.html
EC2 Server 1 for SFTP you need to open SSH port 22 in the security group by adding your IP address or open to world rule. Then you can SFTP using your preferred SFTP client.
EC2 Server 2 for port 80 and 443. you need to add two rules in the security group for your instance. Check below screenshot. Once that is done you will be able to route http traffic through port 80 and 443.
More information on security groups is here.
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html
About your Edit. You have to run a instance in front of both the instance.
Add a HTTP proxy to this new created instance. And then the port redirect should be achieved using IP Tables. Check this below IP tables config you need to add to that server. Let say your HTTP proxy server is Server 1. Port 22 server is Server 2 and Port 80 and 443 Server is Server 3. So Server 1 IP tables will have below rules.
#!/bin/sh
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -F
iptables -t nat -F
iptables -X
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination <Server3-IP>:80
iptables -t nat -A POSTROUTING -p tcp -d <Server3-IP> --dport 80 -j SNAT --to-source <Server1-IP>
iptables -t nat -A PREROUTING -p tcp --dport 22 -j DNAT --to-destination <Server2-IP>:80
iptables -t nat -A POSTROUTING -p tcp -d <Server2-IP> --dport 22 -j SNAT --to-source <Server1-IP>
iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination <Server3-IP>:80
iptables -t nat -A POSTROUTING -p tcp -d <Server3-IP> --dport 443 -j SNAT --to-source <Server1-IP>
As of today, Amazon Elastic Load Balancers have a new "Application Load Balancer" mode which supports routing requests to different EC2 instances based on things such as the HTTP path, and port.
To set this up, do the following:
Create a new ELB, using the new "Application Load Balancer" mode.
Create one target group for port 22.
Add your EC2 instances that will be the SSH targets to this target group.
Create another target group for ports 80 and 443.
Add your EC2 instances that will be the HTTP/HTTPs targets to this target group.
Using this system, SSH requests to the ELB will be forwarded to the SSH instance, and HTTP/HTTPs requests to the ELB will be forwarded to the web servers
I'm running Bitnami MEAN on an EC2 instance. I can host my app just fine on port 3000 or 8080. Currently if I don't specify a port I'm taken to the Bitnami MEAN homepage. I'd like to be able to access my app by directly from my EC2 public dns without specifying a port in the url. How can I accomplish this?
The simple way to do that is Port Forwarding by using below command:
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080
After logging into the AWS using putty by having private key & with username "bitnami". Type the above command & enter.
Then, you will automatically redirected to your application.
Note : I am assuming, you have already configure port 8080 to security group on AWS
You'll have to open port 80 on the server's firewall, and either run your server on port 80 or forward port 80 to port 8080. You'll need to lookup the instructions for doing that based on what version of Linux you are running, but it is probably going to be an iptables command.
You'll also need to open port 80 on the EC2 server's security group.