I remotely hosted the Realm Server on AWS and I got it to run and I am able to connect to the Realm Dashboard, but I'm not sure how to connect to the Realm Object Server using the Realm Browser App.
I was able to find the admin access token but since the server is remotely hosted what would the Server URL be? The Realm website tutorial provided us with realm://127.0.0.1:9080, but that's only for when the Realm Server is locally hosted.
You have to replace the localhost IP (in our examples, that is listed as 127.0.0.1) with the hostname or IP address of your EC2 machine. Please note that the numbers/addresses below are made up. They are just to serve as an example.
Typically, this will be something of the form 198.51.100.38, giving you the root URL: realm://192.51.100.38:9080. To this, you obviously have to append the path of the Realm file that you are trying to access.
Alternatively, you should be able to use the EC2 hostname, if you prefer that. Your EC2 hostname should look something like ec2-198-51-100-38.compute-1.amazonaws.com. You should check your EC2 dashboard for more information to get these proper values.
More information:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-instance-addressing.html
Related
I deployed flask application in GCP compute engine. It is exposed at 5000 port. When I tried to do curl from vm, curl "localhost:5000/health", I am getting response "service up". But when I tried accessing through public IP, I am not able to access. I have created network firewall rule allowing both http & https traffic and for all the ports and for all IP (0.0.0.0/0).
Please let me know, if I am missing anything here.
Posting this answer based on the solution that was provided by #Rakesh.
Issue got resolved by changing the local host in the flask code to 0.0.0.0.
So the final configuration looks as follows:
app.run(host='0.0.0.0',debug=True,port=5000)
I have configured a Hashicorp Vault server on a EC2 instance. When trying to use postman to test transit secret engine API I keep getting a error connection refused on postman, I went full ape mode and opened all ports on the security group inbound rule and it didn't work, I attached an elastic IP to the instance and didnt work either, im just trying with a simple GET and I just keep getting the same connectionrefused error.
When I use cUrl on the ssh connected session i have no issues though. The specified hosted adress is 127.0.0.1:8200, in postman I replaced that localhost with the public adress of the instance that i obviously censored in the screencap, in the headers theres the token needed to access vault, for simplicity I was just using the root token.
Postman screecap if it helps
#Emilio Marchant
I have faced similar issue (not with postman, but with telnet), Let's try to understand problem here.
The issue is with 127.0.0.1 IP. This is loopback IP and When you (or your computer) call an IP address, you are usually trying to contact another computer on the internet. However, if you call the IP address 127.0.0.1 then you are communicating with the localhost – in principle, with your own computer.
Reference link : https://www.ionos.com/digitalguide/server/know-how/localhost/
What you can try is below.
Start vault dev server with --dev-listen-address parameter.
Eg:
vault server -dev -dev-listen-address="123.456.789.1:8200"
in above command replace '123.456.789.1:8200' with '<your ec2 instance private IP : 8200'>
Next set VAULT_ADDR and VAULT_TOKEN parameter as below
export VAULT_ADDR='http://123.456.789.1:8200'
export VAULT_TOKEN='*****************'
Again replace 'http://123.456.789.1:8200' with 'http://[Your ec2 instance private IP]:8200'
For Vault_token : you should get a root token in console, when you start vault server , use that token
Now try to connect from postman or using curl command. It should work.
Reference question and solution :
How to connect to remote hashicorp vault server
The notable thing here is that the response is "connection refused". This error means that the connection is getting established and it found that there are no processes running on that port. This error means that there is no issue with firewall. A firewall will cause the connection to either drop (reject) or timeout (ignore), but won't give "Econnrefused".
The most likely issue is that the vault server process is not bound to the correct network interface. There must be a configuration in hashicorp-vault to setup the IP on which to bind. Most servers, by default, bind only on loopback address which is accessible only from 127.0.0.1. You need to bind it to "all" network interfaces by changing that to 0.0.0.0. I am not aware of the specific configuration option of hashicorp vault, but there has to be something to this effect.
Possible security issue:
Note that some servers expect you to run it behind a reverse proxy so that you can setup SSL (https) and other authentication if needed. Applications like vault servers should not be publicly accessible on http without SSL.
I have an AWS EC2 instance set up running my back-end, and it's able to communicate with my front-end (locally), but not with front-end deployed (on Netlify).
Is it necessary to create a domain name for my EC2 instance so I can use SSL? There's no point to have a domain name to my back end since it's just there for the API calls.
How do I use SSL for my backend server without a domain name? Every video and blog I've found requires a domain name. If anyone can point me to the right resource, would appreciate it.
You can enable SSL on an EC2 instance without a domain using a combination of Caddy and nip.io.
nip.io is allows you to map any IP Address to a hostname without the need to edit a hosts file or create rules in DNS management.
Caddy is a powerful open source web server with automatic HTTPS.
Install Caddy on your server
Create a Caddyfile and add your config (this config will forward all requests to port 8000)
<EC2 Public IP>.nip.io {
reverse_proxy localhost:8000
}
Start Caddy using the command caddy start
You should now be able to access your server over https://<IP>.nip.io
I wrote an in-depth article on the setup here: Configure HTTPS on AWS EC2 without a Custom Domain
Sadly yes to use SSL-certificates you need to have a valid DNS name so it can process it when you are calling it, anyways if what you want to encrypt is the info you could just use your own encryption method and send the data encrypted to frontend, then use something like crypto.js to use it once decrypted, but the best practice would be giving the backend it's own DNS, that way if at some point the API grows to the point it can be used by others for business you can have them point at something named (and also you don't need to deal with the whole manual encryption/decryption).
I've launched a new EC2 instance, Parse Server powered by Bitnami (HVM)
After installation, The "Analytics" and "App Settings" are missing.
Also, there is no login screen. Anyone who has the IP address can just access the console and change everything.
What have I done wrong? It is a new App, so I don't have the need to migrate an old Parse DB.
You have 2 options here.
Either setup a server side password protection from apache side check this guide. https://www.digitalocean.com/community/tutorials/how-to-set-up-password-authentication-with-apache-on-ubuntu-14-04
Second option is in security group for your EC2 instance for just set this below rule so only you can check the dashboard from your local machine with your IP address also make sure HTTP is not having a rule 0.0.0.0/32 in the security group.
For setting Analytics and App Setting check this guide https://wiki.bitnami.com/Applications/Bitnami_Parse_Server
I need to give the root URL for my ec2 server, can someone please give me the syntax of the root URL of a general ec2 server? (Just so I know what syntax to give my specific web server details in). I tried this one:
http://ec2-**-**-**-**.eu-west-1.compute.amazonaws.com/
but it doesn't work, flash builder says that it is invalid, but it works in a browser so I can't see how it can be.
To answer your question, assuming what you mean is what is the general syntax for an EC2 server DNS name?
It's
ec2-<external-ip-with-dashes-instead-of-dots>.<region>.compute.amazonaws.com
so yes:
ec2-**-**-**-**.eu-west-1.compute.amazonaws.com
is correct for the eu-west-1 region.
Now it looks like you have another problem, either you are not allowing port 80 on your security group associated with the instance or you are just not running anything on port 80. i.e. apache, nginx, etc.