Restrict Jetty to accept requests from a whitelist of hosts - jetty

I intend to run a Jetty server (for generating PDF files with PDFreactor) on a dedicated (virtual) machine; I don't want to have it on my webserver.
According to the PDFreactor documentation, the Jetty server must run on localhost to be usable by the Python API; but a port and host can be given to the PDFreactor constructor, and apparently the restriction to listen to localhost only can be lifted.
Can Jetty be configured to accept requests from some whitelist of hosts only, or is it preferable to put it in a VirtualHost and let apache httpd do the work?

Related

Can server host different domain in same port?

I am trying to understand how to host different apps in server, so can server host different domain in same port.
For example, I have domain1 and domain2 both hosted at port 443. Can this be done?
I am doing this in IIS server.
A single web IIS server can host different domain in same port. However, in order IIS to distribute HTTP requests correctly, each website has to be identified with some unique value. In case of an IIS website, it consists of three attributes that make up a unique combination for each website. These are:
a TCP port number
an IP address
a host header (host name)
The information about the hosted websites is stored in the ServerBindings attribute of the IIS metabase in the following format: IP:Port:Hostname. Thus, if you want to host multiple websites on the same port and IP address, you will have to use a unique Host header. What is it? Host header is a part of an HTTP request to the server sent by a client that specifies which website it is addressed to. Accordingly, this host header must be specified on the side of the web server, and the DNS contains the correct record that matches the hostname and the IP address of the IIS web server.
Let’s suppose that you have a website running on IIS and listening 443 port. And you need to bind second website to the same port. In the IIS Manager, create another website with the name TestSite, which files will be located in c:\inetpub\TestSite (do not specify the hostname yet). After you click OK, a warning appears that you cannot use the binding *:443 for both sites.
The binding '*:443:' is assigned to another site. If you assign the same binding to this site, you will only be able to start one of the sites. Are you sure that you want to add this duplicate binding?
Agree to this warning. So you have got another site bound to port 443, you cannot start it without stopping the first site.

AWS host new version of web app on another port?

We have an new version of php web app listening to port 80.
I am wondering if it is possible to host the new version on another port, with no code modification, while keep the old version listening to port 80.
For example, if the user visits the page www.example.com, then it goes to the old version, and if the user visits the page www.example.com:8080 then it goes to the new version.
Maybe I can achieve this with route53? or maybe I have to alter the apache configuration?
Thanks.
The way to achieve this is by tweaking the Apache configuration as you suggested, to force Apache to fetch your content from another DocumentRoot when the 8080 listener is triggered.
Route53 will not help here as a DNS system only resolves name to IP Address, and do not deal with multiple ports for the same IP address.
You can use Apache's VirtualHost to configure multiple listener. You can even have different PHP versions per host ports, as per Running two PHP versions on the same server

Make available online a localhost web application

I have built a basic web application using html, css and php (it is a library with query, modify etc. capabilities). I have built the databases containing the books information, subscribers information etc. with phpMyAdmin from Wamp server. On localhost (C:\wamp\www) everything works ok (I can add, modify, make queries etc.).
Now I would like to make this web application available online, but I have no idea how this can be done. The access to the database must be also available online (for search, queries etc. from the databases).
Can somebody support me?
The access to your database can be local since the php files that use yourdatabase run in the same machine.
You only need to accept online access to your apache server, if it's not accessible yet, and have no firewall active. In this case you should be able to connect to your server by ip. And you'll need a domain and a dns server if you want not having to write the public IP to connect.
You need a public IP address or routing the outside web traffic to your own web server.
Most routers have an advanced section called IP/Port Forwarding: find yours. If you don’t have this, I’m afraid you cannot be reachable by the outside.
Besides that, find your private IP with:
C:\>ipconfig
take note of the IP address: that’s your private address, which uniquely identifies you in your local network. 
In httpd.conf change:
ServerName localhost:80
With:
ServerName <private IP>:80
Also find this line:
Require local
And change it to:
Require all granted
Restart your web server. Find out what’s your current public IP address (the public address of your router: https://www.whatismyip.com ) and visit:
http://<public IP>:<port>/
Or, in case you have not changed the default http port (80) just visit:
http://<public IP>/

Rails - How can I remove the :3000 from the URL in rails thin server?

I have binded my rails thin server to a local IP. which I have given the domain name as project1. But when I am changing the hostname to project1 sometimes it goes to project1:3000. How can I remove the :3000 from the URL?
Web standards are:
http is port 80.
https is port 443.
When you go to http://stackoverflow.com, it is the same as http://stackoverflow.com:80 or https://www.google.com is the same as https://www.google.com:443
So, the :3000 at the end of the url is the port where your development server is pointing, this is normal behavior for web development. All modern frameworks will serve up the development site on a different port, 3000 being the most common. This is done for a lot of reasons, two good ones are.
Don't need to change any permission to run on port 3000, like you do if you want to run on 80, and you don't need to us an ssl certificate if you run on 443.
You can tell when you are in development.
You are trying to do something you shouldn't. If you haven't used the correct helper methods to build your links in rails you could run into some issue.
Now that you know why you shouldn't do it. You can just change the port in the rails server command like this rails server -b THEIPYOUWANTTOUSE -p 80. You will have to have the correct permissions.
First of all.You need proxy server, because rails have their app server lika thin, puma, rack and you need server that will accept requests to your IP (nginx, apache) and give them to rails server. There is a lot of guides how to deploy rails app in production mode. Try this guide or this one . This will help you run your application in production mode.

Restrict RESTful endpoint on tomcat to local webapp

Is there a mechanism built into Tomcat or Apache to differentiate between a local web application calling a local web service vs a direct call to a webservice?
For example, a single server has both apache and tomcat servers with a front end web app deployed to apache and back end services deployed on tomcat. The webapp can call the service via port 80 utilizing mod_proxy, however a direct call to the webservice and examining tomcaat's logs shows the requests to both be identical. For example:
http://127.0.0.1/admin/tools
<Location /admin/tools>
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
</Location>
ProxyPass /admin/tools http://localhost:8080/admin/tools
ProxyPassReverse /admin/tools http://localhost:8080/admin/tools
This only blocks (or allows if you remove the deny) all external requests and both requests appear identical in tomcat's log.
Is there a recommended mechanism to differentiate and limit a direct remote service request vs the web application making a service request?
You need to use Tomcat's Remote IP Filter to extract the client IP provided by the proxy in the X-Forwarded-For HTTP header and use it to populate Tomcat's internal data structures. Then you will be able to correctly identify the source of the request.