Basically, my internal IP is masked by an external IP of my internet service provider. So, my internal IP can only be accessed inside my intranet. I want to let users outside the intranet to access my Dev server as well which is hosted on 0.0.0.0:8000 on my system. How do I do that?
Check out localtunnel on github, it does exactly what you're asking.
https://github.com/progrium/localtunnel
If you are willing to go that far you can use Reverse SSH Tunnel:
open a free micro linux instance on Amazon's AWS and create a reverse SSH tunnel to redirect port 80 on the server to your machine.
This is a cool solution for testing purposes and low traffic usage...
You can read more about it here:
http://www.techrepublic.com/article/setting-up-a-reverse-ssh-tunnel/5779944
Related
I've got some questions about ip's from Digital Ocean and Google Cloud, I have little knowledge about IP's and networks, i have two apps, one is running on a DigitalOcean server (dropplet) and the other is running on a VM Instance of Google Cloud, i was trying to setup code-server on each server.
In the droplet of DigitalOcean I configure successfully code-server, when i was running the command code-server code server got online on the address: http://127.0.0.1:8080 so i couldn't get into the app 'cause it was the local IP of the droplet, so i couldn't write that IP on my browser for obvious reasons, doing a little research i found the flag --bind-addr for code-sever, then i tried this command: code-server --bind-addr=192.231.24.04:8080 (That IP is an IP example) and it works, i was able to access code server writing in my navigator http://192.231.24.04:8080 and also i can access with mydomain.com:8080
In Google Cloud i tried to do the same, but i couldn't, i configured succesfully code-server on the VM Instance, when i run code-server code server got online on the address: http://127.0.0.1:8080 (As in DigitalOcean) obviously, that's the local IP
of the VM Instance, then i proceeded to do the same thing that i did in DigitalOcean, use the ---bind-addr flag, so i wrote this on the console: code-server --bind-addr=104.652.18.64:8080 (That IP is an IP example) and the console put this: error listen EADDRNOTAVAIL: address not available 104.652.18.64:8080, I thought Google Cloud was blocking the port 8080, so i unlock it, but still wasn't working, doing a little research i found that i had to use the IP 0.0.0.0:8080, so i wrote this command: code-server --bind-addr=0.0.0.0:8080 and i tried to access on my browsing using http://104.652.18.64:8080 and it works... i don't know why, i also tried using myseconddomain.com:8080 and also works
So i don't know what's the difference, What does IP 0.0.0.0 mean?
I returned to DigitalOcean droplet and i tried to do the same, i wrote: code-server --bind-addr=0.0.0.0:8080 and in the digital ocean droplet says: error listen EADDRINUSE: address already in use 0.0.0.0:8080
So... what's the difference?
Why does DigitalOcean work in a way that Google Cloud does not work and Google Cloud works in a way that DigitalOcean does not work?
I appreciate your responses
Google Cloud's networking has a distinction between internal and external IP addresses. In particular, a GCE VM won't actually have an interface with the externally visible IP address. Instead, Google Cloud Networking will transparently route from the external IP address to the internal IP address, assuming such routing is allowed by the firewall for that port. Thus, when you tried to start code-server listening to the external IP address specifically, the VM didn't know what that was referring to, as the interface did not exist inside the VM.
Generally on a host (in the context of starting a service on a given interface), 0.0.0.0 refers to any/all of the IP addresses on the machine. In your case, it means that you have started code-server listening to the internal IP address, and since you have removed the 8080 block in the GCP firewall, GCP networking will route requests to the external address to the VM.
I am not certain about DigitalOcean, but I presume that they do not have a different internal and external IP address, and thus when you start code-server listening to the external IP address directly, it attaches to the correct address. The error you are getting when trying 0.0.0.0 indicates something else is already listening on port 8080. Check that you stopped all the prior code-server process first, as well as anything else that may be listening on 8080 on any IP already.
I'm attempting to find a completely remote / cloud-based development workflow.
I've created an aws free-tier ec2 instance and on that box I've been developing a gatsby site (the framework doesn't matter, the solution I'm looking for should be framework agnostic). Since the code is on another box, I can't run the dev server and then from the local computer hit localhost as I would normally.
So,
What do I need to do so that I can run gatsby develop and hit my dev server that's hosted on the ec2 box?
How do I provide public access to that endpoint?
Is it possible to provide temporary access so that when I log off of the box, it's no longer accessible?
Is there some mechanism I can put into place so that I'm the only one that can hit that endpoint?
Are there other features that I should be taking advantage to secure that endpoint?
Thanks.
I can't run the dev server and then from the local computer hit localhost as I would normally
You can. You can use ssh to tunnel your remote port to your localhost, and access the server from your localhost.
What do I need to do so that I can run gatsby develop and hit my dev server that's hosted on the ec2 box?
ssh into the dev server, run gatsby develop and either access it on localhost through ssh tunnel or make it public to access through its public IP address.
Use sshfs to mount a development folder on the dev server onto your localhost.
Alternatively, you can setup vncserver on the dev server, tunnel vnc connection using ssh, and access the dev server using through a remove desktop. Something liteweight would be good, e.g. fluxbox as a desktop environment for vnc.
Is it possible to provide temporary access so that when I log off of the box, it's no longer accessible?
yes. through ssh tunnel. You close tunnel and the access is finished.
Is there some mechanism I can put into place so that I'm the only one that can hit that endpoint?
ssh tunnel along with security group to allow ssh for your IP address only.
Are there other features that I should be taking advantage to secure that endpoint?
Security groups and ssh tunneling would be primary choices to ensure secure access to the dev server.
You can also make the endpoint public, but set security group of your dev server to allow internet access only from your IP.
You could also put the dev server in a private subnet for full separation from the internet. Use bastion host to access it or setup double ssh tunnel to your localhost.
Other way is to do all development on localhost, push code to CodeCommit and have CodePipeline manage deployment of your code to your dev server using CodeDeploy.
You can also partially eliminate ssh by using SSM Session Manager.
Hope this helps.
I am about to create a small web application which I might deploy to Swisscom PaaS as well.
This should be able to call a Rest API on a remote server.
Remote Server requires all incoming requests to be whitelisted by IP/domain.
Is it enough to whitelist *.scapp.io or myapp.scapp.io when myapp deployed on Swisscom PaaS should be able to access remote API or is it required to use a different domain/IP due to the nature how PaaS is setup and running?
You can find out the source IP of Swisscom Application Cloud Public offering with those commands:
$ cf ssh APP_NAME
$ curl ifconfig.co
194.209.246.112
# example for developer.swisscom.com
This IP doesn't resolve to any domain name. This IP may change / not yet stable. Since the beginning of Application Cloud (more than 3 years the IP didn't change). This is the outgoing IP to whitelist in remote app.
You raised a very good point about stable IP address pool. We consider that and will document the IPs when implemented.
I didn't find such guide or articles how to do it for ElasticSearch hosted on Windows server.
I have the EC2 amazon windows instance which running ElasticSearch server on port 9200, but I can't achieve it by _ec2_ip_adress:9200 outside the server.
I completely sure that all TCP ports are opened in amazon security group rules, I've turned off the firewall on the server as well.
So that is the problem in ElasticSearch configs.
Can someone help me with that?
Well but you know that then any body would be able to delete/create stuff in your index until you have shield.
If you really want to open it, also make sure that in windows firewall you opened port 9200.
So what i would do i would probably restrict in firewall on in Amazon access to this port for specific IPs (Actually in my project i am doing that :) )
There is one more thing to check on which IP is runned as soon as i remember ES will run on private IP. Look to network.host default is __local__. Try network.host: 0.0.0.0
I’m developing a small application that interacts with a web service which authorizes access based on the client IP. When developing on my local machine at home, I am not allow to access the web service, unless I request an authorization for the random IP that i get from my ISP.
My question: Is there an easy way to get around this problem, since I cannot have a fixed IP at home? Proxy, vpn, etc... through a webserver with an authorized IP? How?
Thanks in advance :)
I assume this is your problem: You can only connect to remote_system from Authorized_IP system.
If you can ssh to Authorized_IP from your home PC, you can setup a ssh tunnel that forward connection to port 8080 of Authorized_IP to the port 80 of the remote_system with ssh command. If you run Linux on the Authorized_IP system, it is very simple. Windows is more complex with Cygwin sshd, it is possible.
http://www.google.com/search?q=ssh+tunnel
To answer your question directly: Dynamic DNS. For testing, point your web service at a hostname that your get from a dynamic DNS provider such as http://dyndns.org. Then download a tool that automatically updates your DNS entry with your dynamically assigned IP address.
But more to the point, why can't you just use your localhost (127.0.0.1) as your IP address for developing, debugging, testing?