I have installed the api manager on a windows server 2008. The server has a LAN-IP and a Public-IP over NAT.
Example:
LAN-IP: 192.168.100.1
Public-IP over NAT: 10.0.0.10
I want to test the API Manager over the Public-IP, but the Server works only local with the LAN-IP. Has someone an idea, how can I get the api manager to work over the Public-IP? The Ports are open on the firewall.
THX
Please try out with the following configurations. Note to restart the server once done.
Set the HostName and MgtHostName in <%APIM_HOME%>/repository/conf/carbon.xml to the public IP address.
Set the bind-address parameter of the http and https s found in the <%APIM_HOME%>/repository/conf/axis2/axis2.xml file to the public IP.
Set the as below in the <%APIM_HOME$>/repository/conf/api-manager.xml file.
http://<-- Public-IP -- >:${http.nio.port},https://<-- Public-IP -- >:${https.nio.port}
Thanks,
Nuwan.
Related
I'm studying AWS.
But I have a problem that I cannot connect to my web server on my AWS instance
AWS instance is Windows Server 2012
this is my instance status
I want to connect my web server via public ip 52.78.47.142 outside the AWS instance
if I connect to the private ip 172.31.15.206 inside the instance, home page showed up.
But if I connect to the public ip 52.78.47.142 inside the AWS instance and outside the AWS instance, home page didn't show up both.
although I set a new rule for http protocol at port 80, it doens't work
any helps? thanks a lot...
open up tcp:80 port in the security group(Inbound) for the IP address of the machine from where your accessing the website( In this case your Desktop or Laptop IP address).
If you are trying to access the web server from another AWS Instance open the port for that particular Instance IP. For troubleshooting case you can open up All traffic and test it(Though this is not recommended)
I have created a VPC with public and private subnets on AWS. All app servers are in private subnets and all outbound requests have to be through an internet-facing NAT instance.
At the moment, our project requires the app servers to access a ftp server provided by a service provider.
I have tried several ways to manage that, but all no luck. What I have done was to open a port range, let's say (40000 - 60000) on both NAT and APP security groups, also standard ftp ports 20 - 21 as well.
The user authentication can be passed, but I could not list contents from app servers.
I am able to access the ftp server from NAT, not problem at all.
So what should I do to make it work?
#JohnRotenstein is absolutely correct that you should use Passive FTP if you can. If, like me, you're stuck with a client who insists that you use Active FTP because their FTP site that they want you to connect to has been running since 1990 and changing it now is completely unreasonable, then read on.
AWS's NAT servers don't support a machine in a private subnet connecting using Active FTP. Full stop. If you ask me, it's a bug, but if you ask AWS support they say it's an unsupported feature.
The solution we finally came up with (and it works) is to:
Add an Elastic Network Interface (ENI) in a public subnet on to your EC2 instance in the private subnet
So now your EC2 instance has 2 network adapters, 2 internal IPs, etc.
Let's call this new ENI your "public ENI"
Attach a dedicated elastic IP to your new public ENI
Let's assume you get 54.54.54.54 and the new public ENI's internal IP address is 10.1.1.10
Add a route in your operating system's networking configuration to only use the new public ENI
In windows, the command will look like this, assuming the evil active ftp server you're trying to connect to is at 8.1.1.1:
route add 8.1.1.1 mask 255.255.255.254 10.1.1.1 metric 2
This adds a route for all traffic to the FTP server at 8.1.1.1 using subnet mask 255.255.255.254 (ie. this IP and only this IP) should go to the internet gateway 10.1.1.1 using ethernet adapter 2 (your second NIC)
Fed up yet? Yeah, me too, but now comes the hard part. The OS doesn't know it's public IP address for the public EIN. So you need to teach your FTP client to send the PORT command with the public IP. For example if using CURL, use the --ftp-port command like so:
curl -v --ftp-port 54.54.54.54 ftp://8.1.1.1 --user myusername:mypass
And voila! You can now connect to a nightmare active FTP site from an EC2 machine that is (almost entirely) in a private subnet.
Try using Passive (PASV) mode on FTP.
From Slacksite: Active FTP vs. Passive FTP, a Definitive Explanation:
In active mode FTP the client connects from a random unprivileged port (N > 1023) to the FTP server's command port, port 21. Then, the client starts listening to port N+1 and sends the FTP command PORT N+1 to the FTP server. The server will then connect back to the client's specified data port from its local data port, which is port 20.
Thus, the traffic is trying to communicate on an additional port that is not passed through the NAT. Passive mode, instead, creates an outbound connection, which will then be permitted through the NAT
I have set up a a micro EC2 instance on AWS. Currently, I am using the free tier in Oregon. There are two problems which I am facing.
When I try to SSH the instance using the public DNS, it says host does not exist but when I try conencting it using the public IP, it connects to it. What setting is needed to use the public DNS ?
I have opened the SSH client using the IP address. I want to set up my application which needs Node.js and MongoDB. I installed Node.js using this
Next I installed MongoDB using this
Then I connected to my instance using Filezilla and uploaded my code to it. I then start my node application which uses socket.io.
When I try to connect to socket.io server using web browser, I get a message which says connection refused "error 111". I have opened TCP port 80 in instance's security groups. In iptables, I have forwarded port 80 to 8080, but still it does not work. I have also checked that the firewall is disabled in ec2. Kindly help me to resolve this issue.
Did you check if all of the necessary ports are open on Amazon Security Policy?
What you can do is to allow all traffic on Amazon Security Policy for test and see if the connection goes well or not.
You might also check if you need access DB from outside. In that case, you also have to open the mongodb port and setup mongodb correctly as well.
Other tools that might useful to test firewall and connection issue will be tcpdump and syslog file
For the dns issue, did you try to nslookup on that name and see if the IP shown matches your server IP?
As Amazon gives a long DNS hostname for the server, I always use my own domain name. It's much easier.
example : ec2.domainname.com, which points to the Amazon IP address
Hope that help.
My problem is resolved now..
For the DNS issue, earlier I needed proxy to access internet, so I guess the DNS name was not getting resolved. When I tried using proxy free internet, I was able to ssh using public DNS.
And regarding connection to socket.io, I used port 8080 instead of 80 and used "sudo node main.js" to run my node file. Now I am able to connect to the socket.io server and MongoDB.
Another thing which I want to ask is that would running the node file with sudo rights create some security issue ?
Thanks for the answer! That also worked for me. I had the same problem trying to connect through sockets (http://myipaddress:3000) to a node.js server, i tried opening ports on the actual ec2 instance and disabling the firewall through SSH but nothing worked. Had to go to Security Groups on the ec2 console and open a new inbound tcp rule enabling that port
I'm trying to install a WSO2 EMM server on Amazon EC2 Instance, but have a problem with it. EC2 instance have 2 IP addresses - one of them is internal Amazon address like 172.32.x.x, another is external real IP.
If I try to setup carbon.xml file with real IP (or domain), I have a problem with thrift server, which can't open port 10500 at a real IP. If I use internal IP running of server is fine, but in application I can't reach identity server (because it's a gray IP, of course).
I tried some tricks with using /etc/hosts file, for example, setup 0.0.0.0 as my domain. In this case server is running without errors, and a can see that port 10500 is open using netstat, but web application is not redirect to identity server.
May be there are any solutions of this problem?
I have to update EMM server to version 1.1.0 and all is working now.
Thanks all!
In the carbon.xml, change the HostName and MgtHostName to the real IP and start the server.
For example if the real IP is 172.32.x.x then HostName and MgtHostName in the carbon.xml should change to:
<HostName>172.32.x.x</HostName>
<MgtHostName>172.32.x.x</MgtHostName>
I want to monitor my ESB using Jconsole and JMX. I can connect to JMX server from the localhost but for connecting from remote machine to my esb I can establish the connection.
I use WSO2 ESB 4.6 and this my JMX configuration in carbon.xml file.
<JMX>
<!--The port RMI registry is exposed-->
<RMIRegistryPort>9999</RMIRegistryPort>
<!--The port RMI server should be exposed-->
<RMIServerPort>11111</RMIServerPort>
</JMX>
I found the problem, my rmi service was running on the host ip which was "127.0.0.1". To connect remotely to the jvm I had to bind the external ip to the hostname. To do this in unix systems use command hostname to get the name of the hostname. Then check the ip that is assigned to the hostname, to find out this use ping $(hostname) you will see that system is pinging the hosname's ip.
If your host ip was the default 127.0.0.1 and you wanted to change it, just edit the file /etc/hosts as superuser. After rebooting the rmi service, you can reach it from the remote machine.
Have a look at wso2carbon.log, you will find an entry like INFO {org.wso2.carbon.core.init.JMXServerManager} - JMX Service URL : service:jmx:rmi://localhost:11111/jndi/rmi://localhost:9999/jmxrmi {org.wso2.carbon.core.init.JMXServerManager}
Use given URL to connect to the carbon server from a remote JMX client (JVisualVM for example) and don't forget to define security credentials (default Username / Password is admin / admin)