Web services authentication with remote IP - web-services

I’m developing a small application that interacts with a web service which authorizes access based on the client IP. When developing on my local machine at home, I am not allow to access the web service, unless I request an authorization for the random IP that i get from my ISP.
My question: Is there an easy way to get around this problem, since I cannot have a fixed IP at home? Proxy, vpn, etc... through a webserver with an authorized IP? How?
Thanks in advance :)

I assume this is your problem: You can only connect to remote_system from Authorized_IP system.
If you can ssh to Authorized_IP from your home PC, you can setup a ssh tunnel that forward connection to port 8080 of Authorized_IP to the port 80 of the remote_system with ssh command. If you run Linux on the Authorized_IP system, it is very simple. Windows is more complex with Cygwin sshd, it is possible.
http://www.google.com/search?q=ssh+tunnel

To answer your question directly: Dynamic DNS. For testing, point your web service at a hostname that your get from a dynamic DNS provider such as http://dyndns.org. Then download a tool that automatically updates your DNS entry with your dynamically assigned IP address.
But more to the point, why can't you just use your localhost (127.0.0.1) as your IP address for developing, debugging, testing?

Related

Accessing a dev server when doing remote / cloud development

I'm attempting to find a completely remote / cloud-based development workflow.
I've created an aws free-tier ec2 instance and on that box I've been developing a gatsby site (the framework doesn't matter, the solution I'm looking for should be framework agnostic). Since the code is on another box, I can't run the dev server and then from the local computer hit localhost as I would normally.
So,
What do I need to do so that I can run gatsby develop and hit my dev server that's hosted on the ec2 box?
How do I provide public access to that endpoint?
Is it possible to provide temporary access so that when I log off of the box, it's no longer accessible?
Is there some mechanism I can put into place so that I'm the only one that can hit that endpoint?
Are there other features that I should be taking advantage to secure that endpoint?
Thanks.
I can't run the dev server and then from the local computer hit localhost as I would normally
You can. You can use ssh to tunnel your remote port to your localhost, and access the server from your localhost.
What do I need to do so that I can run gatsby develop and hit my dev server that's hosted on the ec2 box?
ssh into the dev server, run gatsby develop and either access it on localhost through ssh tunnel or make it public to access through its public IP address.
Use sshfs to mount a development folder on the dev server onto your localhost.
Alternatively, you can setup vncserver on the dev server, tunnel vnc connection using ssh, and access the dev server using through a remove desktop. Something liteweight would be good, e.g. fluxbox as a desktop environment for vnc.
Is it possible to provide temporary access so that when I log off of the box, it's no longer accessible?
yes. through ssh tunnel. You close tunnel and the access is finished.
Is there some mechanism I can put into place so that I'm the only one that can hit that endpoint?
ssh tunnel along with security group to allow ssh for your IP address only.
Are there other features that I should be taking advantage to secure that endpoint?
Security groups and ssh tunneling would be primary choices to ensure secure access to the dev server.
You can also make the endpoint public, but set security group of your dev server to allow internet access only from your IP.
You could also put the dev server in a private subnet for full separation from the internet. Use bastion host to access it or setup double ssh tunnel to your localhost.
Other way is to do all development on localhost, push code to CodeCommit and have CodePipeline manage deployment of your code to your dev server using CodeDeploy.
You can also partially eliminate ssh by using SSM Session Manager.
Hope this helps.

How do I get my server Ip address for my websocket

I've created a server using c++ and crow that uses webSockets to communicate with the client (which is an ionic app). I've been do everything through localhost but now I want to deploy the webapp to my iphone and have it communicate with the server. How do I get the URL for the server for the client to use in it's websocket so it can talk to the server?
In most cases when you want to host it for production you would upload it to a hosting provider (e.g. Azure, AWS, Heroku...).
Once you set up a server with the hosting provider they will provide you with the IP address and/or a URL to connect to the hosted service which you can use in your application.
Well, if your server is like webhost,VPS,CLOUD,or dedicated server, it has static ip address which you can use in your client websocket as the address. Also, the better approach is to point a domain name to the ip address of the server (or host) so that your client can always find the server.
In case you are trying to connect it to your local machine behind a router or modem, then your server might be behind NAT. Find appropriate port-forwarding configuration for your router and forward incoming and outgoing TCP public ports to your local address. then use your public ip address for websocket address (what is my ip).
Also, in case your public ip address is dynamic and might change over time, there are services like noip.com that help you create a free domain and use it in your client which helps you find the right ip address all the time.

Connection getting refused to socket.io server on Amazon EC2

I have set up a a micro EC2 instance on AWS. Currently, I am using the free tier in Oregon. There are two problems which I am facing.
When I try to SSH the instance using the public DNS, it says host does not exist but when I try conencting it using the public IP, it connects to it. What setting is needed to use the public DNS ?
I have opened the SSH client using the IP address. I want to set up my application which needs Node.js and MongoDB. I installed Node.js using this
Next I installed MongoDB using this
Then I connected to my instance using Filezilla and uploaded my code to it. I then start my node application which uses socket.io.
When I try to connect to socket.io server using web browser, I get a message which says connection refused "error 111". I have opened TCP port 80 in instance's security groups. In iptables, I have forwarded port 80 to 8080, but still it does not work. I have also checked that the firewall is disabled in ec2. Kindly help me to resolve this issue.
Did you check if all of the necessary ports are open on Amazon Security Policy?
What you can do is to allow all traffic on Amazon Security Policy for test and see if the connection goes well or not.
You might also check if you need access DB from outside. In that case, you also have to open the mongodb port and setup mongodb correctly as well.
Other tools that might useful to test firewall and connection issue will be tcpdump and syslog file
For the dns issue, did you try to nslookup on that name and see if the IP shown matches your server IP?
As Amazon gives a long DNS hostname for the server, I always use my own domain name. It's much easier.
example : ec2.domainname.com, which points to the Amazon IP address
Hope that help.
My problem is resolved now..
For the DNS issue, earlier I needed proxy to access internet, so I guess the DNS name was not getting resolved. When I tried using proxy free internet, I was able to ssh using public DNS.
And regarding connection to socket.io, I used port 8080 instead of 80 and used "sudo node main.js" to run my node file. Now I am able to connect to the socket.io server and MongoDB.
Another thing which I want to ask is that would running the node file with sudo rights create some security issue ?
Thanks for the answer! That also worked for me. I had the same problem trying to connect through sockets (http://myipaddress:3000) to a node.js server, i tried opening ports on the actual ec2 instance and disabling the firewall through SSH but nothing worked. Had to go to Security Groups on the ec2 console and open a new inbound tcp rule enabling that port

WSO2 Enterprise Mobility Manager and Amazon EC2 Instance

I'm trying to install a WSO2 EMM server on Amazon EC2 Instance, but have a problem with it. EC2 instance have 2 IP addresses - one of them is internal Amazon address like 172.32.x.x, another is external real IP.
If I try to setup carbon.xml file with real IP (or domain), I have a problem with thrift server, which can't open port 10500 at a real IP. If I use internal IP running of server is fine, but in application I can't reach identity server (because it's a gray IP, of course).
I tried some tricks with using /etc/hosts file, for example, setup 0.0.0.0 as my domain. In this case server is running without errors, and a can see that port 10500 is open using netstat, but web application is not redirect to identity server.
May be there are any solutions of this problem?
I have to update EMM server to version 1.1.0 and all is working now.
Thanks all!
In the carbon.xml, change the HostName and MgtHostName to the real IP and start the server.
For example if the real IP is 172.32.x.x then HostName and MgtHostName in the carbon.xml should change to:
<HostName>172.32.x.x</HostName>
<MgtHostName>172.32.x.x</MgtHostName>

How do you host Django's dev server on an external IP?

Basically, my internal IP is masked by an external IP of my internet service provider. So, my internal IP can only be accessed inside my intranet. I want to let users outside the intranet to access my Dev server as well which is hosted on 0.0.0.0:8000 on my system. How do I do that?
Check out localtunnel on github, it does exactly what you're asking.
https://github.com/progrium/localtunnel
If you are willing to go that far you can use Reverse SSH Tunnel:
open a free micro linux instance on Amazon's AWS and create a reverse SSH tunnel to redirect port 80 on the server to your machine.
This is a cool solution for testing purposes and low traffic usage...
You can read more about it here:
http://www.techrepublic.com/article/setting-up-a-reverse-ssh-tunnel/5779944