I installed Grafana using the instructions on the website on a server we have. When I curl http://localhost:3000/ from this specific machine I got a response back. The same if I curl http://ip-address-of-grafana-machine:3000/
However, when I try to curl the http://ip-address-of-grafana-machine:3000/ from another machine on the same network I got a connection timeout. I tried everything I found online but I still have a problem.
All ports are accessible within the network for the machine where Grafana is installed according to our IT services.
The machine does not have a firewall installed. I enabled/disabled ufw manually. When enabled I allowed port 3000 but still no luck.
I believe that the problem has to do with something pretty basic related to ports but I cannot figure out as I am not a network expert. This makes me believe that Grafana is accessible by default from the machine it is installed and if you need to access it from another machine you need to make some changes.
I also played with all the configuration properties in the [server] section of the /etc/grafana/grafana.ini but I had no luck.
Am I missing something very basic knowledge here?
I solved this using Apache reverse proxy. Firstly, I added the following into my 000-default.conf found under /etc/apache2/sites-enabled/
ServerName http://ip-address-of-grafana-machine
RewriteEngine on
RewriteRule ^/?$ /grafana/ [R=permanent,L]
<Location "/grafana">
ProxyPass http://localhost:3000
</Location>
ProxyPassReverse /grafana http://localhost:3000
I had to enable the reverse proxy modules in Apache to make it work (remember t restart Apache to load these). If not, Apache wouldn't start.
sudo a2enmod proxy
sudo a2enmod proxy_http
sudo systemctl restart apache2
As, I wanted to access the grafana UI through the address http://ip-address-of-grafana-machine/grafana (that's why I have the /grafana path in the 000-default.conf) I set the grafana.ini parameter root_url found under /etc/grafana to root_url = http://ip-address-of-grafana-machine:3000/grafana (remember to remove the ; at the beginning and make sure you put the port number).
If firewalld is enabled you need to enable port 3000: https://docs.fedoraproject.org/en-US/quick-docs/firewalld/#opening-ports-firewalld-fedora
Related
We have a server running apache2 that is hosting a number of websites and applications. We have a dockerized Flask application (served with Gunicorn) that we would like to deploy on the server and have Apache direct traffic to it. Basically https://oneofoursites.com/flask_app redirects to the port Docker is exposing for the Flask app. Right now, the site works fine if you navigate to https://oneofoursites.com:4000/.
I first attempted something like this in a apache.conf under sites-available:
ProxyPass /flask_app http://127.0.0.1:4000/ connectiontimeout=3600 timeout=3600
ProxyPassReverse /flask_app http://127.0.0.1:4000/
<Location /flask_app >
Require all granted
</Location>
The flask app is now available at https://oneofoursites.com/flask_app, but none of the links work.
The flask documentation was slightly helpful, but not close enough to my case. I cannot seem to get Flask to pick up the environment variables (since it is inside a Docker container), so couldn't get it to reform the headers itself. I looked into mod_wsgi, but am unsure how to deploy it (inside the Docker container and Apache won't run it; outside the container how do I get it to redirect to the Flask app?). Most guides I am finding are recommending Nginx, so perhaps I need to deploy Nginx (either in the existing Flask container or a separate one with docker-compose)? Would it then act as a suitable go between for Apache and the Flask app?
You need to set the env-variable SCRIPT_NAME to your url-path when starting gunicorn.
In your case something like
gunicorn -e SCRIPT_NAME=/flask_app --bind 127.0.0.1:4000 app:app
I'm trying to setup a ASP.NET Core 3.1 web applcation on a Rasberry Pi 4 running CentOS7 for ARM64. The setup seems to be a bit complicated when using ARM64 arch. I want the application to be run inside a docker container since I have issues running dotnet directly and also to push updated images to a self-hosted docker registry.
I'm using apache2 (httpd) as a reverse proxy to the application and the registry. I'm unable to proxy to the docker container running the web application through localhost port mapping which I'm able to do with the registry container. Furthermore, I can access the container with through 192.168.0.11:8080 which makes this even more weird.
When I try to proxy th ASP.NET Core through localhost application, it seems that the redirection fails and returns "503 Service Unavailable". The VirtualHost for the applcation is listed below
<VirtualHost *:443>
RequestHeader set X-Forwarded-Proto https
ServerName example.com
ProxyPreservehost On
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
#cert stuff removed
</VirtualHost>
and the command I use to start the container is as follows
docker run -d -p 8080:80 registry.example.com/aspnetcore_app:latest
I can succesfully proxy to the container IP address however this approach seems to complicate the SSL encryption setup from apache. Although I'm not 100% sure about this. What is really confusing is that, atleast from my understadning, I should be able to acces the container through localhost:8080 when the docker container is started with -p 8080:80 as the port mapping works just fine for my self-hosted registry.
The problem seems to be faily common as I found multiple posts with the same command to fix the issue. By running the following command
/usr/sbin/setsebool httpd_can_network_connect 1
I'm able to proxy to http://localhost:8080 as I couldn't before. What I find fairly confusing is how I was able to proxy to http://localhost:8443 before I ran the command but only localhost:8080 after the command...
I am able to block sites fine when I install squid proxy onto my Ec2 and proxy with the EC2 IP address and default port. When I dockerized the process I can no longer deny any sites even with https_access deny all . Is there something special I am missing form my squid.conf or perhaps my dockerfile? I see all traffic go through my access.log but I am unable to block anything. Thanks in advance.
I'm new to docker and my question is similar to:
My websites running in docker containers, how to implement virtual host?
But I don't actually need to host multiple sites with different virtual hosts. I just need to get the server to respond to a particular virtual host name, eg: myhost.mysite.com
Right now the site works fine via IP but won't respond when I use the host name. Since I only have the one site/hostname do I have to setup a proxy as described in the question?
I've tried adding a -h 'myhost.mysite.com' to my docker run command but that didn't seem to make any difference.
PS. hostname DNS does correctly resolve to the IP address of the docker server.
That really depends on the web server running inside the container.
Apache: use ServerName and possibly ServerAlias
Nginx: use server_name
Django: use ALLOWED_HOSTS
Really, Docker doesn't need to know. The HTTP server software needs to know.
The question you linked to deals with multiple sites, which is why a proxy was needed. If you are only running one site, a proxy is not necessary (at least, not for this purpose). Just let Docker listen on port 80 and/or 443 itself, and let the server software running inside decide what hostname(s) are valid for the site.
We have the standard Debian installation of Jenkins (winstone only, no tomcat or apache involved), which we are running with --prefix=/jenkins and on port 80.
Now when I access http://my.server/ I get a 404 page. Can I convince Winstone somehow to redirect that to the correct address http://my.server/jenkins/?
EDIT: I know I could install Apache, and use the following Rewrite Rule to get what I want:
RewriteEngine On
RewriteRule ^/*$ https://jenkins.corp.mobile.de/jenkins/ [R]
My question is how to do this in Winstone.
The typical way to do what you want is to run Jenkins in some high port, like 8080 with --prefix=/jenkins and then run something like Apache or Nginx in port 80 configured to reverse proxy /jenkins to http://localhost:8080/jenkins
For Apache, you could add something like this to Apache's config file:
ProxyPass /jenkins http://localhost:8080/jenkins
ProxyPassReverse /jenkins http://localhost:8080/jenkins
ProxyRequests Off
# Allow direct access to Jenkins only from localhost i.e. Apache
<Proxy http://localhost:8080/jenkins*>
Order deny,allow
Allow from 127.0.0.1
</Proxy>
You should tune the access controls in the directive according to where you want to accept connections to Jenkins.
The trick which worked for me was described here. Shortly, execute the following commands:
sudo service jenkins stop
sudo rm -rf /tmp/*
sudo service jenkins start
The proper way to do that is to go on your DNS provider and change the redirection for
http://my.server/
at present it should point to your home directory, called /
you should chnage it to /jenkins
I personnaly like to define subdomains for webapps such as http://jenkins.my.server/ and keep www.myserver for other purpose.
This can be also achieve within your DNS provider configuration