I have configured neo4j in a local machine and it can be easily accessed via LAN (with its IP address like 192.168.22.25:7474).
Now I would like to access the neo4j remotely eg. from my home via web proxy.
What I have tried?
I have changed the dbms.connector.http.address=0.0.0.0:7474 in neo4j.conf file.
In server( IP of server 123.123.123.123) machine I have also added ProxyPass and ProxyPassReverse as follow:
ProxyPass /browser *192.168.22.25:7474/browser
ProxyPassReverse /browser *192.168.22.25:7474/browser
(*could not add http:// here since I could not post two links)
I can access the neo4j remotely like
http://123.123.123.123/browser
but when I tried to login then it does not work further.
Any suggestion is appreciated.
Thanks a lot in advance.
Shrestha
Related
I am running standalone neo4j database server at localhost:7474 on a linode instance.
Is there any way to view this in the browser?
If you have SSH access to the Linode instance then you can run ssh -L 7474:localhost:7474 youruser#123.123.123.123 which will tunnel the remote port 7474 to localhost 7474. In your browser you can now use http://localhost:7474 to see the remote server without opening anything to the world.
You want what's called a "reverse proxy". Outside of your box, you can't talk about localhost:7474 as a hostname. So you want an external facing web server that "proxies" requests and sends them to localhost:7474.
One such option is Apache mod_proxy used as a reverse proxy. Examples on how to use it are behind the link. In general it's going to boil down to a configuration directive that looks something like:
ProxyPassReverse /neo4j http://localhost:7474
You also really want to read the documentation on securing the neo4j server.
WARNING - neo4j's web interface will let you do just about anything without authentication, including delete all of your data, change it, put new data in, and so on. It is a very bad idea to expose that functionality to the entire internet. So if you use a reverse proxy as suggested above, make sure you add some authentication layer (again you can do this with apache and mod_proxy) to permit just any random person from connecting to your instance and optionally deciding to trash it.
I have a setup of the following:
Proxy server: https://proxy-server.com
application server: https://app-server.com
and a CAS (sso) server: https://sso-server.com
I can get the following working:
https://proxy-server.com/cas/login?service=https://app-server.com/app
But the problem for this URL is it exposes the actual app-server, which is behind the proxy server.
Ideally, I want the following:
https://proxy-server.com/cas/login?service=https://proxy-server.com/app
My question is:
Is there a way to hide (use post, encrypt targetService part, callback on proxy side, or...) the app-server.com in the URL? since I have a proxy server in front, I don't want to expose the actual app server name.
thanks
If you're running something like Apache mod_proxy on https://proxy-server.com then you should be able to hide your app behind it. Based on your example it looks like you're already doing that with your cas server since your stated your cas login url as https://proxy-server.com/cas/login
Following the same idea your app can be reached using https://proxy-server.com/app
ProxyPass /cas https://sso-server.com/cas
ProxyPassReverse /cas https://sso-server.com/cas
ProxyPass /app https://app-server.com/app
ProxyPassReverse /app https://app-server.com/app
You'd probably have to modify your serviceUrls so they are relate to proxy-server.com
ProxyPass And ProxyPassReverse Configuration
Proxy HOW-TO
I've searched the web, but I can only find information on sharing code between multiple sites and on separating the database to isolated models. This is not what I want.
I want to run a single rails server, with a single DNS address and a single port - http://myportal.com - that will handle several other sites - http://myportal.com/site1, http://myportal.com/site2 etc.
I want each site to have it's own folder(and SCM repository), it's own database, it's own routing - it's own everything. That is - I want to be able to develop each site as a standalone - that means I need to be able to run site1 site as http://localhost:3000 and not http://localhost:3000/site1.
On the server, the root site(the one that responds to the http://myportal.com address should be the one I run the server from, and it should know the absolute paths of the other sites(which will be in different directories on the server, not in child directories of the root site) and provide routing information for them - but it should also chain to the other sites routes.rb files. That means that if I go to address http://myportal.com/site1/books/ the root site should handle http://myportal.com/site1, and site1 should handle /books/. The root site should not need to know about the other sites' internal routing structures.
Is this possible? Right now I'm running the rails server that comes with the gem(rails server from the command line) on a Windows Server 2008 server, but I'm willing to install another server if that's what needed to accomplish the goal I described.
Thanks in advance!
You should be able to do this with Apache or nginx and possibly IIS if configured correctly. I'm most familiar with Apache and the flexible mod_rewrite and mod_proxy components that can facilitate this.
The idea is you rewrite http://example.com/ to be http://example.com:3000/ and http://example.com/site2 as http://example.com:3001/site2 and so forth.
It's also possible to do this with Passenger and some clever use of the VirtualHost directive, but you may have to fiddle to get a configuration that works for you. Remember that rewriting the headers to route internally has no effect on the resulting HTML your servers emit.
Create a symlink:
cd ~/Sites
ln -s /Users/hg/Developer/Rails/railsproj1/public ./railsproj1
modify apache config file
<VirtualHost *:80>
ServerName localhost
DocumentRoot /Users/hg/Sites
<Directory /Users/hg/Sites>
AllowOverride All
Options Indexes FollowSymLinks MultiViews
Order allow,deny
Allow from all
</Directory>
RailsBaseURI /railsproj1
RailsEnv development
</VirtualHost>
Answer source: http://collab.stat.ucla.edu/users/jose/weblog/9e335/
I have a dedicated machine I use for testing. At the moment it's running a Rails (2.3) app over Apache and Passenger. I would also like to simultaneously serve a Flask application using the same machine and a different url if possible. Here's what I currently have for my httpd.conf file:
<VirtualHost *:80>
DocumentRoot /path/to/rails-app/public
PassengerDefaultUser railsuser
RailsEnv testing
# .. some misc apache config
</VirtualHost>
How should I modify it to serve two different urls (on a local network) with one serving the Rails app and the other serving Flask? Thanks.
In your OP, you're setting the handling for the default url.
For your second virtual web server, just use a specific host name in the config that is a second host name for the same machine. This is called "name-based" virtual hosting. See wikipedia.
Remember that multiple hostnames can resolve to the same IP address.
You can use the full dns system if you want, just specify your local network address (192.168.xxx) -- the url will not work for machines not on your local network.
More info will be available at the webmasters SO site.
A post with instructions
Is there some way to secure an ffserver webcam stream using Apache / HTTP Authentication? Some type of Apache proxy perhaps?
Right now I have it so only machines on the LAN can view the http://webcam/stream.mjpg, but I want people from the outside to be able to access it if they provide a username / pw (HTTP Auth, which isn't built into ffserver).
Thanks!
For anyone else looking for the solution, I found it:
Use proxy.conf (apache mod-proxy) with directives such as the following:
ProxyPass |external path| http://internal_lan_ip/internal_path
One of mine that works is:
ProxyPass /proxy/matt.mjpg http://192.168.1.10:8090/matt.mjpg
So externally they are going to:
http://myserver.com/proxy/matt.mjpg
And the stream (matt.mjpg) is coming from a different host on the LAN at
http://192.168.1.10:8090/matt.mjpg.
Thus, myserver.com is a "proxy.com" for internal LAN hosts.