Can someone explain why using a port is necessary when running things locally?
I assume the reason is because the same software could be run remotely and in that case specifying a port would be necessary.
When a database or server is running locally, do requests from a locally running web browser really "go through the port" specified?
Good question. In fact, there are local-only communication protocols, such as pipes and UNIX domain sockets that do not actually require port numbers to operate. This is because they refer to files or other identifiers that are only valid on the computer itself.
However, most servers are designed for TCP/IP connections. TCP/IP itself specifies a port number in the protocol. It is normally intended for remote use, but when a server that is used to TCP/IP runs "on local host", it must supply a port number to satisfy the TCP protocol.
Port numbers also enable multiple servers to coexist on a single computer, all running on different ports. For a protocol without port numbers, this is achieved by using different identifiers (e.g. a filesystem file) for each server.
Some servers can operate on both TCP/IP and local sockets. For example, MySQL can accept connections both through the usual TCP port, and also through a local socket (mysql.sock). Connecting through the local socket is reserved for local users only, and may be faster on some systems.
Sometimes You may have some other software installed in your computer that may use the same port. For instance Apache and IIS: imagine you set port 8080 to IIS as default, what about if you had previously installed Apache set port 8080 ?
Another example will be if you installed Mysql Workbench and days later install XAMPP you may have trouble with the ports if you don't change one instance's port different from 3306
This is why it is necessary to specify ports even though is locally.
Related
I've been searching high and low for a simple explanation for this. What configuration settings do I use to connect my Sonoff RF bridge to the Mosquitto server on my computer? I'm sure it's a configuration issue but most of the tutorials out there are for rPi. My skill level in this is basic and I'm sure it may be obvious to someone what's wrong.
I'm running Mosquitto on Windows 10 and have verified that the Mosquitto server is running using netstat -a (I can see the broker is listening at 0.0.0.0:1883.
I've installed Tasmota Eclipse on my Sonoff RF Bridge and have verified it is receiving signal from my door sensor by opening the UI in my browser and viewing the console. I've tried multiple host addresses in the configuration menu; localhost, 0.0.0.0, 10.0.0.1, however Tasmota only seems to connect when I leave the host field blank.
I've tried to use MQTTlens to verify that the broker is receiving messages on port 1883 and nothing seems to be coming through.
0.0.0.0 is a short hand to tell mosquitto to listen on all the available interfaces on the machine it is running on. It is meaningless to use it in the client configuration.
Likewise, localhost always means the same machine that the code making the request is running on, so in this case it would be the Sonoff device it's self.
It looks like 10.0.0.1 is the address of your local router, unless mosquitto is actually running on the router (it is very unlikely your windows machine is your router) this again is not going to be useful.
You need to use the IP address of the Windows machine that mosquitto is running on, this is going to start with 10.0.0. running ipconfig on the command line in windows is probably the quickest/simplest way to find that address.
I have a server and I am using Ubuntu 20.04, nginx , mosquitto and node-red and docker , let's call the website http://mywebsite.com. The problem that I am facing that I have created a client lets call it client1 in docker so the URL will be http://mywebsite.com/client1
and I want to establish an MQTT connection via mosquitto and I'm sending the data on topic test
The problem that on node red node of MQTT when I write the IP address of my mosquitto container it works
But if I change the IP address 192.144.0.5 with mywebsite.com/client1 I can't connect to mosquitto and I can't send or receive any form of data
any idea on how to solve this problem
OK, you are going to have several problems here.
You can not do path based proxying with MQTT. If you want to have multiple MQTT brokers (1 per client) bound to a single public facing domain/IP address then they are all going to have to run on separate ports (other than the default 1883).
Nginx can do MQTT protocol proxying (e.g. like this), so you can use this to expose the different ports and forward them to the separate instances of mosquitto, but even if you had a different hostname (all pointing at the same IP address) nginx has no way to know which host name was used because there is no equivalent to the HOST HTTP header to direct it. If you were to use MQTT with TLS then you may be able to get it to work with SNI, but I've never seen anybody do that yet (possible docs for SNI based routing here) It works, explanation about how to do it here.
If you use MQTT over Websockets then you should be able to use hostname based routing.
Path based proxying for Node-RED currently doesn't work properly if you enable admin authentication, because the admin auth tokens are currently stored in browser local storage and only scoped to the hostname, not the hostname + path. This will mean that a client will only ever be able to log into one instance at a time.
You can work round this by using host based proxying, e.g. http://client1.mywebsite.com
A fix for this is on the backlog for Node-RED, probably (no promises) to be looked at after version 1.2.0 ships
I have followed the instructions to setup the CitusData Single Cluster using Docker.
When I try to use this with Laravel then this does not work and this throws for Connection Refused.
Any idea to resolve this?
I do not have experience on Laravel, but here is an idea: Make sure that you are using the TCP socket and not the Unix domain socket.
The TCP port (5432 by default) is exposed on the container but not the Unix domain socket. When running the database and the application on the same instance, your application may be trying to use the Unix domain socket because:
it is slightly advantageous to use the Unix Domain Sockets as they do not need the three-way handshakes
and they are slightly faster because of this
I believe the way to creating a remote connection is by changing this line in conf/neo4j-server.properties, specifically by removing the comment and restarting the server.
org.neo4j.server.webserver.address=0.0.0.0
My URL is https://0.0.0.0:7473/browser/ and works on the local machine, but when I test the URL in Safari on iPhone over 3G, it cannot connect.
What do I set the address to in the properties file?
I thought it was the IP address of my computer, but after trying the remote address which I got from Googling “ip address mac” that didn’t work, nor did (obviously) the local IP address of my machine, 192.168.0.14
I should point out that setting it to the IP address from Google throws an error and the log reads:
2015-01-29 17:10:08.888+0000 INFO [API] Failed to start Neo Server on port [7474], reason [MultiException[java.net.BindException: Can't assign requested address, java.net.BindException: Can't assign requested address]]
With default configuration Neo4j only accepts local connections
In neo4j-community-3.1.0 edit conf/neo4j.conf file and uncomment the following to accept non-local connections
dbms.connectors.default_listen_address=0.0.0.0
By setting
org.neo4j.server.webserver.address=0.0.0.0
enables Neo4j on all network interfaces.
The remainder of that reply is not Neo4j related at all - it's regular networking. Double check if port 7473 (and/or 7474) are not blocked neither be a locally running firewall nor by your router. You local IP 192.168.0.14 indicates you're behind a router doing NAT. Therefore you have to setup a port forwarding in your router for the ports mentioned above.
Please be aware that this is potentially dangerous since everyone knowing your external IP can access your Neo4j instance. Consider using either https://github.com/neo4j-contrib/authentication-extension or use a VPN in favour of port forwarding.
in 3.0:
##### To have HTTP accept non-local connections, uncomment this line
dbms.connector.http.address=0.0.0.0:7474
Confused myself with the setting. Anyone who has the same problem, 0.0.0.0 just means “this server isn’t local any more” and so to access it you use the public IP address of the computer that’s hosting the Neo4j server.
Just make sure that the ports you set in the server properties (default are 7474 and 7473) are open for incoming connections on your router/firewall etc.
I think there's some confusion here. That configuration property org.neo4j.server.webserver.address is about which IP address the server you're starting listens on for external connections. Relevant documentation is here.
It seems you're asking how to configure your database to talk to a remote database. I don't think you can do that. Rather, by editing that file you're planning on running a database on the host where that file is. Your local database on that host will write files to wherever the org.neo4j.server.database.location configuration parameter points.
A remote connection is something that the neo4j shell might establish, or that you browser might make to a foreign server running neo4j; but you don't establish that sort of remote connection by editing that file. Hopefully this helps.
Also if you have ssh access to remote server with neo4j you can setup ssh tunnel to access it via localhost:
ssh -NfL localhost:7474:localhost:7474 -L localhost:7687:localhost:7687 yourname#yourhost
then type in browser:
localhost:7474
Depends on the version.
Look for the phrase 'non-local connections' in the conf file.(In my case, $NEO4J_HOME/conf/neo4j.conf)
Then follow the instructions in the comments.
In my case,
# With default configuration Neo4j only accepts local connections.
# To accept non-local connections, uncomment this line:
server.default_listen_address=0.0.0.0
We use Jenkins 1.504 on Windows.
We need to have Master and Slave in different sub-networks with firewall in between.
We can't have ANY to ANY port firewall rules, we must specify exact port numbers.
I know the port Master is listening on.
I also see that Slave opens connection to the Master from the arbitrary port dynamically assigned every run, and port on the Master side is also arbitrary.
I can fix Master's port by specifying it in Manage Jenkins > Configure Global Security > TCP port for JNLP slave agents).
How to fix Slave port?
UPDATE: Found Connection Mechanism described here: https://wiki.jenkins-ci.org/display/JENKINS/Jenkins+CLI#JenkinsCLI-Connectionmechanism
I think it might work for us, but still would be better to have fixed-2-fixed ports connection.
We had a similar situation, but in our case Infosec agreed to allow any to 1, so we didnt had to fix the slave port, rather fixing the master to high level JNLP port 49187 worked ("Configure Global Security" -> "TCP port for JNLP slave agents").
TCP
49187 - Fixed jnlp port
8080 - jenkins http port
Other ports needed to launch slave as a windows service
TCP
135
139
445
UDP
137
138
A slave isn't a server, it's a client type application. Network clients (almost) never use a specific port. Instead, they ask the OS for a random free port. This works much better since you usually run clients on many machines where the current configuration isn't known in advance. This prevents thousands of "client wouldn't start because port is already in use" bug reports every day.
You need to tell the security department that the slave isn't a server but a client which connects to the server and you absolutely need to have a rule which says client:ANY -> server:FIXED. The client port number should be >= 1024 (ports 1 to 1023 need special permissions) but I'm not sure if you actually gain anything by adding a rule for this - if an attacker can open privileged ports, they basically already own the machine.
If they argue, then ask them why they don't require the same rule for all the web browsers which people use in your company.
I have a similar scenario, and had no problem connecting after setting the JNLP port as you describe, and adding a single firewall rule allowing a connection on the server using that port. Granted it is a randomly selected client port going to a known server port (a host:ANY -> server:1 rule is needed).
From my reading of the source code, I don't see a way to set the local port to use when making the request from the slave. It's unfortunate, it would be a nice feature to have.
Alternatives:
Use a simple proxy on your client that listens on port N and then does forward all data to the actual Jenkins server on the remote host using a constant local port. Connect your slave to this local proxy instead of the real Jenkins server.
Create a custom Jenkins slave build that allows an option to specify the local port to use.
Remember also if you are using HTTPS via a self-signed certificate, you must alter the configuration jenkins-slave.xml file on the slave to specify the -noCertificateCheck option on the command line.