Is it possible to make requests for example with Savon through something like ssh-tunnel. I can run this stuff from my stage server whose IP is whitelisted in the service I'm sending requests to. But of course I want to do the development on my computer :P so is there any option to do that? I've already tried savon's proxy: option in many combinations such as
proxy: "http://name:password#my_stage_server.com"
etc. I'm using Ruby on Rails.
SSH tunnels are the way to go. They are easy to set up, use this in one terminal session:
ssh -L 8080:servicehost:80 myuser#stagingserver
Once established, leave it open. It'll open port 8080 on your localhost as a tunnel to the TCP service at host:443. Point savon to http://localhost:8080/some/url/to/service to access the service running on http://servicehost/some/url/to/service.
If you need this frequently, it's convenient to add it to your ssh config file, which is located at ~/.ssh/config. It's a plain text file, the example above would look like this:
Host staging
HostName hostname.domain
LocalForward 8080 servicehost:80
User myuser
With this configuration you can open the tunnel by simply issuing ssh staging. There are more options you could set, please refer to the MAN page for details.
Hostname resolution
Keep in mind that the hostname servicehost must be resolvable from your staging server, not your development machine. You can use IP addresses, too.
Related
I have ssh'd into my rasberry pi and built a rails application.
Now how do I load the rails app from another machine?
I have tried IP:port in a web browser, but this fails.
Can I use ssh from a web browser to load the rails server process?
Are there gems I need to install to do this?
Is there any good documentation that I have missed?
SOLUTION
use ngrok to tunnel https://medium.com/#karimbutt/using-ngrok-to-create-a-publicly-accessible-web-facing-raspberry-pi-server-35deef8c816a#.sraso7zar
Maybe the problem is with the IP address you're trying to use. Servers don't necessarily forward their public IP traffic to localhost automatically.
Perhaps you could configure the IP address somehow, I don't know (others might?). Alternatively, you have a use a "local tunnel" service like ngrok or localtunnel. What these do is create a public URL for your localhost (i.e. your "loopback" address), so anyone can access it.
I spoke with a Ngrok author via email. He ensured me that I shouldn't need to expect any downtime from the service or to have to manually restart it. Although keep in mind that if you're on the free plan, whenever you restart Ngrok you're going to get a different URL. He also described it as kind of like a "souped up SSH -R"
I just set up JIRA on my ec2 instance after installing it via .bin installer file. But when I hit the ec2 url:
ec2-xxxxx.xxxxx.amazonaws.com
It is hitting the test success page for apache2 which I installed after JIRA installation.
How do I get to determine the correct URL for JIRA and hit the JIRA app?
Thanks
JIRA defaut http port is 8080. So you need access it via
ec2-xxxxx.xxxxx.amazonaws.com:8080
if you are not following the detault setting, then you need make sure which port are set by this document Changing JIRA's TCP Ports
You may need open the firewall port 8080 and set in one security group which you assign port 22 to be opened. Otherwise, you can't directly access that port.
Apart from the previous answer you may wish to ensure the following:
Your AWS EC2 Instance security group have the port opened
Your AWS VPC ACL allows TCP traffic on this port
Your VPC have an internet gateway
Your VPC have the routes configured
Your Apache proxy is configured to point to the Tomcat port
Your Tomcat is configured
You have enabled port allocation using setcap utility
Your local machine firewall enables the connection (in Red Hat ipconfig is enabled by default and blocks the connections)
As you can see it may be tricky to install Jira on AWS. It may be a good idea to use a deployment service like Deploy4Me to do this quickly.
I am running standalone neo4j database server at localhost:7474 on a linode instance.
Is there any way to view this in the browser?
If you have SSH access to the Linode instance then you can run ssh -L 7474:localhost:7474 youruser#123.123.123.123 which will tunnel the remote port 7474 to localhost 7474. In your browser you can now use http://localhost:7474 to see the remote server without opening anything to the world.
You want what's called a "reverse proxy". Outside of your box, you can't talk about localhost:7474 as a hostname. So you want an external facing web server that "proxies" requests and sends them to localhost:7474.
One such option is Apache mod_proxy used as a reverse proxy. Examples on how to use it are behind the link. In general it's going to boil down to a configuration directive that looks something like:
ProxyPassReverse /neo4j http://localhost:7474
You also really want to read the documentation on securing the neo4j server.
WARNING - neo4j's web interface will let you do just about anything without authentication, including delete all of your data, change it, put new data in, and so on. It is a very bad idea to expose that functionality to the entire internet. So if you use a reverse proxy as suggested above, make sure you add some authentication layer (again you can do this with apache and mod_proxy) to permit just any random person from connecting to your instance and optionally deciding to trash it.
I am using Foreman specifing port 3000. How can I access my application by writting myapp.local in the browser instead of typing 0.0.0.0:3000?
I have added:
0.0.0.0 myapp.local
But when doing myapp.local it defaults to the default localhost for Apache, not the Rails app.
Short answer: You can't.
The host table is meant to map hostnames to IP addresses (Wiki). Ports come in at a different point.
However, you can specify the port Foreman should run on:
-p, --port
Specify which port to use as the base for this application. Should be a multiple of 1000.
I don't know the Foreman but as you connect to it with your browser than I assume it talks via HTTP. If so you can use proxy settings to point to that host:port. Try FoxyProxy. It's more like a workaround rather than a real solution but it should work (as far as it's not HTTPS)
If you're using Linux than another way is to use LD_PRELOAD to overwrite connect glibc function. It's quite low level hack but it's not so complicated.
Another way in Linux would be to make netfilter rule (iptables) to NAT the connection. It's not nice either as you'll need root level change to achieve simple thing.
I am running a Ruby on Rails application on Heroku and my database is in someother place where it will be accessed with certain whitelisted IP's only but since heroku doesn't provide dynamic IP's I thought of using proximo.
Please help me how to connect to remote database with proximo from heroku.
We had a difficult time achieving this (we ended up whitelisting every domain)
IP's
The problem is Dyno's are hosted on AWS' EC2 cloud - meaning they aren't actually Heroku's servers. This causes a lot of problems, as the IPs are all shrouded & change:
Because the Heroku dyno grid is dynamic in nature, the IP address that
a given dyno will be assigned over time will be both dynamic and
unpredictable. This dynamic sourcing of outbound traffic can make it
difficult to integrate with APIs or make connections through firewalls
that require IP-based whitelisting
After seeing the proximo addon, you may be able to achieve what you need using a static IP
Proximo
According to the proximo tutorial on Heroku's site, you should be able to install the add-on & receive your outbound IP relatively simply:
$ heroku addons:add proximo:development
Adding proximo to sharp-mountain-4005⦠done, v18 ($5/mo)
Your static IP address is 127.0.0.1
You should then be able to use this on your db host - to allow the IP
No ruby database adapters natively support proxy connections so for database access you need to proxy your calls via a SOCKS proxy. A SOCKS wrapper script to do this is available as part of our QuotaGuard Static Heroku add-on.
You configure this by prepending the call to the wrapper script in your Procfile so should work with minimal integration.
web: bin/qgsocksify bundle exec unicorn -p $PORT -c ./config/unicorn.rb
By default this wrapper routes all outbound TCP traffic via the proxy but there is additional configuration available to limit this to just your database traffic.
A workaround is to whitelist all IP adresses from your SQL database provider admin interface:
You can do this by whitelisting 0.0.0.0/0. (In Google Cloud SQL, you can do this under "authorized networks")
If you do so, it is highly recommended to configure your connection to use SSL and to only allow SSL connections to your database.
You can configure NGINX as your reverse proxy to allow your Heroku app to connect to the IP address(which is your NGINX server and whitelisted), the reverse proxy will connect to the DB.
https://stackoverflow.com/a/27874505/1345865
http://blog.talenox.com/post/107675614745/how-to-setup-static-ip-on-heroku