I successfully deployed k8s pod with service of type NodePort in microk8s cluster. Now when I enable UFW and try to deny incoming traffic to the exposed port 31001 using command ufw deny 31001 , UFW still allows traffic to port 31001.
What should I do in UFW to allow and deny traffic to port 31001 ?
Even if there is no entry in UFW for port 31001, I get a successful response from port 31001.
Please help.
Related
For my project i configured the postgresql and pgadmin4 .. but now i want to make the website secure with proper DNS name and run over port 443. DNS is also done but how to make it run over 443 from 80. ie., from http to https. i made changes in httpd.conf file and added certificates required too. but website is not loading ,still the website is opening on http:// ip address but not on https://
I tried making changes in configuration file too
LL be Much thankful.
how to configure pgadmi4 on port 443 https
I have PostgreSQL running on Ubuntu Server and I want to make remote connection with PostgreSQL running on port 5432.
I've checked if I can ping the public IP of ubuntu server from my machine and that works fine.
Next I've changed two files on ubuntu server first I've changed postgresql.conf which looks as below
#------------------------------------------------------------------------------
# CONNECTIONS AND AUTHENTICATION
#------------------------------------------------------------------------------
# - Connection Settings -
listen_addresses = '*' # what IP address(es) to listen on;
# comma-separated list of addresses;
# defaults to 'localhost'; use '*' for all
# (change requires restart)
port = 5432 # (change requires restart)
Next I've added two lines in pg_hba.conf as below
host all all 0.0.0.0/0 trust
host all all ::/0 trust
Finally I checked if firewall is running by running sudo ufw verbose which outputted inactive.
As per my understanding I've allowed PostgreSQL to accept remote connection and firewall is also not present hence nothing is blocking. Still I get the following error.
psycopg2.OperationalError: connection to server at "XXX.XXX.XXX.XXX", port 5432 failed: Connection timed out (0x0000274C/10060)
Is the server running on that host and accepting TCP/IP connections?
How can I fix this error?
Edit
Although I can ping and ssh to the Ubuntu server using public IP but can not telnet.
I checked if port 5432 is open using this link but it turned out to be closed.
I'm trying to connect to a local rados GW listening to port 1234
when I configure fs.s3a.connection.ssl.enabled to false it connects to 80 (http)
And when its true (or not set) it connects to 443 (https)
How can I change the port to connect to a different port?
Is there a flink configuration that I can use (beside configure core-site.xml)
I'm working on flink 1.11.2
I'm using s3.endpoint and point it to http://<machine>:<port>. (Use fs.s3a.endpoint when you use both s3 plugins)
I'm running GAE dev server within a Vagrant guest precise64 box with the following network setup (in my Vagrantfile):
Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
config.vm.network :forwarded_port, guest: 8080, host: 9090
end
Which does its thing:
[default] Forwarding ports...
[default] -- 8080 => 9090 (adapter 1)
I start my App Engine server with:
goapp serve
or
dev_appserver.py myappfolder
This starts app engine dev server as expected:
INFO 2013-11-22 dispatcher.py] Starting module running at: http://localhost:8080
In all cases, I'm able to ssh in to the Vagrant guest and curl localhost:8080 successfully.
Unfortunately, from the host I'm unable to get a response from localhost:9090 when running GAE dev web server. Additionally, I've made sure that I don't have anything interfering with the port 9090 on the host machine. Also, I'm almost positive this isn't related to Vagrant as I spun up a quick node.js web server on 8080 and was able to reach it from the host. What am I missing?!!!
You must run the Google App Engine Go dev web server on 0.0.0.0 when leveraging Vagrant port forwarding. Like so:
goapp serve -host=0.0.0.0
See the answers here for more info on ensuring the guest web server is not bound to 127.0.0.1 which is loopback. Web servers that bind to 127.0.0.1 (like App Engine Go dev web server does) by default should be overridden to use 0.0.0.0.
I have an apache2/httpd install on centos fronting a tomcat instance and I want it to trust all client certificates.
How should I go about it?
There is no such thing as 'SSL Passthrough' with Apache since Apache needs to handle the SSL negotiation. Things I may think of are
Do not use Apache but perform TCP forwarding, using a NAT rule for instance (/sbin/iptables -I PREROUTING -t nat -p tcp -d test.server.ip --dport 443 -j DNAT --to :8443). If you have two IP addresses assigned to the machine, your NAT rule can redirect based on the destination IP.
You could configure a virtual host in Apache dedicated to test where you set SSLVerifyClientto none. This Virtual Host has a reverse proxy rule mapping directly to the non SSL http port of your Tomcat instance, or maps to the HTTP/S port and then you set the SSLProxyMachineCertificateFile with certs that Apache can present to authenticate to Tomcat