I've a simple webserver bound on 0.0.0.0:3000 on my machine which works as intended on local networks. By local network I mean to say, if my mobile or any other device is on the same network, it can access local webserver by going to the IP assigned to my machine and adding port 3000 to it. Eg 192.168.1.4:3000.
Now I've to expose it to the internet but not through some sort of 3rd party application like ngrok, localtunnel or browserSync. I know that these applications work perfectly, but since I've my own pet project of controlling home appliances, I don't want to rely on availability of 3rd party services. So the current state is, I cannot control it through the internet. Keeping in mind I don't have a static IP otherwise this would've been easier.
I already have a vps and a domain name assigned to it. I can send my currently allocated ip address (since it is dynamic), by using getifaddrs, to my server and keep track of it. But how do I expose my local server to the internet through it? Those 3rd party applications assign some sort of subdomains to each exposed server, and I'll be able to assign subdomains too, but I'm still not getting any way to expose the local webserver. Any help would be appreciated, thankyou :)
Step one, you need to expose your webserver at your internet access router.
Typically this requires you to configure port forwarding for (in your case) port 3000.
With this done, any client could access your service via (current external dynamic ip):3000
Step two, you need to dynamically map a fixed DNS name to your current dynamic ip. There are of course third party services (such as DynDNS) that would help you map yourfavoritename.dyndns.org to that ever-changing ip address.
If you want to do the latter without 3rd party, you need to have some static (web) server somewhere and could proceed as follows:
Clients visit http://www.yourstaticserver.example/ and that server redirects them to (current dynamic ip):3000.
Of course, for this to happen, your static server needs to know the dynamic ip and needs no find out about changes to it.
To this end, you could have your internal server contact the static server on a regular interval (such as once a minute), say, have it access http://www.yourstaticserver.example/some-secret-special-page and the static server always stores the REMOTE_ADDR of such a request (preferably with some authorization!) for its future redirections.
Actually, there is a step zero before step one: Be aware that exposing your server to the Internet means that you expose your server to the Internet. So I hope you have invested enough thought into security.
Related
my plan of setup is to make the local database accessible to the local computers because of heavy manipulation of data and it needs a fast response, but at the same time, I wanted to access it via internet when I'm away from the local network. is this possible?
Currently Using MERN stack
I tried MLAB but the response of data is pretty slow
Thank you in advance
it looks like you're going down a dangerous path. MongoDB comes with local authentication and a standard 27017 port. To make it available online you need to
remove authentication (which is not on by default)
change or remove the bindIp option
ensure the port is not blocked by firewall
This can be done in the config file.
https://docs.mongodb.com/manual/reference/configuration-options/
However, what you really want to do, probably to create routes within express so that users can communicate with your mongo is a structured and safe manner. More information in this here http://mean.io/2017/10/31/getting-started-mean-io/
I am pondering the question of proper location of the SOLR server.
This is usually what we have today:
Server Side:
Node or RoR or IIS
Client:
Singe Page App or rendered by a server.
DB:
RDMBS - MsSQO, Postgre, MySQL or some other Relational database.
Thinking where to put a SOLR server. However I think, I am positive it should be not placed to be accessible from the internet, let alone accessible from the client. I think it should be behind main server, and the main server should send queries to SOLR and return to the client. Additionally, place SOLR behind the firewall and white list the server.
Is this good thinking or there is something else entirely that I am not seeing?
As the docs say:
First and foremost, Solr does not concern itself with security either at the document level or the communication level.
You are right: you should never have a publicly-visible Solr server for this reason. In our setup at work we have it firewalled so only our main webserver can access it (i.e. using whitelisting). As part of our API, requests for data therefore must go through the webserver, allowing us to authenticate users, as well as not give users free reign to execute whatever they want.
If you want to use the web client, you can always temporarily whitelist your IP and remove it afterwards. While it is possible for an attacker to spoof your IP and thus gain access, a hacker has to be very determined and explicitly targeting your application, has to know both the whitelisted IP and the Solr IP, and has to know all this for the short time it is whitelisted. Such a setup is therefore secure enough for your needs.
Using the windows host file located in
windows/system32/drivers/etc/host
Is it possible to respond a request from an application like when it is offline(not connected to the Internet)? Could you please give an example of this is done.
The hosts file only lists aliases for ip-addresses. For example:
192.168.0.1 foo bar foo.com bar.com
If that line is in the hosts file, then you can use the host-names foo, bar, foo.com and bar.com to reach the computer with ip-address 192.168.0.1.
If the computer, or the service you want to reach on that address, is not online, you can't reach it no matter what you have in your hosts file.
If you are willing to map your local development environment to a domain name, you can edit the domain name in hosts file and map it to 127.0.0.1, which is the loopback address.
That way, any requests done to that particular domain will fallback to your local machine.
You can also assign different LAN/WAN IP addresses.
When your development phase is done, you can remove the entry.
I would not recommend doing so, stick with the localhost and just make use of that to test virtualhosts setup or some sort of domain based configurations.
If there is anything else I can answer, please don't hesitate to post further comments on my answer.
If you mean to respond to HTTP requests then you need a Web Server configured to respond to any host (or that specific host name) on port 80. If you are not using it for anything else IIS can do this1 – configure it to return 404 (not found) or some other relatively neutral fail response.
1 If IIS is already being used then things get much harder, later versions of IIS are more flexible either with a combination of using HTTP.SYS to allow other applications to respond to certain URLs or using different Web Sites in IIS (until Windows 7, or maybe Vista, only available on Server editions of Windows).
I'm working with a third party webservice who requires that all calls to their service are made from whitelisted IP addresses. That is, I must give them IP addresses from which I will be making calls to their service.
Problem is I'm using Google Appengine. Is there any way to get a static IP address when making outgoing http requests from Appengine? Failing that - is there a block of IP addresses that all requests will come from? I could get the entire bloc whitelisted. If this exists, how likely is it to change?
I know I could setup a simple Amazon EC2 instance to use as a proxy (will ask another question for how to do this specifically) but just wanted to make sure there was no other way.
I had the same problem a couple of weeks ago connecting via Urlfetch from Google App Engine to the Stack Exchange API (The team has promptly fixed the problem whitelisting all the GAE IPs).
The range of IP addresses that urlfetch connections may come from, can be found by performing the following DNS lookup:
dig -t TXT _netblocks.google.com #ns1.google.com
Last I checked this wasn't possible. You can get the current IP address dynamically, but it isn't predictable.
Please note: _netblocks.google.com is apparently not accurate. Currently I have noticed that GAE connects from addresses not listed when you dig _netblocks, for example from 8.35.201.166.
This range is not listed in _netblocks, _netblocks2 or _netblocks3.
Current dig output:
ip4:216.239.32.0/19
ip4:64.233.160.0/19
ip4:66.249.80.0/20
ip4:72.14.192.0/18
ip4:209.85.128.0/17
ip4:66.102.0.0/20
ip4:74.125.0.0/16
ip4:64.18.0.0/20
ip4:207.126.144.0/20
ip4:173.194.0.0/16
I can't find the ip address without the aspx page (so on a linux server). If it can work through wcf then its also good.
I think your best bet is to let a web service return the IP address to the Silverlight client if you are able to use WCF in your application. I don't believe there is any straightforward way to get the client IP directly within Silverlight.
Just a simple web method like this should work:
[OperationContract]
public string GetClientIpAddress()
{
return HttpContext.Current.Request.UserHostAddress;
}
You might not be able to get the actual client IP address if the request is going through a proxy server, but you could check the HTTP_X_FORWARDED_FOR header as well and use that if available.
HttpContext.Current.Request.ServerVariables["HTTP_X_FORWARDED_FOR"];
I wouldn't depend on that as a reliable client IP address though, since not all proxy servers honor that HTTP header and it could also be easily spoofed.