I have a private Windows server running a Spring Boot jar file and I can access it via the IP address. I have a few websites available which I am able to access via the IP address and filters. (Note that this is running on port 54654 as I have other WEB APIs as well). I have a new domain registered online and I would like to access the server by the domain name which would redirect to my server address.
But the issue is, the browser shows the IP address instead of the domain name. I tried forward with masking but it is not working as I expected (it puts the site inside an iFrame and I cannot access browser properties etc). I want to access my site like www.abc.com and it should not change to <host-ip-address>:<port>. I understand the issue is from server side and do not know how to make it remain in the domain name. I tried a new entry with hosts.txt file but it does not seem to work.
I have searched for solution online for hours and could not find a specific solution for Spring Boot and changing VirtualHost settings in tomcat is not clear to me in this case. Is there any settings for this in application.properties file?
So this is the summary of things I learnt from this requirement. Thank you #PiotrP.Karwasz for your extended support.
You can run your server in any port but the domain name provider can only point to the default port (80)
If you change your forwarding setting AFTER you have edited your A record, your domain will be moved to Parked state (Parked is when your domain is shown as "taken" to others who visit it and it will not point to your A record's IP address). In such case, you have to modify your A record again.
You can use nginx to configure reroute from http port (80) to any port your server runs in. My nginx configuration:
server {
listen 80;
server_name <my-site>.com;
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_pass "http://127.0.0.1:<my-port>";
}
}
Domain name changes will take time to reflect in DNS (24-48 hours) and you can check it by clearing cache or by incognito window (private browsing).
Related
Currently I am hosting WAR with tomcat.
However, I find that if we host web by port 18080,
just like http://my-server-site:18080/welcome
the page can show successfully.
However, if i just type :
http://my-server-site/welcome
it said cannot find directory '/welcome'.
Anyone have idea why looks weird?
Thanks
Not weird at all...
If you do not specify a port, it will default to 80 for HTTP and 443 for HTTPS. I guess you have another web server (apache?) running on the same host that give you the error you see.
If you are expecting to see the same page on the default port, you will need to configure your web server as a proxy. ProxyPass for apache and proxy_pass for nginx.
We are using grpc spring boot starter on our Java application service in order to establish a connection to another 'server' service, so I define in the application.properties the following address:
grpc.client.name.address=static://service-name:port
When tried to connect it I got the following error message:
StatusRuntimeException: UNAVAILABLE: io exception
So I know for sure I have a connectivity issue. On the documentation it says regarding the static scheme:
A simple static list of IPs (both v4 and v6), that can be use connect to the server
So I guess this is not what I need to use. It seems the best option in my case is using the discovery scheme, but it doesn't contains any port...
What is the right scheme configuration I need to use to set the server address?
Wanted to share the resolution for this very annoying issue for those who will encounter the same problem in the future like I did.
So first, the scheme needs to be set indeed of dns type, like the following: grpc.client._name_.address=dns:///<service-name>:26502
but this alone is not enough. (at least in my case) The server was configured to run in PLAINTEXT, while my client, by default, was configured to run with TLS mode, so it must be set with grpc.client.__name__.negotiationType=PLAINTEXT property.
See the following documentation for further information
It caused by gRPC can't resolve addresss service-name:port;
If you use static, the value must be ip:port; The service-name need to be resolved as ip address;
If you are using register center like consul or eureka etc., you should use discovery:///service-name without specify port.
If you didn't use register center, only end to end with server, replace service-name as a ip like 127.0.0.1 which belong to server;
Or modify host config for parse service-name like below, the file on Linux is /etc/hosts
127.0.0.1 service-name
I am setting up my tomcat 8 server to use a SSL connection and the application is working fine - the redirect from HTTP to HTTPS is good, but I need to find a way to allow HTTP for some pages (API calls).
Why do I need that? because those API calls are trying to upload/download something to/from the server and because the connection is secure, those files are firstly - encrypted, secondly - decrypted and finally - used. And because the CPU has low performance, the upload/download speed is very poor.
I've tried to change configuration from conf/web.xml file, with no success.
If I change the parameter from CONFIDENTIAL to NONE, but both connection types (HTTP /HTTPS) will be enabled - and this is not what I need.
Any help in this direction is appreciated.
Thank you,
If you are using the Linux system like Ubuntu, then, instead of setting up an SSL connection setup in Tomcat, you will use the Nginx server. Use the following link for installation. In the Nginx server configuration file, nginx.conf, you can define a location inside the server name setting and then you can filter the APIs that you do not want to enable as HTTPS.
For setting SSL in Nginx, you have to use the ssl_certificate & ssl_certificate_key setting.
I want to check my rest api service remotely, for this purpose i add the following lines to application.properties
server.port = 8080
server.address = 37.221.202.142
This ip address i got from this site https://2ip.ru/
But when i run my app i have the error like port is already in use. I switched a lot of ports( 8081,8082,8083 etc) but every time i got this error. When i removed this line from application.properties server.address = 37.221.202.142 Application is deployed fine but i can't connect to server using this url http://37.221.202.142:8080/managers, but this work fine http://localhost:8080/managers
What am i doing wrong?
Open command prompt and type ipconfig(if you are a windows user) or ifconfig(if your linux user).
Get the ip address of your machine. I assume you are not deploying the application in public server(azure or aws).
If your using Tomcat or Pivotal Server for deploying the war file. Double click on the sever to get the Overview of the server details and just type your IP address.
Now, restart the server and hit the IP address YOURIPADDRESS:8080 port in the browser and it should work.
I know that Kerberos does not work with IP adresses, it relies on domain names and correct DNS entries only.
But I found that old versions of overthere library allows to use IP address with Kerberos authentication.
I extracted code from overthere and created small java project that demonstrates that https://github.com/igolikov/KerberosWithIP
It uses Apache HttpClient to send WSMan request to hyper-v host.
I also found that it works with httpclient 4.3.3 and it doesn't work with httpclient 4.4.1
How it is possible that it works with IP?
UPD1. I suppose that httpclient or something in sun.security may use revers DNS lookup. I tried to intercept traffic with Wireshark, and found 1 Revers DNS lookup (in-addr.arpa), but it responded with "No such host" because default DNS server cannot do revers DNS for this IP.
UPD2. Here is server configuration
There are SPNs for host name and for IP address
SPN( 1 ) = WSMAN/10.10.64.60 1+=1
SPN( 1 ) = HOST/somehost.corp.org.com 1+=1
SPN( 1 ) = HOST/somehost 1+=1
Kerberos can work without DNS just fine, the problem DNS solves is both sides of the connection agreeing on the same service principal to use. If I use the kerberos API to fix that principal to standard one, then as long as the server side has that prinicpal in it's keytab it will continue to work.
I.E. you have to know the kerberos principal that the service you are connecting to uses before you can connnect. Most service principals are of the form
service/dns.name.of.host
But the service principal can be anything as long as the client software knows what to use "somehow".