Graphhopper server not accessing on a same network - graphhopper

I have successfully deployed graph-hopper on my local server. The problem is that i can access the server using local-host on the server but unable to access it using the server IP locally or from other machine on the same network. For same port if i use docker it works but not the other way around. Here is my configuration:
# Dropwizard server configuration
server:
applicationConnectors:
- type: http
port: 8989
requestLog:
appenders: []
adminConnectors:
- type: http
port: 8991

You need to bind the host, maybe you need to change localhost with the IP address of your server. Avoid using 0.0.0.0.
server:
application_connectors:
- type: http
port: 8989
bind_host: localhost

Related

Trying to make browsersync work within vagrant using gulp

I've been stuck in trying to make browsersync work within vagrant using gulp. I can connect to the UI of browsersync but I can never connect to my development site. If tried connecting using the address http://localhost:3000, I keep getting the error below:
Cannot GET /
Here are my configurations for vagrant:
# IP Address to access the server 10.0.0.3
config.vm.network "private_network", ip: "10.0.0.3"
config.vm.network "forwarded_port", guest: 3000, host: 3000, auto_correct: true
config.vm.network "forwarded_port", guest: 3001, host: 3001, auto_correct: true
# Sync the server timezone to the host machine
config.vm.provision :shell, :inline => "sudo rm /etc/localtime && sudo ln -s /usr/share/zoneinfo/Asia/Manila /etc/localtime", run: "always"
# Sync File
config.vm.synced_folder "./", "/var/www/html", mount_options: ["dmode=777", "fmode=666"]
Configuration when connecting to SQL
Here are my configurations for Gulp:
browserSync.init(["./assets/css/*.css"],{
server: {
proxy: "http://10.0.0.3/globe-gui/",
open: false,
port: "2222",
injectChanges: true,
}
});
I tried searching the net for a solution but can't seem to get an answer.
Browser sync isn't initialized with the correct options.
browserSync.init({
files: ["./assets/css/*.css"],
open: false,
port: "2222",
injectChanges: true,
proxy: "http://10.0.0.3/globe-gui/",
});
Your Vagrantfile configures guest machine (box) to be accessible via IP address 10.0.0.3.
Connect to services running in the box from host through IP address (10.0.0.3).
Set the SSH Host to 10.0.0.3 for a database service running on port 2222 in the box when connecting from host to box, but set localhost when connecting inside of the box.
I take it that BrowserSync is started inside the box.
Configure proxy to have value:
proxy: "http://localhost/globe-gui/",
Connect to BrowserSync from a browser running in the host through private IP address for box (http://10.0.0.3:3000).

Can't expose mysql tcp service running inside kubernetes cluster publicly using nginx-ingress

I ran into a problem exposing a mysql database running inside a kubernetes cluster publicly. The cluster runs with kops on AWS. Im using a helm chart for nginx-ingress: https://github.com/helm/charts/tree/master/stable/nginx-ingress
controller:
config:
use-proxy-protocol: "true"
metrics:
enabled: true
replicaCount: 2
service:
annotations:
service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: '*'
stats:
enabled: true
rbac:
create: true
tcp:
5000: default/cbioportal-prod-db-mysql:3306
From within the cluster I can telnet to the db through nginx over port 5000 :
# telnet eating-dingo-nginx-ingress-controller 5000
J
5.7.14
ke_|c&tc"ui%]}mysql_native_passwordConnection closed by foreign host
But i can't seem to connect from outside using the hostname of the aws load balancer.
telnet xxx.us-east-1.elb.amazonaws.com 5000
Trying x.x.x.x...
When i look in aws ec2 dashboard i see the load balancer's security group allows connections from everywhere on port 5000.
UPDATE
I can connect when I use port 3306 instead of 5000:
tcp:
3306: default/cbioportal-prod-db-mysql:3306
However now that the port is open:
$ nmap --verbose -Pn x.x.x.x
PORT STATE SERVICE
21/tcp open ftp
80/tcp open http
443/tcp open https
3306/tcp open mysql
I am getting an authorization issue:
$ mysql -h x.x.x.x -uroot -pabcdef
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 2013 (HY000): Lost connection to MySQL server at 'reading authorization packet', system error: 2
I can connect directly to the nginx controller without issues from within the cluster:
kubectl run -it --rm --image=mysql:5.7 --restart=Never mysql-client -- mysql -h eating-dingo-nginx-ingress-controller -uroot -pabcdef
I'm using this mysql helm chart:
https://github.com/helm/charts/tree/master/stable/mysql

Google Dataproc - Unable to connect via SSH

I installed a Cloud Datalab notebook on a Cloud Dataproc cluster following the instructions listed in the official documentation
After creating the cluster, I then created a SSH tunnel to the master node in the Cloud Shell and connected to the cluster interface using the Cloud Shell. Instructions. I could access the Jupyter notebooks after this. I used the -v verbose option to see the SSH connection logs:
gcloud compute ssh cluster-datalab-m --project=abcxyz-123 --zone us-west1-a \
-- -v -4 -N -L 8080:cluster-datalab-m:8080
But after some time, I got a popup saying "A connection to the notebook server could not be established. The notebook will continue trying to reconnect. Check your network connection or notebook server configuration." and my cluster stopped responding to any commands.
When I looked at the SSH output on the Cloud Shell, I saw that multiple channels were being requested at this point.
A preview of SSH logs just during the break point:
debug1: channel 1: new [direct-tcpip]
debug1: Connection to port 8080 forwarding to cluster-datalab-m port 8080 requested.
debug1: channel 2: new [direct-tcpip]
debug1: channel 1: free: direct-tcpip: listening port 8080 for cluster-datalab-m port 8080, connect from 127.0.0.1 port 52832 to 127.0.0.1 port 8080, nchannels 3
debug1: channel 2: free: direct-tcpip: listening port 8080 for cluster-datalab-m port 8080, connect from 127.0.0.1 port 52833 to 127.0.0.1 port 8080, nchannels 2
debug1: Connection to port 8080 forwarding to cluster-datalab-m port 8080 requested.
debug1: channel 1: new [direct-tcpip]
debug1: Connection to port 8080 forwarding to cluster-datalab-m port 8080 requested.
debug1: channel 2: new [direct-tcpip]
debug1: channel 2: free: direct-tcpip: listening port 8080 for cluster-datalab-m port 8080, connect from 127.0.0.1 port 52837 to 127.0.0.1 port 8080, nchannels 3
debug1: Connection to port 8080 forwarding to cluster-datalab-m port 8080 requested.
debug1: channel 2: new [direct-tcpip]
debug1: Connection to port 8080 forwarding to cluster-datalab-m port 8080 requested.
debug1: channel 3: new [direct-tcpip]
debug1: Connection to port 8080 forwarding to cluster-datalab-m port 8080 requested.
debug1: channel 4: new [direct-tcpip]
debug1: Connection to port 8080 forwarding to cluster-datalab-m port 8080 requested.
debug1: channel 5: new [direct-tcpip]
debug1: Connection to port 8080 forwarding to cluster-datalab-m port 8080 requested.
debug1: channel 6: new [direct-tcpip]
debug1: Connection to port 8080 forwarding to cluster-datalab-m port 8080 requested.
I closed this SSH connection manually and then tried to SSH into the master node by clicking the SSH button on the Compute Engine console but even that was taking lot of time and didn't complete successfully.
I looked at this stackoverflow question but I couldn't find any /etc/sshguard folder in the master node so I don't think that is the issue for my case. The master node was running Debian 8.10.
Is there any way to ensure that the SSH connection (and the Jupyter notebook) works continuously?
We've updated the documentation at cluster web interfaces. Using cloud shell works for Datalab, but not Jupyter. Cloud Shell Preview only supports HTTP, but Jupyter uses websockets.
Instead, you should follow the instructions for setting up a SOCKS proxy and pointing Chrome at it. There's a handy bash script called launch-jupyter-interface.sh that does that for you. You'll just need to modify it to point to your Chrome installation.
The Jupyter tutorial also mentions using that script.

Running non-www stuff on an Elastic Beanstalk Docker container

I want to run a SMTP server on a Docker container in Elastic Beanstalk, so in my Dockerfile I have exposed the port 25 (and no other ports)
EXPOSE 25
I also edited the beanstalk load balancer (using EC2 web admin) and added port 25 to it:
| LB Protocol | LB Port | Instance Protocol | Instance Port | SSL |
| TCP | 25 | TCP | 25 | N/A |
....
And edited the security group of the instance to allow inbound TCP traffic to port 25 (allowed all locations to be able to connect to the instance directly).
Doesn't seem to work though. If I use the same Dockerfile in Virtualbox (using option -p 25:25) I can connect to the port 25 through the host machine and the SMTP server is listening. If I run the container in Elastic Beanstalk using the before-mentioned configuration I can't connect to the port 25 neither using the load balancer or directly the EC2 instance.
Any ideas what I'm doing wrong here?
Instead of editing the Load Balancer configuration directly from EC2 web admin it is recommended you do it using elasticbeanstalk ebextensions because those changes persist for your environment even if your EC2 instances in the auto-scaling group are replaced.
Can you try the following?
Create a file "01-elb.config" in a folder called .ebextensions in your app source with the following contents:
option_settings:
- namespace: aws:cloudformation:template:parameter
option_name: InstancePort
value: 25
Resources:
AWSEBLoadBalancer:
Type: AWS::ElasticLoadBalancing::LoadBalancer
Properties:
Listeners:
- InstancePort: 25
LoadBalancerPort: 80
Protocol: TCP
- InstancePort: 25
LoadBalancerPort: 25
Protocol: TCP
AvailabilityZones:
- us-west-2a
us-west-2b
us-west-2c
HealthCheck:
Timeout: 5
Target: TCP:25
Interval: 30
HealthyThreshold: 3
UnhealthyThreshold: 5
This file is in YAML format and hence indentation is important.
The option setting ('aws:cloudformation:template:parameter', 'InstancePort') sets the instance port to 25 and also modifies the security group to make sure that port 25 is accessible by the load balancer.
This file is overriding the default Load Balancer Resource created by Elastic Beanstalk with two listeners both having instance port set to 25. Hope that helps.
Read more about customizing your environment with ebextensions here.
Can you try creating a new environment with the above file in .ebextensions/01-elb.config file in the appsource directory? Let me know if you run into any issues.

Zabbix JMX Tomcat monitoring

I have been trying to setup Zabbix to monitor my 2 tomcat servers on 2 different Amazon EC2 machines, but in vain.
The Z on the host is green, however te JMX is red with these errors
- ZBX_TCP_READ() failed: [4] Interrupted system call
- Someother error [111] connection refused
and many such errors, one after another, in the sense I resolve an error to see one more new error popping up.
These are some assumptions
All the machines run Ubuntu 12.10 and later
Server's IP address: 66.55.12.120 (Runs Zabbix server v2.2.4 (revision 46772) (23 June 2014) )
Agent's IP address: 87.52.45.198 ( Runs Zabbix agent v2.2.2 (revision 42525) (12 February 2014) )
My local machine's IP address: 76.89.54.111
Here is what I've done so far.
On Server Side:
1) Installed Zabbix_server using sudo apt-get install zabbix-server-mysql.
2) The GUI, mysql database all have been installed and configured.
3) The following are the only 3 changes that I've made in the file /etc/zabbix/zabbix_server.conf
...
JavaGateway=localhost
JavaGatewayPort=10052
StartJavaPollers=5
...
4) The Zabbix Java gateway was installed using sudo apt-get install zabbix-java-gateway.
5) The following are the only 3 changes that I've made in the file
/etc/zabbix/zabbix_java_gateway.conf
...
LISTEN_IP="127.0.0.1"
LISTEN_PORT=10052
START_POLLERS=5
...
On Client Side:
1) Installed Zabbix Client using
sudo apt-get install zabbix-agent
2) The following are the only 3 changes that I've made in the file
/etc/zabbix/zabbix_agentd.conf
...
Server=66.55.12.120
StartAgents=5
ServerActive=66.55.12.120:10051
Hostname=Security-test-JMX-EC2
... <br />
3) The Hostname is the same as the one that is mentioned while creating the Host on the GUI.
I believe that there are some issues with the IP and ports. So, here are the outbound rules for both the machines as obtained from Amazon EC2 Security Groups for the machines
OUTBOUND RULES for SERVER SECURITY GROUP:
Type Protocol Port Source Reasoning
Custom- TCP 8080 0.0.0.0/0
TCP Rule
All ICMP All N/A 0.0.0.0/0
Custom- TCP 10052 27.52.52.128/32 For access from Agent
TCP Rule
Custom- TCP 8081 76.84.120.130/32 To access Zabbix GUI from-
TCP Rule -my local machine's web browser
Custom- TCP 10051 27.52.52.128/32 As the agent responds to-
TCP Rule -the server on Port 10051TCP Rule-
-Must allow inbound communications-
- from the agent.
Custom- TCP 11000 27.52.52.128/32 The agent's JMX reporting-
TCP Rule -happens on port 11000(not on 12345).
OUTBOUND RULES for CLIENT SECURITY GROUP:
Type Protocol Port Source
HTTPS TCP 443 0.0.0.0/0
Custom- TCP 10050 66.55.12.120/32
TCP Rule
Custom- TCP 10052 66.55.12.120/32
TCP Rule
Custom- TCP 11000 66.55.12.120/32
TCP Rule
HTTP TCP 80 76.89.54.111/32
Custom- TCP 8080 76.89.54.111/32
TCP Rule
Custom- TCP 8443 76.89.54.111/32
TCP Rule
What am I missing? Please guide me.
Any help is appreciated.
Thanks
Goutham
If you can, then run VisualVm (probably using a tunneled X session) on the zabbix host, and see if you can connect to the target JVM with that. If you can't connect from that, you won't be able to connect from Zabbix.
Try with the following CATALINA_OPTS, replacing with the IP on the target that you want JMX to listen on:
export CATALINA_OPTS="-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=9010 -Dcom.sun.management.jmxremote.local.only=falseom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Djava.rmi.server.hostname=<LOCAL_IP>"
This will disable all JMX security so be aware!
Once you hopefully get it to connect, the "Tomcat JMX" items in Zabbix are also all incorrect! e.g.
Incorrect Zabbix default:
jmx["Catalina:type=GlobalRequestProcessor,name=http-8080",bytesReceived]
Correct entry:
jmx["Catalina:type=ThreadPool,name=\"http-bio-8080\"", bytesReceived]
Note the escaped quotes and incorrect thread name. Add the Mbeans plugin to VisualVM, and use that to browse the MBeans on the target VM, and check the Zabbix names.
It does work eventually, but is a real pain to setup. Zabbix is however one of the few open source monitoring tools that supports JMX at all!
By default, JMX does not work very well with firewalls. You might find related bug reports on Zabbix tracker useful: ZBX-5326 and ZBX-6815. The first one contains a workaround for Tomcat which might work for you.
#gvatreya wrote:
Server: (Runs Zabbix server)
Agent: (Runs Zabbix agent)
It looks like you have to start Zabbix Java gateway as well on host where it is installed (it is a daemon/service).
I configured as follows:
Server: (Runs Zabbix server, Zabbix Java gateway)
Agent: (Runs Zabbix agent)
I think it is possible to install it on a dedicated host.
Have you tried adding -Djava.net.preferIPv4Stack=true to the VM options?
to make it work add next java_opts to your tomcat startup script
-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.authenticate=false
-Dcom.sun.management.jmxremote.port=2345
-Dcom.sun.management.jmxremote.rmi.port=12345
-Djava.rmi.server.hostname=<tomcat_hostname>