I purchased a domain from namecheap, and I'm gonna to use cloudflare to DNS my domain, but it says Error 521.
I created an free instance on Oracle.
Cloudflare suggest me to add their ips to oracle, but I have no idea where to add these ips.
We're from the Solutions Architecture team over at Oracle Cloud Infrastructure and wanted to give you a few pointers to help you out.
What this error indicates, is Cloudflare is having problems accessing your website. Most likely this is because you have not yet configured your website to be accessible from the internet. While we didn't write this, it appears the community has a set of instructions here on how to expose your site to the internet:
https://dev.to/yoursunny/how-to-host-a-website-in-oracle-cloud-free-tier-5hca
Here's another online class for doing the same with wordpress: https://www.udemy.com/course/wordpress-website-built-on-oracle-cloud-always-free-tier/
Once done, you'll want to test your website by IP address in a web browser to make sure you can at least load your web page.
What Cloudflare is suggesting is you should actually only open access to your website from the specific IP addresses of the Cloudflare network. This increases the security of your website by preventing people from bypassing Cloudflare if they know your site's IP address. To do so, instead of adding 0.0.0.0/0 as the allowed CIDR you add an individual entry for each CIDR listed here: https://www.cloudflare.com/ips/
For testing though, just use 0.0.0.0/0 until you have it working. Then you can change it.
Finally, don't forget to check host firewall rules (see iptables --list). Not having a entry for port 80/443 is a common error.
Let us know if it works for you.
I have a similar setup where cloudflare is fronting my app. However, in my case I am just using a public load balancer in OCI. Bought a domainname pointing to the public IP of load balancer. This way first I tested my site without the domain name and just hitting load balancer IP. If that works fine, then in the Cloudflare you just need to proxy the domain to the public IP of LoadBalancer.
Related
I'm starting to study DNS system and the way it works. I'm using dig on ubuntu to solve some domain names and I'm trying with different Google services.
Even if services are totally different, it happened that I received the same IP address.
$ dig docs.google.com
;; ANSWER SECTION:
docs.google.com. 264 IN A 216.58.198.14
and
$ dig drive.google.com
;; ANSWER SECTION:
docs.google.com. 264 IN A 216.58.198.14
In other occasions, I received the same address trying to solve yet more services like mail.google.com or maps.google.com.
Can anybody help me and explain me the way it works? Does this have anything to do with time?
Thank you a lot.
First of all docs.google.com and drive.google.com are different domains.
And yes different domains can have the same ip address. This is called a Shared Web Hosting.
In name-based virtual hosting, also called shared IP hosting, the virtual hosts serve multiple hostnames on a single machine with a single IP address. This is possible because when a web browser requests a resource from a web server using HTTP/1.1 it includes the requested hostname as part of the request. The server uses this information to determine which web site to show the user. When you register/purchase your domain name on a particular "registrars name server", your DNS settings are kept on their server, and in most cases point your domain to the Name Server of your hosting provider. This Name Server is where the IP number (currently associated with your domain name) resides.
I have set up an Google Cloud Compute Instance:
Machine type
n1-standard-1 (1 vCPU, 3.75 GB memory)
CPU platform
Intel Haswell
Zone
us-east1-c
I can ssh in using the external address.
I have installed the vncserver and can access it on port 5901 from localhost as well as the internal IP.
I am trying to access it from the static, external IP address but it is not working.
I have configured the firewall to open to port to 0.0.0.0/0, but it is not reachable.
Can anyone help?
------after further investigation from the tips from the two answers (thanks, both!), I have a partial answer:
The Google Cloud Compute instance was set, by default, to not allow
HTTP traffic. I reset the configuration to allow HTTP traffic. I
then tried the troubleshooting tip to run a small HTTP service in
python. I was able to get a ressponse from the service over the
internet.
The summary of the current situation is as follows:
The external IP address can be reached
It is enabled and working for SSH
It is enabled and working for HTTP
It does not seem to allow traffic from vncserver
Any idea how to configure the compute instance to allow for vncserver traffic?
If you already verified that Google Firewall or your VM are not blocking packets, you must make sure that VNC service is configured to listen on the external IP address.
You can always use a utility like nmap outside Google project to reveal information on the port status.
enable http/https traffic form the firewall as per the need. it will work!!
The Google Cloud Compute instance was set, by default, to not allow HTTP traffic. I reset the configuration to allow HTTP traffic. I then tried the troubleshooting tip to run a small HTTP service in python. I was able to get a response from the service over the internet.
As such, the original question is answered, I can access Google Cloud Compute Instance External IP. My wider issue is still not solved, but I will post a new, more specific question about this issue
TLDR: make sure you are requesting http not https
In my case i was following the link from my CE instance's External Ip property which takes you directly to the https version and i didn't set up https, so that was causing the 'site not found' error.
Create an entry in your local ssh config file as below with mentioned local forward port. In my case its an example of yarn's IP, which I want to access in browser.
Host hadoop
HostName <External-IP>
User <Local-machine-username>
IdentityFile ~/.ssh/<private-key-for-above-user>
LocalForward 8089 <Internal-IP>:8088
In addition to having the firewall rules to allow HTTP traffic in both Google Cloud Platform and within the OS of the instance, make sure you install a web server such as Apache or Nginx.
After installing the web server, you connect to the instance using SSH and verify you do not get a failed connection with the following command:
$ sudo wget http://localhost
If the connection is positive, it means that you can access your external URL:
http://<IP-EXTERNAL-VM>
Usually there are two main things to check.
1. Port
By default, only port 80, 443 and ICMP are exposed. If your server is running on a different port, create a record for the same.
2. Firewall
Make sure you are allowing http and https traffic based on your need.
oua re
For me the problem was that I set up the traffic for the firewall rule to be 'Egress' instead of 'Ingress'.
If anyone already initiated 'https'
just disable it and check again.
I created successfully a apache server but I dont want to connect to it by typing 192.168.0.102, I want a normal url like www.google.com. How can I do that? I went to httpd.conf and found the ServerName line but setting it to something like www.mysite.com doesnt seem to work. I also tried to use my external ip(https://www.whatismyip.com) as server name but it doesnt connect. It only works if I try to connect to 192.168.0.102 or localhost. How do i solve this? Thanks
There are three basic things you need to know.
Virtual name hosting
HTTP allows multiple websites to be hosted on the same IP address and port. The client uses the Host request header to tell the server which site it wants to get data for.
ServerName is used as part of this.
… but the client needs to know how to send a request to the server first.
DNS
When a client makes a request to a server, it uses the IP address of the server in order to allow it to be passed over the network (or networks) to it. It is the address.
IP addresses are sequence so of numbers, which aren't very friendly for humans to work with.
DNS translates friendly names (like www.example.com) into IP addresses.
The client has to look up the name to find the IP address. It normally does this through the main DNS system, and in order to get your name linked to your IP address you will need to find a domain name registrar and pay them.
It is also possible to set up DNS at a local level on a private network, and on a computer-by-computer level using a hosts file.
Routing
The IP address of the server has to be routable from the computer the client is running on.
192.168.0.102 is a private address, accessibly only on the same LAN. To make it accessible to clients on the Internet you need to either:
Set up your router to use port forwarding and then use the Internet facing IP address of the router (which https://www.whatismyip.com tells you) or
Give your computer a public IP address and configure your router to route traffic to it (this generally isn't possible on consumer grade routers).
In short, you can't. 192.168.0.102 is not accessible from the Internet it is internal IP.
But you have some alternatives, like if you like to access your computer from a hostname you can use dynamic DNS servers.
Or you want to test your code on a spectacular domain, you can add 192.168.0.102 with a domain to your hosts file, then only you can use this domain with your local computer.
But, If you really want to serve some content to the Internet from your local computer you have to find a DNS server service (like cloudflare) to point your domain to your public Internet ip not to 192.168.0.102.
You configure the virtual host and set the server name to the domain name you want. After that, Apache will check the requests and will use that virtual host if a request was made for that domain name. In order for that to work, that domain should point to your IP address where the server is running.
If you want to test if the configuration works, edit your /etc/hosts file and add that domain name to 127.0.0.1. After that you will be able to access to that virtual host if you try to access to that domain name from your browser.
More info here : https://httpd.apache.org/docs/current/vhosts/name-based.html
I have just created cloud storage on google for mysql database.
I have added local IP address and server's IP address in authorization (under access control).
It's getting connected in mysql work bench in my local machine. But, it's not connecting with the website which is running on windows azure platform.
Which IP address am I supposed to use in access control?
Website is in basic package of azure.
This is a relatively non-trivial thing to achieve as the GCP services need to know about the public source IP of the Azure service. Azure's IP surface is pretty wide so you'd be unlikely to successfully connect the two. You'll be unlikely to be able use just a single source IP address.
You may be better off looking at a VPN connection out of an Azure VNet to your GCP environment.
To be honest, trying to build any form of performant web experience that hosts the web and data tiers in different public clouds is going to be extremely challenging.
Actually I resolved this issue by opening ticket in azure support.
They have outbound IP addresses range available online. We need to provide those IP addresses to third party access control.
I am sharing you that link here.
https://social.msdn.microsoft.com/Forums/azure/en-US/fd53afb7-14b8-41ca-bfcb-305bdeea413e/maintenance-notice-upcoming-changes-to-increase-capacity-for-outbound-network-calls?forum=windowsazurewebsitespreview
Choose those IP addresses which are associated with your website.
Assume that there is a web-page called whatisyourip.com and that I have a web-page called changeip.com. A user wants to enter the site whatisyourip.com through changeip.com. Normally, changeip.com would be a proxy server so the user can hide his ip address. That's how users reach forbidden web-pages in their countries. But I want to ask, is there a way to show a different ip address to whatisyourip.com while connecting it through changeip.com without using it as a proxy server?
is there a way to show a different ip address to whatisyourip.com while connecting it through changeip.com without using it as a proxy server?
Short answer: Yes. Make changeip.com a VPN server and assign different IP addresses to those VPN clients. Ensure they send all traffic through the VPN. This usually involves modification of the local routing table on the VPN client workstations for everything to work correctly.
Longer answer... There are several reliable ways to hide IP addresses of TCP sessions...
HTTP Proxy - you already described this situation
Network address Translation - this doesn't sound likely in your scenario
VPN Tunneling - Possible solution instead of HTTP proxy, even if it's something as simple as an SSL VPN. Depending on your constraints, this could also be a viable option.
You can't. TCP connections require a 3-way handshake. You can certainly send a SYN packet to the server to start the process, then change your IP address. but when the site responds with the 2nd-stage of the handshake (SYN+ACK), that packet is now going to your old IP address and your system will drop it - it has no idea that the server is responding to something that was started on the old IP.
You could try something like the Tor network, which offers end-to-end encryption of traffic and cloaking of origins, but it's not something I'd consider "reliable".
Not unless you spoof your IP, in which case the response will go to the forged IP. So no.