I have connected to other websites but have been able to connect to AWS I have seen others had this issue before me but none of the threads I found were answered. I am hoping someone has suggestion I can post the code if necessary. Is there a special way to connect to the AWS website? The goal of the project is to send data to a web page which was created using Amazons AWS services. We are using an Access point and are using a Json format.
To establish a connection with AWS you must need a secured connection (https TLS 1.2) but the SIM900 firmware only provide TLS 1.0 (see the doc here : https://simcom.ee/documents/SIM900/SIM900_HTTPS%20AT%20Command%20Set_V1%2000.pdf)
I think I see somebody with the same configuration than yours (Arduino + sim900) who used a lib to connect to AWS.
Or you can establish a TCP connection with AWS and then use a lib to handshake and send data with TLS 1.2 protocol. More informations about TCP and TLS : https://medium.facilelogin.com/nuts-and-bolts-of-transport-layer-security-tls-2c5af298c4be
Related
I have spring boot admin server deployed in openshift with the help of fabric8 maven plugin
And also i have several applications deployed in openshift.
Spring boot admin server (SBAS) use spring cloud kubernetes discovery to discover services (applications) registered / running in namespace / cluster, which is automatic client discovery.
SBAS discovered as expected, its fine but some applications shown / registered in SBAS use http and some use https to check the health as like below
I have no idea, why SBAS use http for some apps and for https for some apps to check the health.
Since SBAS use https and port 8443 it shows applications are offline but those applications are exposed in http 8080 only
I have compared applications code and openshift configurations but i don't see any difference and how to fix this issue.
I am new to all above concepts could some one help me ?
I didn't find solution for this issue, but i did work around which helped me.
Since i am using only one port 8080, i have deleted other ports such as 8443 and 8778 via openshif yml as shown below. but you have you have to expose more ports this won't help.
I am trying to establish a SSL-encrypted connection to a my MySQL Docker service running on a AWS VPC (setup up by the Docker for AWS cloud formation template). The elastic load balancer is configured to redirect port 3306. There is no problem to connect to the container (e.g. by using MySQLWorkbench, mysql-client, ..) as long as SSL is not turned on (adding AWS's own certificates (ACM) or my custom certificates to the ELB listener). In case SSL is enabled, the client starts hanging / freezing, without returning a proper error. I added the ca-certs from ACM, generated my own certificates (with and without additonal key / cert for the client) but nothing seems to resolve my problem.
Now I am well aware of the fact, that this setup is not that usual. I guess the standard way of doing this is to configure the MySQL-Server itself. AFAIK, in this case only the connection between client and ELB is encrypted, but I do not understand why this causes a problem?
I am grateful for answers!
In MySQL's client/server protocol, the server talks first. It advertises its capabilities (including whether it supports SSL). Then the client requests that the connection switch to SSL mode. Only then does SSL negotiation take place.
For this reason, it is not possible to offload SSL in front of MySQL.
Your connection hangs because the client is waiting for the initial packet from the server, while the ELB is waiting for the client to start negotiating SSL -- because unlike the MySQL client/server protocol, the client talks first on standard SSL negotiation.
You have to have a certificate on the MySQL Server, and not on the ELB, for this to work.
An AWS Network Load Balancer is a more appropriate solution for exposing MySQL, but you still need the SSL cert on the MySQL Server itself.
I have ELB balancing TCP traffic to my Node.js processes. When ELB is balancing TCP connections it does not send the X-Forwarded-Proto header like it does with http connections. But I still need to know if the connection is using SSL/TLS so I can respond with a redirect from my Node process if it is not a secure connection.
Is there a way to make ELB send this header when balancing TCP connections?
Thanks
You can configure proxy protocol for your ELB to get connection related information. In case of HTTP the ELB adds headers telling about the client information, in case of TCP however, AWS ELB simply passes through the headers from the client without any modifications, this causes the back end server to lose client connection information as it is happening in your case.
To enable proxy control for your ELB, you will have to do it via API, there is currently no way to do it via UI.
http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/enable-proxy-protocol.html
The above doc is a step-by-step guide on how to do this, I don't want to paste the same here as that information might change over time.
EDIT:
As it turns out, Amazon implements Version 1 of the proxy protocol only which does not give away SSL information. It does however give port numbers which was requested by the client and a process can be developed stating something like if the request was over port 443 then it was SSL. I don't like it as it is indirect, requires hardocoding and coordination between devops and developers... seems to be the only way for now...lets hope AWS ELB starts supporting Version 2 of the proxy protocol which does have SSL info soon.
I've recently created a Mule application (3.7.0 CE) on a laptop. I'm connected to an AWS RDS instance when running locally in AnyPoint Studio using Maven. I started with a local MySQL DB and migrated it to AWS because my application "proofofconcept" is just that a proof of concept and I would like to show the application online (public url) instead of my laptop for a presentation. I added the database.url=... property to the application properties when I deployed to Anypoint Runtime Manager in the cloud. I'm currently getting a:
communications link failure
I've tried several things and nothing has worked. I tried a basic database connection first in the database config. And, then I created a JDBC datasource in Spring-beans. Both methods worked locally and in-communication with AWS (remote). When I deploy to Runtime Manager, the application deploys. And, I get the console that's generated runtime by the RAML. When I call a url e.g. api/v1/orders it runs and runs and after timeout provides the communication error.
Does anyone 1) know if the communication is allowed? 2) know how to fix this? I would like to demo the POC online for my client.
Thanks in advance
My issue was with Amazon VPC and the default security group assigned to my RDS instance. By default all outbound activity is set to any protocol and any port for any ip (0.0.0.0/0). Inbound routing, however was specifying only port 3306 but also a custom using-ip that was my home network public ip. I changed the ip specification to be 0.0.0.0/0. This now mean's that any ip can send a request though port 3306 to my Amazon MySQL instance.
I have this project for my classes i'm currently workin' on. here it is:
WebPage client for Telnet not on standard ports, with ability to choose a port and connect
I have machines with telnet servers on them, just waiting for connection.
So my idea was to set up a nodeJS with express server on a dedicated machine. This would handle connections through telnet and host a page for clients, that would use socket.io to exchange information with server side.
But as i'm new to such technologies (telecommunications student) i wonder if it is possible. I spotted something like this - jsterm.com by Peter Nitsch, but i see there are some massive gaps in code and the demo does not really work so i don't know if it actually works. Did anyone try this?
My other problem is - when i send information to nodeJS server through websockets, which seems achievable for me, what do i do with this information? Do i just set up another websocket to pass the same data i got from client websocket directly to the telnet port?
Can sockets connect directly to specific port, without any websocket waiting on the other side?
If my idea is wrong, could anyone help me - maybe there exists some nice solution - i was thinking about Anyterm for example but i see that it requires an apache server and runs completely different technologies...
Just to be clear, WebSocket connections are not raw TCP socket connections. They have extra header information in each packet, browser to server data is masked using a running XOR, etc.
In order for the browser to communicate with a normal TCP server (e.g. a telnet server) you will need some sort of bridge service. It just so happens that such a thing already exists. websockify is a server that accepts WebSocket connections and bridges them to a raw TCP server.
In fact, the websockify project already includes a working telnet client as an example application. However, note that one limitation of websockify (for security reasons) is that the client cannot pick an arbitrary server address/port to connect to. The target address(es) must be predefined, either as a single target specified on the command line for websockify, or as multiple targets specified in a configuration file (and selected via a token in the WebSocket connect string).
There are multiple implementations of websockify in different languages (python, C, node, ruby, Clojure) however, only the python version currently supports multiple targets via a configuration file.
Disclaimer: I created websockify.