I setup HHVM inside Docker on cPanel server with this configuration:
http://wiki.mikejung.biz/HHVM
Section - "How to run HHVM in a Ubuntu docker container on cPanel"
My Docker configuration is:
"Name": "/sad_wozniak",
"NetworkSettings": {
"Bridge": "docker0",
"Gateway": "172.17.42.1",
"IPAddress": "172.17.0.13",
"IPPrefixLen": 16,
"MacAddress": "02:42:ac:11:00:0d",
"PortMapping": null,
"Ports": {
"9000/tcp": [
{
"HostIp": "0.0.0.0",
"HostPort": "9000"
and on VirtualHost of domain i add:
<IfModule mod_proxy_fcgi.c>
ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://172.17.0.13:9000/home/username/public_html/
</IfModule>
I check that it works with curl:
HTTP/1.1 200 OK
Date: Sat, 04 Apr 2015 22:34:52 GMT
Server: Apache
X-Powered-By: HHVM/3.6.1
X-Mod-Pagespeed: 1.9.32.3-4448
Cache-Control: max-age=0, no-cache
Content-Length: 17
Content-Type: text/html; charset=utf-8
But i get MySQL error:
Error establishing a database connection
Outside Docker MySQL server has permissions to use any remote connection. I'd like to use "localhost" on server to MySQL server.
MySQL run on:
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 498 19250361 3206/mysqld
How to connect HHVM with this MySQL which is outside the Docker?
As documentation states, you need to add host address as alias to container
http://docs.docker.com/reference/commandline/cli/#adding-entries-to-a-container-hosts-file
Note: Sometimes you need to connect to the Docker host, which means getting the IP address of the host. You can use the following shell commands to simplify this process:
$ alias hostip="ip route show 0.0.0.0/0 | grep -Eo 'via \S+' | awk '{ print \$2 }'"
$ docker run --add-host=docker:$(hostip) --rm -it debian
After that you should be able to connect to host MySQL using address docker:3306 from container.
Related
I ran into a problem exposing a mysql database running inside a kubernetes cluster publicly. The cluster runs with kops on AWS. Im using a helm chart for nginx-ingress: https://github.com/helm/charts/tree/master/stable/nginx-ingress
controller:
config:
use-proxy-protocol: "true"
metrics:
enabled: true
replicaCount: 2
service:
annotations:
service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: '*'
stats:
enabled: true
rbac:
create: true
tcp:
5000: default/cbioportal-prod-db-mysql:3306
From within the cluster I can telnet to the db through nginx over port 5000 :
# telnet eating-dingo-nginx-ingress-controller 5000
J
5.7.14
ke_|c&tc"ui%]}mysql_native_passwordConnection closed by foreign host
But i can't seem to connect from outside using the hostname of the aws load balancer.
telnet xxx.us-east-1.elb.amazonaws.com 5000
Trying x.x.x.x...
When i look in aws ec2 dashboard i see the load balancer's security group allows connections from everywhere on port 5000.
UPDATE
I can connect when I use port 3306 instead of 5000:
tcp:
3306: default/cbioportal-prod-db-mysql:3306
However now that the port is open:
$ nmap --verbose -Pn x.x.x.x
PORT STATE SERVICE
21/tcp open ftp
80/tcp open http
443/tcp open https
3306/tcp open mysql
I am getting an authorization issue:
$ mysql -h x.x.x.x -uroot -pabcdef
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 2013 (HY000): Lost connection to MySQL server at 'reading authorization packet', system error: 2
I can connect directly to the nginx controller without issues from within the cluster:
kubectl run -it --rm --image=mysql:5.7 --restart=Never mysql-client -- mysql -h eating-dingo-nginx-ingress-controller -uroot -pabcdef
I'm using this mysql helm chart:
https://github.com/helm/charts/tree/master/stable/mysql
I'm running ethereum/client-go docker image with the following flags:
docker run -p 8545:8545 ethereum/client-go --rpcapi personal,db,eth,net,web3 --rpc --rpcaddr 0.0.0.0 --rpccorsdomain * --rinkeby
This image is running on machine A and I can query the RPC within it. But when I try to query it from machine B I receive the following response:
Request:
curl -X POST http://<machine_A_address>:8545 -H "Content-Type: application/json" --data '{"jsonrpc":"2รท.0","method":"eth_coinbase","params":[],"id":64}' --verbose
Response:
< HTTP/1.1 403 Forbidden
< Content-Type: text/plain; charset=utf-8
< X-Content-Type-Options: nosniff
< Date: Wed, 18 Apr 2018 14:58:44 GMT
< Content-Length: 23
<
invalid host specified
* Connection #0 to host ... left intact
How can I query the ethereum client hosted on machine A from machine B ? Where I can find the ethereum client logs so I can debug it ?
Adding --rpcvhosts=* this flag solved the issue
Since --rpcvhosts is deprecated, you need to specify the flag --http.vhosts=<YOUR_DOMAIN>.
If you need an easy walkaround, you can set --http.vhosts=*, but this solution is a bad security practice.
i am a fiware user and i have created an iot agent on an ubuntu 14.04 empty vm and when i send a create service or a device registration request , i get an error. And i've made sure that the ports listen properly and i've also allowed tcp connection on the port 4061. and also get an error whenever i send the request .
here's the create service request
(curl -H 'content-type: application/json' -H 'fiware-service: bla770' -H 'fiware-servicepath: /howtobla770' -X POST 'http://217.172.12.243:4061/iot/services' -d #- ) << EOF
{
"services": [
{
"apikey": "api70",
"token": "token",
"cbroker": "http://147.27.60.58:1026",
"resource": "/iot/d",
"entity_type": "thing"
}
]
}
EOF
and this is the error which i get .
connect to 217.172.12.243 port 4061 failed: Connection timed out
* Failed to connect to 217.172.12.243 port 4061: Connection timed out
Although i have allowed the port 4061 through the firewall by the command
sudo ufw allow 4061
sudo ufw allow 4061
So, what could be done to solve this error please ?
i think you can solve this by deploy preconfigured image like Cepheus and it will allow you to use port8080 and 8081 and you can configure your iot agent to listen by change in config.js file
i am a fiware user and i have created an iot agent on an ubuntu 14.04 empty vm and when i send a create service or a device registration request , i get an error. And i've made sure that the ports listen properly and i've also allowed tcp connection on the port 4061. and also get an error whenever i send the reuest .
here's the create service request
(curl -H 'content-type: application/json' -H 'fiware-service: bla770' -H 'fiware-servicepath: /howtobla770' -X POST 'http://217.172.12.243:4061/iot/services' -d #- ) << EOF
{
"services": [
{
"apikey": "api70",
"token": "token",
"cbroker": "http://147.27.60.58:1026",
"resource": "/iot/d",
"entity_type": "thing"
}
]
}
EOF
and this is the error which i get .
connect to 217.172.12.243 port 4061 failed: Connection timed out
* Failed to connect to 217.172.12.243 port 4061: Connection timed out
Although i have allowed the port 4061 through the firewall by the command
sudo ufw allow 4061
It is necessary adding a security rule opening port 4061 in your Security Groups (cloud portal).
I've installed Orion Context Broker 0.23.0 and it behaves rare: it only works half of the times. For instance, when trying to retrieve the version I get this error message:
$ curl "http://localhost:1026/version"
curl: (52) Empty reply from server
$ curl "http://localhost:1026/version"
<orion>
<version>0.23.0</version>
<uptime>15 d, 22 h, 13 m, 18 s</uptime>
<git_hash>f5d76a6f11736d52402e63a4aa0ba990bff7f5eb</git_hash>
<compile_time>Fri Jul 10 13:21:42 CEST 2015</compile_time>
<compiled_by>fermin</compiled_by>
<compiled_in>centollo</compiled_in>
</orion>
$ curl "http://localhost:1026/version"
curl: (52) Empty reply from server
$ curl "http://localhost:1026/version"
<orion>
<version>0.23.0</version>
<uptime>15 d, 22 h, 13 m, 53 s</uptime>
<git_hash>f5d76a6f11736d52402e63a4aa0ba990bff7f5eb</git_hash>
<compile_time>Fri Jul 10 13:21:42 CEST 2015</compile_time>
<compiled_by>fermin</compiled_by>
<compiled_in>centollo</compiled_in>
</orion>
This behaviour is deterministic, I mean, after failing it always works, and after working it always fails. This occurs with all the operations within the REST API.
I've checked the listening ports and the process running them matches the Orion's one:
$ sudo netstat -ntlp | grep 1026
tcp 0 0 0.0.0.0:1026 0.0.0.0:* LISTEN 9944/contextBroker
tcp 0 0 :::1026 :::* LISTEN 9944/contextBroker
$ ps ax | grep contextBroker | grep -v grep
9944 ? Ssl 0:13 /usr/bin/contextBroker -port 1026 -logDir /var/log/contextBroker -pidpath /var/run/contextBroker/contextBroker.pid -dbhost localhost -db orion -multiservice
Any hints? Thanks!
Orion runs by default listening to IPv4 and IPv6. We have found that in cases similar to the ones you described disabling IPv6 solves the problem (we don't know yet the exact cause, maybe is related with the operating system or it is involved is some way...).
Tu run Orion in only-IPv4 mode you have to use the -ipv4 option either in the contextBroker command line or (if you are running Orion as a service) editing the /etc/sysconfig/contextBroker file to add -ipv4 to the BROKER_EXTRA_OPS variable (have a look to the documentation for more information about configuring Orion as a service). After modifying /etc/sysconfig/contextBroker you have to restart Orion using:
sudo /etc/init.d/contextBroker restart