I am currently working on a second api on an already running server which serves
port 80,
and other virtualhosts connected to flasks for each api port
via apache/httpd on Centos 7.
api1 is running with wsgi
api2 currently on plain flask webserver for testing
Problem is now that I can reach api2 on localhost:api2_port, but not on its external ip adress
I tried mtr from another network which actually logs returning packages from api2 external_ip:api2_port.
There is a hardware firewall between them, which is not under my control, however I was told, that the ports were opened as I asked. I think the mtr output also confirms this.
Questions
Does anyone have an idea how I can debug this?
Is there maybe a problem with multiple flask instances running on the server?
=> This however should've been covered by the localhost:api2_port test
The Virtualhost config is plain basic and works for api1
<VirtualHost *:api2_port>
ServerName external_ip:api2_port
ServerAlias Projectname
DocumentRoot /var/www/projectname
</VirtualHost>
Thanks in advance for any suggestion
Edit 1:
Also
the project files and folders are owned by a non-root user who also runs api1
iptables has rules for tcp input and output for the api ports
selinux is disabled
I am currently out of ideas
Thanks for reading and responses.
The Problem was a missing firewall rule after all, so it is solved.
Related
So I have this web application running with Python's Flask and I use gevent.pywsgi.WSGIServer in order to make my application ready for production. My website is accessible from the Internet with all my devices and even others with different networks.
However I tried to add the HTTPS possibility by running the test with certbot letsencrypt... I passed the tests and obtain the certfile and keyfile but when I put them as arguments in the following function :
app_server = gevent.pywsgi.WSGIServer(
(CONFIG['Flask']['host'], int(CONFIG['Flask']['port'])),
app,
certfile="fullchain.pem",
keyfile="privkey_rsa.pem"
)
Well I get this error ssl.SSLError: [SSL] PEM lib.
PS: I opened my port for HTTPS server
That's why I wonder if the problem comes from:
the domain name passed for the letsencrypt test
domain name registrar
...
Or something else?
Thank you in advance.
I know this question is old and I came here looking for an answer to something else, but I have gone through your exact situation and couldn't help answering it.
I actually resolved the situation the proper way of building a website. I registered with a free dns server and routed all traffic coming to my router on ports 80/443 to a virtual machine in the LAN running NGINX, where I had already setup letsencrypt certs. Using this setup I don't have to enable SSL on any other machine in the network. Off topic, but to enable local network level ssl you need to have all the machines in the network. But you can simply forward requests from NGINX to any machine running in your local network using http and to the outside world all the traffic happens over SSL.
NGINX configuration is simple for LAN and you can create one yourself with a little google search, but the basic structure contains one server and several child location blocks where each location block corresponds to one web application in the LAN.
Hope this helps a bit. I can put a more detailed answer with specific steps if you are still looking.
I created an API for the company i work however i would like people having access in the same company network, how can i achieve this? I currently modified the allowed host as follow:
ALLOWED_HOSTS = ['127.0.0.1', 'localhost','192.168.6.7', '127.0.1.1', '161.19.109.123']
however only work in my computer under IP: 127.0.0.1:8000, any suggestions? FYI i do not have administrator privilege.
Try this to access project in a lan server
python manage.py runserver your_ip:port.
For example
my system IP address is something like 192.168.12.135, when we run run django development server its runs at localhost:8000, i mean with the system IP address and with a port 8000 like 192.168.12.135:8000 right.
it'll be accessible if you're running through apache or any other webservers other than the development server.
I would advice you to host and use a local apache server rather than using development server. Doing so, you can foresee the issues you'll be facing when moving to production.
I deployed my flask rest api on IIS 8 to windows server 2012 r2. I followed this article. (https://medium.com/#bilalbayasut/deploying-python-web-app-flask-in-windows-server-iis-using-fastcgi-6c1873ae0ad8) I can browse the rest api on the local server but I can not browse the api from other computers on public internet. I can ping the public IP of the server without problem. There is no firewall rule that blocks the server. Would you please help me?
PS. I am trying to browse by the IP, 185.201.212.219. Is it related to this?
edit1: I will try this which is from flask documentation.
Externally Visible Server
If you run the server you will notice that the server is only accessible from your own computer, not from any other in the network. This is the default because in debugging mode a user of the application can execute arbitrary Python code on your computer.
If you have the debugger disabled or trust the users on your network, you can make the server publicly available simply by adding --host=0.0.0.0 to the command line:
flask run --host=0.0.0.0
This tells your operating system to listen on all public IPs.
edit2: Adding host parameter didn't work.
Is there any ideas?
Thanks in advance.
All ports except 80 was open. When I set port=80, all my troubles seem so far away :)
I'm trying to connect to my website from another node on another network. If the nodes are in the same network, i can connect to the website without a problem.
I've forwarded port for ssh and Django (8000), I also have apache ready on port 9080.
ssh and apache ports work fine when connecting to them from external ip address, Django does not for some reason.
First, i tried to run the server on port 8000:
python manage.py runserver 0.0.0.0:8000
This works completely fine when connecting from the node that is in the same network as the server, but for some reason, whenever i try to access it from external ip address, the connection is refused.
To make sure it was Django, I also tried running the server on the same port as Apache (9080), although, i didn't expect "errorless" response, since i knew that port was occupied. But there was no change at all, I was still getting the same Apache page that i would get before.
I also tried allowing port 8000 on firewall:
sudo ufw allow 8000/tcp
But pretty sure this is not the problem, since this Debian came without any firewall.
I also tried to empty ALLOWED_HOSTS in settings, but there was no progression.
It seems like Django has no effect for external connections, what could be the reason?
I also struggle to understand the purpose of other http web server platforms in this case (e.g Apache, Nginx), Isn't Django creating a webserver itself along with its custom wsgi?
Firewall is not the problem, neither is the web server, then may the problem be caused by the Django itself? Maybe it is outer firewall?
It is not clear how you are configuring Apache to forward requests to Django, it seems like you are treating those as two independent components. If you want to use a web server in front of Django (recommended for production envs), you need to configure both Apache and Django.
Then, as you are running django in dev mode (python manage.py runserver 0.0.0.0:8000), you should reach Django in http://server_ip:8000 regardless of Apache, perhaps there is another firewall blocking the connection. Use tracert / traceroute to find out where the connection is blocked.
FInally, for production environments, it is recommended to use a web server in front of Django to increase security and performance. See the docs for further information.
My guess is that you have another firewall blocking the port. You opened the local firewall using ufw, but there may be an outer firewall.
python manage.py runserver 0.0.0.0:8000 starts correctly? If so, keep an eye in the log.
Inside the server, do a request wget http://localhost:8000. The request should be logged
If you can reach Apache in port 9080 from outside the server, you can:
Use nmap to find the opened / closed / filtered ports in the server to find if there is another firewall inbetween.
Configure Apache to forward requests to Django, although this does not solve the problem
In your question you say that you have forwarded port for ssh and Django. What exactly is this? Are you sure that you have not misconfigured your ssh server to listen in port 8000?
I have a Django development server running on a remote centos VM on another lan. I have set up port forwarding using Secure CRT to access the web page through my browser from my desk pc. I am currently not using apache with the development server and is shutdown.
I start the server by running python manage.py runserver 0.0.0.0:80.
When I type either the ip or www.localhost.com into the web browser, my URL is read as if it has been doubled with the host being read as if it was also the path.
Page not found (404)##
Request Method: GET
Request URL: http://www.localhost.com/http://www.localhost.com/
When I try to access the development server from within the same LAN the page loads up fine.
I have been searching through the django documentation and stack overflow, but I have yet to find a similar problem to this. Does anyone have any thoughts on why this may be happening and what could be a possible solution?
Thank you very much in advance!
It looks like the request URL is incorrect:
http://www.localhost.com/http://www.localhost.com/ should probably be http://actual_machine_IP.com/
I'd start searching there. You won't be able to access the VM's port 80 from a different lan using localhost as the hostname since localhost is probably already set in your hosts file.
If you want to test your dev environ remotely, can I suggest either setting up Apache properly with port 80 (as opposed to using django's dev server--privilege restrictions and all that can be circumvented with sudo and other bad practice) or use a pre-built shared dev service like vagrant share.