I have a laravel 8 project running on port 8000 and metabase (an analytic framework) running on port 3000.
metabase itself is password protected. But if possible I would like to make normal users unable to even get to the login screen of metabase. My idea was that metabase exposes port 3000 only to localhost and laravel forwards port 3000 inside a middlewarte protected route.
I was hoping for a solution which would look something like this:
Route::middleware(['auth','isAdmin'])->prefix('metabase')->group(function() {
// forward port 3000 here
});
AFAIK, Laravel can't protect endpoints outside of his requests. Instead, you can use HTTP auth or maybe you can try subdomain routing https://laravel.com/docs/8.x/routing#route-group-subdomain-routing
Related
How do I start a PHP public server using Command Prompt (I'm using windows).
If I use PHP -S localhost:<port> it runs the server on my own localhost but no one outside my connection can access it, but I want my friend in the US to access it.How do I do that using Command Prompt
I have not yet tried anything yet
You can try use localhost tunneling with ngrok.io or pagekite
You need to modify your router's configuration, ie.:
link internal IP (e.g. 192.168.0.XXX) and port (e.g. 80) to your external/public IP. BTW, better to use non-standard HTTP port on the outside due to security issues. You can find these settings when login to router and go to Settings->NAT Forwarding / Virtual servers.
Your friend can then access http://<YOUR_PUBLIC_IP>:<YOUR_PUBLIC_PORT> from his/her browser. If you are concerned with dynamic IP, you should register with Dynamic DNS Provider (DDNS) for example: https://www.dynu.com/
I try to Deploy a Laravel App via AWS ElasticBeanstalk with Classic Load Balancer.
I store my laravel sessions in a database on an AWS RDS, the connection is working fine.
It is all working fine, except that every request is generating a new session.
In my .ebextensions I added therefore, session stickiness
option_settings:
aws:elasticbeanstalk:environment:process:default:
Port: '80'
Protocol: HTTP
aws:elb:listener:443:
ListenerProtocol: HTTPS
SSLCertificateId: my_ssl_arn...
InstancePort: 80
InstanceProtocol: HTTP
aws:elb:listener:80:
ListenerEnabled: true
aws:elb:policies:sessionstickiness:
CookieName: laravel_session
LoadBalancerPorts: 443, 80
In the App itself, i force via middleware to use https://
Its Laravel Version 5.5, in the TrustProxiesMiddleware i added:
protected $proxies = '**';
I just don't understand where the problem is and tried already a lot of different settings.
Did anyone get experience with that? What do I oversee here?
I am currently trying to connect to my elastic search cluster using the php elasticsearch client
I am having trouble using an https endpoint for this. I have my cluster behind a load balancer with a VIP in front, it is using Apache authentication and is on port 443. The trouble I am running into is that the config for the client seems to be parsing the hosts and removes https:// from the host name. this results in the client always trying to connect over port 80. I have tried adding :443 to the host name but I am then getting a curl error "empty reply from server". I know that this server has access (no firewall blocking) because i can manually make the curl call using https://myelasticsearch.com.
My question is, is there a way to specify the protocol to make the request over using this client? if not, where in the source is the parsing of the host array happening?
I have found a temporary solution, in src/Elasticsearch/Connections/AbstractConnection.php there is a defined transportSchema variable that is set to http. I changed this to https and also added the :443 to my host in the config and it works!
Just as an update to this question (in case anyone stumbles into it), this bug was fixed in Elasticsearch-PHP v1.1.0. You can specify https in the host now to use SSL:
$params = array();
$params['hosts'] = array (
'https://localhost', // SSL to localhost
'https://192.168.1.3:9200' // SSL to IP + Port
);
$client = new Elasticsearch\Client($params);
When calling:
$this->get('router')->generate('...',array(),true)
To get an absolute URL from a controller I get a URL with default Port 80:
https://subdomain.mydomain.com:80
How can I get rid of the :80? This only happens in production. On my local machine I don't get the default port in the absolute URL.
Production environment uses a reverse proxy (nginx:443->varnish->apache:80)
The local apache server port is 80 but should be the remote Port 443.
btw this has been fixed in Symfony 2.3.5
https://github.com/symfony/symfony/commit/65814bae27d6fdb9501a4efd07e6b980353d89bb
You can also fix this by defining the router context in the parameters.yml file like so:
router.request_context.host: localhost:8181
router.request_context.scheme: http
router.request_context.base_url: /application/path
This will let you generate correct URLs when there is no web context, like in commands or cron jobs.
You should check: https://github.com/symfony/symfony/blob/master/src/Symfony/Component/Routing/Generator/UrlGenerator.php#line-244, it might be the cause of your problem.
It's also possible it's a caching issue, try debugging using:
$this->context->getHttpPort() / ->getHttpsPort()
I currently have two apps at AppFog, they are.
http://sru-forums-prod.aws.af.cm/ and http://sru-home-prod.aws.af.cm/
I have haProxy running locally on my computer, this is my current config file.
global
debug
defaults
mode http
timeout connect 500ms
timeout client 50000ms
timeout server 50000ms
backend legacy
server forums sru-forums-prod.aws.af.cm:80
frontend app *:8232
default_backend legacy
The end-goal is that localhost:8232 forwards traffic to sru-home-prod, while localhost:8232/forums/* forwards traffic to sru-forums-prod. However I cant even get a simple proxy up and running.
When I run HAProxy off this config file I receive AppFog 404 Not Found at localhost:8232.
What am I missing, is this even possible?
EDIT:
New config works but now i have a port 60032 coming back in the response.
global
debug
defaults
mode http
timeout connect 500ms
timeout client 50000ms
timeout server 50000ms
backend legacy
option forwardfor
option httpclose
reqirep ^Host: Host:\ sru-forums-prod.aws.af.cm
server forums sru-forums-prod.aws.af.cm:80
frontend app *:8000
default_backend legacy
The reason you are getting an AppFog 404 Not Found is because applications hosted on AppFog are routed by domain name. In order for AppFog to know what app to serve you, the domain name is required to be in the HTTP request. When you go to localhost:8232/forums/ it sends localhost as the domain name which AppFog does not have as a registered app name.
There is a good way to get around this issue
1) Map your application to a second domain name, for example:
af map <appname> sru-forums-prod-proxy.aws.af.cm
2) Edit your /etc/hosts file and add this line:
127.0.0.1 sru-forums-prod-proxy.aws.af.cm
3) Go to http://sru-forums-prod-proxy.aws.af.cm:8232/forums/ which will map to the local machine but will go through your haproxy successfully ending up with the right host name mapped to your app hosted at AppFog.
Here is a working haproxy.conf file that demonstrates how this has worked for us so far using similar methodologies.
defaults
mode http
timeout connect 500ms
timeout client 50000ms
timeout server 50000ms
backend appfog
option httpchk GET /readme.html HTTP/1.1\r\nHost:\ aroundtheworld.appfog.com
option forwardfor
option httpclose
reqirep ^Host: Host:\ aroundtheworld.appfog.com
server pingdom-aws afpingdom.aws.af.cm:80 check
server pingdom-rs afpingdom-rs.rs.af.cm:80 check
server pingdom-hp afpingdom-hp.hp.af.cm:80 check
server pingdom-eu afpingdom-eu.eu01.aws.af.cm:80 check
server pingdom-ap afpingdom-ap.ap01.aws.af.cm:80 check
frontend app *:8000
default_backend appfog
listen stats 0.0.0.0:8080
mode http
stats enable
stats uri /haproxy