I have an RDS instance on AWS running MySQL. "Public availability" is set to "yes", and I can connect using the endpoint dns name.
Using the AWS console, how can I find both the public and private IP addresses of the instance?
I am designing a commercial application that will ship on a Raspberry Pi. In some cases the Pi will be placed on a corporate network, in other cases it will be behind a home-office router/firewall.
The device provides an Onion service that is accessible from the public Tor network, and an authenticated Onion service that is accessible from within the local network only. I need to protect the device with a firewall that is already configured when the Pi is shipped.
One option is to install a firewall (or simply configure iptables) on the Pi. Alternatively, I could ship a dedicated firewall device in addition to the Pi. (This device could be a second Pi, configured as a firewall, or a HW firewall).
Are there any advantages in adding a second device? Would it provide better protection than combining it with my Onion service sever?
Note that my Onion service application is really quite small. It requires minimal disk space and CPU power.
EDIT:
For clarity, if I was using a second device then I would package it into a single case/box with the Pi itself. There should be no requirement for a network admin, since the Tor service would initiate all communication on well known http/https ports.
I have a clean install of Ubuntu 20.04 and have setup screen sharing. It gives me an URL to use to access the desktop, something like vnc://my-computer.local When I type this in a web browser on the MacBook, the browser offers to open it up in Screen Sharing, but if I select that, I get the following error message:
The software on the remote computer appears to be incompatible with this version of Screen Sharing.
I tried installing TigerVNC on the Mac, but without success - nothing installed, no error messages, nothing.
Which VNC client should I try next? I need one that is compatible with Mac OS Catalina, and with the Ubuntu 20.04 VNC implementation?
I have three separate domains in Route 53:
- domain1.com
- domain2.com
- domain3.com
They all have an A record that points to the same IP address. In addition, they have a CNAME record that points to their respective A records.
Recently I removed the record for domain1.com. (I don't want users to browse the site via that URL while I am working on it).
However, when I try to browse domain2.com (or domain3, for that matter), I get a 301 response, redirecting me to domain1.com. Since the A record for domain1 no longer exists, I get a "server not found" response.
This happens when I try to browse the IP address directly too, even from a device which has not browsed any of the three domains before.
Why is this so? And what can I do about it?
I have installed vsftpd on a Ubuntu server on AWS however I can not access it via its Elastic IP. If I ssh to the server, I can then ftp to it using its internal IP, but I can't ftp using its public IP. What am I doing wrong?
As far as I can recall, the only change I made to vsftp.conf was to uncomment local_enable=YES.
The FTP server is in a VPC. The default network ACL's are in place, and I have opened up TCP ports 20-22 to traffic from anywhere.
When I run ftp 13.my.ip.address it simply says the connection timed out.
I have a typical web application with a web server (PHP) and a database. It is on a new AWS account, not the EC-Classic style. I want to be able to access the database server from my desktop using a GUI-based tool such as Sequel Pro. How do I configure that?
The web server is on a subnet that accepts traffic from any source on port 80 or 443. It also accepts ssh traffic (port 22) from selected IP's. By way of outbound rules, it allows all traffic to any destination, but has a specific rule to allow traffic on port 3306 (MySql) to go to the database security group.
There are 2 database subnets, since RDS insists on at least two availability zones. I am only using one though, as I have no need for replication. The inbound rules on the database security group allow traffic on port 3306 from either the web server security group, or my desktop IP.
When I try to access RDS from my desktop it says it cannot connect to the host, or it timed out. Upon investigation, I found that my RDS instance was set to 'not publicly available'. When I try to change that, it says my VPC does not support DNS resolution... When I read up on DNS resolution, it tells me I need to enableDnsHostnames, and enableDnsSupport, but does not say how. Other articles however suggest that there is more to it than that.
So, how should I be going about accessing this database with a GUI client? Should I:
- Continue down the path of enabling DNS resolution on my VPC, and if so, how?, or
- Should I be considering some other approach, such as accepting 3306 traffic on the web server subnet and forwarding it to RDS?
EDIT:
I came across the options to enable DNS resolution, and turned these on, and was able to connect immediately. I am happy with that. For anyone else reading this, you change your DNS resolution setup by selecting the VPC from the "Your VPC's", then choosing Actions (top of screen).
I understand how a client can trace a route to a server (using traceroute, or tracert). But is there a way for a server to trace a route to a client?
The problem is that I have a group of internet users who live in a remote area and they are complaining that their internet access is slow. I am planning to build some software that allows them to run a download test easily, then store the results. Once we have collected a reasonable amount of data we will hopefully be able to find a pattern.
In conjunction with the download data it would be great to have traceroute data. I can't see how I could initiate this from the client without writing some client software, which is something I don't want to do. Thus I am trying to find a mechanism which collects route information but is initiated by the server.
My preference would be to work with a linux server.
I have setup my first AWS VPC. It has a public subnet, and two private subnets. One of the privates has an RDS instance, and the other is vacant (in a different AZ). I followed the tutorials on AWS to set up the routing and VPC Security Groups. I don't have NAT server for the private subnets.
My question is, how do I go about accessing the RDS instance in the private subnet using the MySql client? I set up rules in the Web Server Security Group that allows outbound access on 3306, and the Database Security Group allows inbound access on the same port.
When I SSH into the server on the public subnet and run mysql -h hostname -p I get an error message about an unknown host name. I tried the full RDS endpoint name as the host name. I also tried just the host-name portion of the name. Am I going about this the right way? Does the MySql client use the 3306 port? Or do I have to open another port?
I have created a launchrock.com page and I am directing signup.mydomain.com there using a CNAME record in the DNS. That works fine however now I want to direct root traffic there too, i.e. mydomain.com. How do I go about this?
Launchrock give instructions to change the IP address of the A record, however I don't want to do this since I have other subdomains in use, including beta.mydomain.com. (These subdomains need to continue operating as they currently do).
How do I do this? I'm not sure whether it's a DNS change or an Apache change.
I am using a recent version of Apache on Ubuntu on AWS EC2.
My users upload their profile images and I save them in a public folder. The file names are not predictable (they are based on md5 hash of user id with salt). When someone views the user's profile, I embed a link to the user's image.
I'm worried that someone may download the entire directory and misuse the images. How can I protect against this? Specifically:
- Are wget and curl the only realistic options for such an attack?
- I realise that wget respects robots.txt, but can I rely on this?
- Does curl respect robots.txt?
UPDATE: I'm using a ubuntu server
I am experimenting with my newly written application on EC2. At the moment it is hosted on a particular EC2 instance, however I am sure that before I go live I will want to move it to another server, one that's larger or configured differently. For this reason, I have associated an EIP with it.
Route53 is my DNS provider and it has the default SOA and NS records setup fine (and my registrar is pointing to these). Now I need to tell the DNS about my EIP, however that's where I run in to trouble.
As far as I know, I should be able to setup an A record that points from mydomain.org to the EIP. When I put in the EIP address, however, it won't allow it. Based on some sites I have done in the past, I think I can put the private DNS name in here, but I don't want to do that since it's associated with a particular instance, and I'll be changing instances in the future. What am I missing?
Also, I will want to setup the subdomain www.mydomain.org. As far as I know that means a CNAME record. Correct?
How do I install a new PDO driver to an existing LAMP installation?
I am using Amazon Linux (on AWS EC2), and have installed PHP 5.5 and MySql from the Amazon repositories. When I look at phpinfo I can see that PDO is successfully installed, along with PDO_SqlLite. I need to add PDO_MySql.
Based on what I have read, I can either re-compile PHP with the PDO_MySql included, or download it from a repository. The first option sounds like hard work, and potentially very messy. The second option would be good, but as far as I can see the Amazon Linux yum repositories don't include the PDO_MySql driver for PHP 5.5. (I could be wrong, since I'm new to yum).
What other options are there? What would happen if I just downloaded the .so file from somewhere, put it alongside the other .so files, and called it in my php.ini?
I am using AMI 2013.09.
UPDATE: This pecl link, http://pecl.php.net/package/PDO_MYSQL, says that PDO_MySql has been moved to PHP source. Perhaps it's just a matter of enabling it then?
I have been trying to get LAMP install upgraded to PHP5.5, Apache 2.4, on Amazon Linux. Per this earlier question, Update PHP with yum on Amazon Linux, I thought I had it beat, but clearly that's not the case.
At the moment I am trying to install the PDO package and I'm getting the following errors:
--> Finished Dependency Resolution
Error: php55-common conflicts with php-common-5.3.28-1.2.amzn1.x86_64
You could try using --skip-broken to work around the problem
You could try running: rpm -Va --nofiles --nodigest
I tried the two fixes suggested in the error messages, but that didn't help. Also, tried to erase php-common-5.3.... but could not. Could erase php-common, but that would erase the 5.5 version with it. Any ideas?
Once I am over this hurdle, it's possible I'll strike other hurdles too, so the bigger question is... Has anyone done this before? And perhaps logged the steps in a blog article?
I am using AMI 2013.09.
I have Amazon Linux on EC2, AMI 2013.09. I followed the LAMP install tutorial, http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/install-LAMP.html, and ended up with PHP5.3 installed.
In answer to this question here, Amazon Linux Version Details, ceejay0z explains that I can upgrade to PHP5.5 using yum install php55. When I do, however, I get errors relating to conflicts (at the end of dependency checking).
So, my question is, how do I proceed from here? Do I want to erase the existing PHP install, then install the new one? Upgrade? Update? Update-to? (In case it's not obvious, I have not used yum before...)
I am getting acquainted with AWS and I'm using Amazon Linux on EC2 to build a LAMP stack.
I read somewhere on the AWS site that the AMI 2013.09 had PHP 5.5 but when I installed it and followed the LAMP tutorial, http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/install-LAMP.html, I found that version 5.3 was installed.
Have I missed something? Or misread something perhaps?
I can no longer find the URL that detailed what was in 2013.09. Is there resource that details what's in each release?
I have a business grade hosting account with Webmasters. The web server is Apache. From time to time I setup what Wembasters call Add-on domains.
My problem is that I can't give Add-On domain users ftp access to their own web site. Is there a way I can do this with symlinks or some such?
Thanks!
I have recently setup a virtual host on my local web server (per this question, Config problem with Apache 2 on Win 7).
I'm using Apache 2.2 on Win 7, as part of Zend Server.
At the moment, the root of my application's directory is accessible via either the virtual host (http://openco.local), or the local host name (http://localhost). How do I change this so that openco.local continues as is, but localhost points to it's original location (i.e. htdocs)?
Any assistance appreciated!
The real problem is that I'm not terribly good with infrastructure, but you probably can't help me there.
My issues today is that I'm trying to configure a virtual server on Win 7. I'm using Zend Server, and I'm following the Zend framework introductory tutorial, http://framework.zend.com/manual/en/learning.quickstart.create-project.html.
When I add the following config to the bottom of my http.conf file, I get 403 forbidden when I try to visit http://localhost/. Here's the config:
<VirtualHost *:80>
ServerName openco.local
DocumentRoot /ZendFW-Projects/opencoV2/public
<Directory /ZendFW-Projects/opencoV2/public>
DirectoryIndex index.php
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
Any ideas? The tutorial says to make sure that NameVirtualHost is defined, however I wasn't sure what format this directive should take, so I left it out. I see that other related tutorials also leave it out, so I don't think that's the problem.
I have edited my etc/hosts, of course...
Any assistance much appreciated!
A third party has asked me to setup a new subdomain and point it too sub.theirdomain.com. Apparently I can do this with a single CNAME record. Although I set it up over 24 hours ago, it doesn't seem to be resolving. Here's the entry I made:
sub.mydomain.com. IN CNAME sub.theirdomain.com.
Does that look OK?
The host is Webmasters, and I asked their helpdesk who thought it was fine.
The only way I know that it isn't resolving is that when I surf to sub.mydomain.com I get a server not found error. What tools should I be using to diagnose further?
Any you can see, I'm no DNS expert, so any assistance is much appreciated!