Problem scenario
Sometimes you have a web service listening on the loop back IP address on a non-standard port.
When you run nmap -Pn localhost
, you see a service is listening on a given port (e.g., 9200). When you run nmap -Pn
on an internal or external IP address, you do not see a service listening on that given port. You want to direct traffic to this listening service (e.g., 127.0.0.1:9200 or localhost 127.0.0.1:9200).
How do you make a web service on a server accessible on its external IP address? How can you get web browsers to go to the web service when it is only available from curl commands run from the back-end?
Solution
This example will be fore port 9200. You can use other ports as you wish.
1. Either turn off SELinux or set it to "Permissive". Run this to find out its status: sudo getenforce
If you get "sudo: getenforce: command not found", then SE Linux has not been installed and you can go to step #2. This following command would set it to the "Permissive" state: sudo setenforce Permissive
2. Install Nginx. If you need assistance, see this posting for Debian/Ubuntu Linux or this posting for CentOS/RHEL/Fedora.
3. Modify nginx.conf. Replace the server {} block in nginx.conf with this:
server {
listen 80;
listen [::]:80;
server_name _;
location / {
proxy_pass http://127.0.0.1:9200/;
}
}
The entire nginx.conf file should look like this:
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server {
listen 80;
listen [::]:80;
server_name _;
location / {
proxy_pass http://127.0.0.1:9200/;
}
}
# Settings for a TLS enabled server.
#
# server {
# listen 443 ssl http2 default_server;
# listen [::]:443 ssl http2 default_server;
# server_name _;
# root /usr/share/nginx/html;
#
# ssl_certificate "/etc/pki/nginx/server.crt";
# ssl_certificate_key "/etc/pki/nginx/private/server.key";
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 10m;
# ssl_ciphers PROFILE=SYSTEM;
# ssl_prefer_server_ciphers on;
#
# # Load configuration files for the default server block.
# include /etc/nginx/default.d/*.conf;
#
# location / {
# }
#
# error_page 404 /404.html;
# location = /40x.html {
# }
#
# error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# }
# }
}