Buscar este blog

sábado, 28 de marzo de 2020

CentOS 6 - Port forwarding

I have the following scenario:
  1. My computer
  2. CentOS 6.5 intermediate server IP_CENTOS
  3. Third party service: https://IP_SERVICE/domain/service-path 
From my computer I can reach the CentOS server, but not the third party service.
From CentOS server you can reach the third party service.

I want to use CentOS server as a bridge in order to forward traffic from my computer to the third party service and vice versa.

Set configuration

Step 1

Enable ip forward in iptables:
 
    echo 1 >/proc/sys/net/ipv4/ip_forward

Step 2

Configure forwarding:
    iptables -t nat -A PREROUTING -p tcp --dport 9443 -j DNAT --to-destination [IP_SERVICE]:443
    iptables -t nat -A POSTROUTING -p tcp -d [IP_SERVICE] --dport 443 -j SNAT --to-source [IP_CENTOS]


Here you have:
  • 9443 is the fake port used in CentOS server.
  • IP_SERVICE is the IP address of the third party service
  • 443 is the default HTTPS port, as the third party service is in https://xxxxxx
  • IP_CENTOS is the IP address of the CentOS server

Step 3

Save the rules:
    service iptables save
    service iptables reload

You can check the configuration as follow:
    iptables -t nat --line-numbers -L

    more /etc/sysconfig/iptables

Test

From My Computer you can check to access to https://IP_CENTOS:9443/domain/service-path 

Rollback configuration

In order to restore configuration and delete all previous work, do as follows:
    echo 0 >/proc/sys/net/ipv4/ip_forward

Check the rules and delete them one by one: 
    iptables -t nat --line-numbers -L

    iptables -t nat -D PREROUTING|POSTROUTING [num]

Publicado por en No hay comentarios:
Etiquetas:

jueves, 19 de marzo de 2020

Apache Camel - Proxy route

In this example I will configure a Camel route proxy. Camel will publish a http servlet and redirect all request to a external provider.

Configuration

You need to configure as follow:
  • Configure dependencies
  • Configure Camel servlet
  • Configure Camel route

Configure dependencies

In pom.xml:
<dependency>
 <groupId>org.apache.camel</groupId>
 <artifactId>camel-servlet</artifactId>
 <version>${camel.version}</version> 
</dependency>

<dependency>
 <groupId>org.apache.camel</groupId>
 <artifactId>camel-http4</artifactId>
 <version>${camel.version}</version> 
</dependency>

Configure Camel servlet

In web.xml:
<servlet>
 <servlet-name>CamelServlet</servlet-name>
 <display-name>Camel Http Transport Servlet</display-name>
 <servlet-class>org.apache.camel.component.servlet.CamelHttpTransportServlet</servlet-class>
</servlet>

<servlet-mapping>
 <servlet-name>CamelServlet</servlet-name>
 <url-pattern>/services/*</url-pattern>
</servlet-mapping>


Or, alternatively, in java:
import javax.servlet.annotation.WebServlet;

@WebServlet(name = "CamelServlet", urlPatterns = { "/services/*" }, loadOnStartup = 1)
public class CamelRestServlet extends org.apache.camel.component.servlet.CamelHttpTransportServlet { 
 private static final long serialVersionUID = 2886685336873526067L;
 //Servlet secuestrado por Camel para procesar las peticiones de entrada a su ruta proxy
}

Configure Camel route

In camel-context.xml:
<camelContext id="camelContext" xmlns="http://camel.apache.org/schema/spring">
 <route>
  <from uri="servlet:/service1?matchOnUriPrefix=true"/>
  <log message="Redirecting to service1"/>
  <to uri="http4://otherDomain:8080/otherApp/service1?bridgeEndpoint=true&amp;throwExceptionOnFailure=false"/>
 </route>
 
 
 <route>
  <from uri="servlet:/service2?matchOnUriPrefix=true"/>
  <log message="Redirecting to service2"/>
  <to uri="http4://otherDomain:8080/otherApp/service2?bridgeEndpoint=true&amp;throwExceptionOnFailure=false"/>
 </route>
</camelContext>

Testing

In your app is published in http://localhost:8080/myApp, then you will get the following behaviour:

When calling http://localhost:8080/myApp/services/service1/test?a=b Camel will redirect to http://otherDomain:8080/otherApp/service1/test?a=b
Publicado por en No hay comentarios:
Etiquetas: ,

viernes, 13 de marzo de 2020

Tomcat -JConsole - Remote connection

This is the procedure to connect JConsole to a remote tomcat server.

[Remote] Configure tomcat

Edit/create a file $TOMCAT_HOME/bin/setenv.sh.

Add de following JAVA_OPTS params:

  • -Dcom.sun.management.jmxremote
  • -Dcom.sun.management.jmxremote.port=9999
  • -Dcom.sun.management.jmxremote.rmi.port=9998
  • -Dcom.sun.management.jmxremote.authenticate=false
  • -Dcom.sun.management.jmxremote.ssl=false
You can add them as follow: 
JAVA_OPTS="$JAVA_OPTS -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=9999 -Dcom.sun.management.jmxremote.rmi.port=9998 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false"
Restart tomcat.

[Remote] Configure host

You need to open these ports in order to allow remote connections from other machines. You can do that by using "firewall-cmd":
   firewall-cmd --zone=public --add-port=9999/tcp
   firewall-cmd --zone=public --add-port=9998/tcp
   firewall-cmd --zone=public --permanent --list-ports
   firewall-cmd --zone=public --list-ports

[Local] Configure JConsole

From local host launch JConsole targeting 9999 (in my case, the target server is in PRE-C01-SRV01)






If you have problems you can enable JConsole log by creating a logging config file, for example, jconsole-logging.properties:
Logging.properties

handlers = java.util.logging.ConsoleHandler


.level = INFO

java.util.logging.ConsoleHandler.level = FINEST

java.util.logging.ConsoleHandler.formatter = \

java.util.logging.SimpleFormatter

// Use FINER or FINEST for javax.management.remote.level - FINEST is

// very verbose...

javax.management.level = FINEST

javax.management.remote.level = FINEST

Launch JConsole from command line with the following params:
    jconsole -J-Djava.util.logging.config.file=jconsole-logging.properties

Publicado por en No hay comentarios:
Etiquetas: , ,

jueves, 12 de marzo de 2020

Camel - CXF - Remove SOAP Headers 

import java.util.List;

import org.apache.camel.Exchange;
import org.apache.camel.Processor;
import org.apache.cxf.binding.soap.SoapHeader;
import org.apache.cxf.headers.Header;

public class ReaProcessor implements Processor {  
 
 @Override
 public void process(Exchange exchange) throws Exception {
  @SuppressWarnings("unchecked")
  final List<SoapHeader> soapHeaders = (List<SoapHeader>) exchange.getIn().getHeader(Header.HEADER_LIST);
  soapHeaders.clear();   
 }

}

<beans xmlns="http://www.springframework.org/schema/beans"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:cxf="http://camel.apache.org/schema/cxf"
 xmlns:sec="http://cxf.apache.org/configuration/security" xmlns:http="http://cxf.apache.org/transports/http/configuration"
 xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
              http://camel.apache.org/schema/cxf http://camel.apache.org/schema/cxf/camel-cxf.xsd
              http://camel.apache.org/schema/spring http://camel.apache.org/schema/spring/camel-spring.xsd
              http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd
              http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd">

 <bean id="reaProcessor" class="xxxxxxxxxxx.ReaProcessor"></bean>
 
 <!-- CAMEL CONTEXT -->
 <camelContext id="camelContextRea" xmlns="http://camel.apache.org/schema/spring">
  <!-- CAMEL ROUTE -->
  <route id="ReaWSRoute">
   <description>
    Ruta camel para Rea
   </description>
   
   <from uri="cxf:bean:servicioReaProvider?loggingFeatureEnabled=true&amp;dataFormat=POJO" />
   
   <to uri="cxf:bean:servicioReaClient?loggingFeatureEnabled=true&amp;dataFormat=POJO" />
   
   <process ref="reaProcessor"></process>
  </route>
 </camelContext>

</beans>
Publicado por en No hay comentarios:
Etiquetas: ,
Suscribirse a: Entradas (Atom)