[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: OpenShift deployment behind NAT firewall



Any chance you're using AWS? If you are, consider using route53 and
use the public CNAMEs provided by AWS. You need to make sure your VPC
has dns resolution enabled and you're using the amazon DNS servers. It
creates a split DNS which should resolve the issue you mention.

On Sat, Jan 17, 2015 at 3:49 AM, Alexander Grzesik
<alexander grzesik medisite de> wrote:
> Hi,
>
>
>
> I have a problem installing OpenShift Origin Milestone 4 on a server behind
> a firewall that does some ip NATing.
>
> The scenario is this:
>
> I have a broker and a node inside a virtual network at a hosting provider,
> both have internal IP addresses and can reach each other.
>
> Both servers have a public IP provided by the hoster.
>
> The servers can reach each other via the public IP.
>
> What is prevented by the hosting provider firewall due to security reasons,
> is that a machine can reach itself via its public ip.
>
> I installed OpenShift and set PUBLIC_IP in node.conf to the real public IP
> of the node and this IP also matches to the DNS entry for the node, so the
> node can be reached from the outside.
>
> The problem is that the Gears cannot reach each other via the public ip
> configured. I have a scaled App with a webserver and a database gear both on
> the same node (I have only one node). The webserver gear tries to reach the
> db via it GEAR_DNS entry which points to the node dns entry and the public
> ip. Due to the mentioned firewall restriction, the webserver cannot reach
> its DB via this IP. I also have a second application gear that should send
> to REST Request to my webserver Gear, which does not work either.
>
> I already tried to change network settings, hosts file entries etc. to map
> internal requests to the internal IP of the node, but without success.
>
> My question is now, if anyone has experience in configuring OpenShift to use
> an internal IP address for internal node communication, but an external IP
> for accessing the apps from the outside?
>
> Any ideas are welcome.
>
> Thank You
>
> Alexander
>
>
> _______________________________________________
> dev mailing list
> dev lists openshift redhat com
> http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
>


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]