load balancing – Use ALB to publish a service using EKS with nodes in private subnet WITHOUT a NAT Gateway

I am using eksctl to provision an EKS cluster in my AWS account. It works fine, but I noticed it creates a NAT Gateway, which is somewhat expensive.

Is there a way to have nodes in private subnets expose HTTP services through an ALB (could also be an NLB or ELB in my specific case), without a NAT Gateway?

My services don’t need internet access (i.e, outbound connections).

Thanks

linux – Issues in communicating via IPSec (StrongSwan) between an Android client and its gateway (IKEv2)

I’ve been attempting to create an IPSec VPN into my home network to which I can tunnel from outside, eg. on my phone or thru my laptop when I’m abroad. Authenticating the clients is done via pubkey authentication with x509 certificates. All is working there, the only issue I have is with the Android client (on the official StrongSwan VPN app) which is failing to connect.

(IKE) authentication of 'arch' with RSA_EMSA_PKCS1_SHA2_256 successful
(IKE) IKE_SA android(3) established between (redacted)(C=IT, O=(redacted),
CN=(redacted) (havoc))...(redacted)(arch)
(IKE) scheduling rekeying in 35733s
(IKE) maximum IKE_SA lifetime 37533s
(IKE) installing DNS server 192.168.1.254
(IKE) installing new virtual IP 192.168.1.74
(IKE) received NO_PROPOSAL_CHOSEN notify, no CHILD_SA built
(IKE) closing IKE_SA due CHILD_SA setup failure

From what I’ve found (and been told) the received NO_PROPOSAL_CHOSEN notify, no CHILD_SA built is either due to a mismatch between cipher suites or an invalid ts config. Both should be correct, considering that the official StrongSwan wiki has a configuration that should support most, if not all, the (up-to date) client cipher suites. ts is likely correct because the Android client, as can be seen above, does actually get an IP via DHCP and does actually install it.

Configuration:

root@arch ~ # cat /etc/swanctl/swanctl.conf 
connections { 
        rw { 
                local_addrs = 192.168.1.143, (redacted) 
                pools = dhcp 
                local { 
                        auth = pubkey 
                        certs = serverCert.pem 
                        id = arch 
                } 
                remote { 
                        auth = pubkey 
                } 
                children { 
                        net { 
                                local_ts = 192.168.1.0/24 
                                updown = /usr/local/libexec/ipsec/_updown iptables 
                                esp_proposals = aes192gcm16-aes128gcm16-prfsha256-ecp256-ecp521,aes192-sha256-modp3072,default 
                        } 
                } 
                version = 2 
                proposals = aes192gcm16-aes128gcm16-prfsha256-ecp256-ecp521,aes192-sha256-modp3072,default 
        } 
} 
include conf.d/*.conf 

Does anyone have any insight into this?

microservices – Multi Tenancy Aware Gateway routing

microservices – Multi Tenancy Aware Gateway routing – Software Engineering Stack Exchange

Email gateway

Hi,

I plan to use proxmox email gateway to filter any incoming mail before it reach client server. Does anyone know where to look correct… | Read the rest of https://www.webhostingtalk.com/showthread.php?t=1842129&goto=newpost

Commerce Gateway Capture Payment Only

I’m trying to write a custom payment gateway to work with a vendor’s payment processor. They have only provided me with an endpoint to capture the payment whereas Drupal Commerce 2 works in two steps – auth and then capture. I realize that is actually better, but alas it seems my hands are tied here.

In the createPaymentMethod method, I can read the whole credit card number, but by the time I get through to the createPayment method, it only has the last 4 digits expecting the payment processor to have provided a key to pair with those.

Is it possible to access the whole credit card number in the createPayment method without storing the whole thing in the database (something I absolutely won’t/can’t do).

Thanks!

google cloud platform – OpenAPI config for a Graphql backend using GCP API Gateway?

I have an apollo/graphql server sitting behind a GCP API gateway. Google says it requires an OpenAPI spec to secure endpoints: https://cloud.google.com/api-gateway/docs/get-started-cloud-run#creating_an_api_config

But how exactly would this look for securing a single graphql endpoint? Also, as a side question, is a new API Gateway needed to be created for each Cloud Run/App Engine service?

Thanks in advance.

Session variable disappears after callback to WooCommerce gateway API link

I am trying to create a plugin for WooCommerce that stores some value into $_SESSION(‘myVar’) before payment process and get it on Thank You page back.
Everything works fine, but when I use a gateway, that makes a callback with POST info about payment to http://exemple.com/wc-api/my_gateway the $_SESSION(‘myVar’) becomes empty and I can’t get value from it on the Thank You page.

How I did it:

// Reg. the session   
add_action( 'init', __CLASS__ . '::register_session' );

public static function register_session() {

    if( !session_id() ) {
        session_start();
    }

}

// Set the session variable before payment
$_SESSION('myVar') = 'my value';

// Trying to get the session value after payment
echo $_SESSION('myVar'); // NULL

Thank you!

ssl – wordpress behind aws api gateway too many redirects

I have a wordpress site in a VM, let’s call it vm-site and it is behind nginx that is sitting in another vm, let’s call it vm-nginx that is handling the ssl. Here is the relevant part of the nginx.conf

server {
    server_name  <my-domain> www.<my-domain>
    root         /usr/share/nginx/html;

    location / {

        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header Host $host;
        proxy_pass http://<vm-site-ip>;
    }
}

and I have added the following lines in the wp-config.php

define( 'WP_DEBUG', false );

define('FORCE_SSL_ADMIN', true);

if (strpos($_SERVER('HTTP_X_FORWARDED_PROTO'), 'https') !== false) {
    $_SERVER('HTTPS') = 'on';
}

/* That's all, stop editing! Happy publishing. */
(...)
define('WP_SITEURL', 'https://<my-domain>/');
define('WP_HOME', 'https://<my-domain>/');

This configuration works fine, but I wanted to use the power of aws api-gateway instead of using nginx.

I have created the following endpoints:
proxy endpoint
non-proxy endpoint
As you may see the host and the proto header (along with others) are being forwarded, and I have verified it on the aws logs. In the black box is the vm-site ip.

What I experience, using incognito mode is:

  • when I ask for a page, things do work
  • when I ask for a URL that I would get a redirect, for example /wp-admin I am getting ERR_TOO_MANY_REDIRECTS with the Request url being https://my-domain/wp-admin/ and the location response header being http://my-domain/wp-admin/ and vice versa.

I looked at the _server variables and I noticed that in api-gateway we have these extra headers (there are other differences as well, but I don’t think that are relevant)
$_SERVER(‘HTTP_X_FORWARDED_PORT’) 443
$_SERVER(‘HTTP_X_FORWARDED_FOR’) my-ip, 70.132.63.91
I added then in nginx-vm
proxy_set_header X-Forwarded-Port 443;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
but I didn’t see any issue.

Any ideas?

phpWallet – e-wallet and online payment gateway system.

Admin submitted a new resource:

phpWallet – e-wallet and online payment gateway system. – phpWallet – e-wallet and online payment gateway system.

View attachment 29512​

KEY FEATURES

  • Responsive UI.
  • 6 Color Skins.
  • Built with bootstrap 4.
  • Unlimited Deposit Methods.
  • Unlimited…

Read more

.

windows – Openvpn TAP client different gateway than local network / How to allign

I have a openvpn client setup on my local accessible media server and it is mainly functioning as it should.

However some LAN clients have problems with accessing the media server locally, as they try to connect to the TAP connections ip (10.8.2.10) instead of the servers actual lan ip (192.168.0.111).

What can I do to align the gateways or tell my clients to find the servers actual lan ip_

Media server with openvpn client is running windows
Local clients which needs to access the media server is android clients and the like.

Router is running OpenWRT

IPconfig Tap adapter

       Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : TAP-Windows Adapter V9
   Physical Address. . . . . . . . . : 00-FF-45-2F-41-74
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::3863:63cf:9e1c:48d2%7(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.8.2.10(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, 11 March 2021 19.06.04
   Lease Expires . . . . . . . . . . : Friday, 11 March 2022 19.06.03
   Default Gateway . . . . . . . . . :
   DHCP Server . . . . . . . . . . . : 10.8.2.254
   DHCPv6 IAID . . . . . . . . . . . : 302055237
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-24-8B-3E-A9-94-C6-91-10-EA-FF
   DNS Servers . . . . . . . . . . . : 103.86.96.100
                                       103.86.99.100
   NetBIOS over Tcpip. . . . . . . . : Enabled

Local ethernet adapter:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) Ethernet Connection (4) I219-V
   Physical Address. . . . . . . . . : 94-C6-91-10-EA-FF
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.0.111(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, 11 March 2021 19.05.53
   Lease Expires . . . . . . . . . . : Monday, 18 April 2157 02.05.42
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DNS Servers . . . . . . . . . . . : 192.168.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

DreamProxies - Cheapest USA Elite Private Proxies 100 Private Proxies 200 Private Proxies 400 Private Proxies 1000 Private Proxies 2000 Private Proxies ExtraProxies.com - Buy Cheap Private Proxies Buy 50 Private Proxies Buy 100 Private Proxies Buy 200 Private Proxies Buy 500 Private Proxies Buy 1000 Private Proxies Buy 2000 Private Proxies ProxiesLive Proxies-free.com New Proxy Lists Every Day Proxies123