Yes, I already done this task. you can check if the port is accessible with telnet. you run telnet {host} {port}, and it will report Connected to {host} if the port is accesible or will stuck on Trying {host} if it’s not. Run this on jump host (the three app servers nginx should be accessible but the apache should not) and on lb host (the two services should be accessible). As long this requirements are attended I don’t think another modifications will fail the task
I could post all of the steps that I have taken here…if that’s OK…not sure if it is. I’ve spent a LOT of time stuck on this one and I would love to actually understand what I am missing.
Also one more thing:
Does it matter that I am running all of these commands (on all App servers) as root user? I was unable to install/start/enable firewalld without first switching to root user.
Does it matter that I am running all of these commands (on all App servers) as root user? I was unable to install/start/enable firewalld without first switching to root user.
Does the network interface that I choose affect the overall outcome of this task? For my last attempt I went with WAN.
Also, it appears that I am getting closer to the finish line (thank you @francilio & @amuthan1983), but I am getting an access forbidden error when trying to curl nginx. I’m not sure why this is happening. The telnet commands appear to be working as expected now, as in Jump host is connecting to nginx , but not to Apache & the LB Server is connecting to NGINX and to Apache.
…feels like I’m really close, but not sure.
Apologies for all of the questions, but for some reason this task is really tripping me up.
It is difficult for me to tell where exactly you may have gone wrong without getting some more details with regards to the steps that you have taken, but from the image/screenshot, it looks to me like you failed to implement step 2:
Allow incoming connections from LB host only on Apache port and block for all others.
Try adding a rich rule that forwards traffic from LB to Apache.
The server block should be listening on the nginx port 8096, not on the apache port 8087. Leave proxy_pass http://172.16.238.10:8087/; as it is because Nginx is running as a reverse proxy server for Apache (as stated in the instructions).
I hope this helps:-)
…and make sure to restart nginx & apache after you’ve made your changes:
systemctl restart nginx
systemctl status httpd
BTW, I assume that you are running these command as the root user because there is no sudo prepended to your commands…