Good to know that. Good job! Thanks @juliettet!
1 Like
Hi @SZI,
It is difficult for me to tell where exactly you may have gone wrong without getting some more details with regards to the steps that you have taken, but from the image/screenshot, it looks to me like you failed to implement step 2:
Allow incoming connections from LB host only on Apache port and block for all others.
Try adding a rich rule that forwards traffic from LB to Apache.
Hope this helps:-)
@juliettet,
I followed the below steps referring to your earlier post.
#To check the status of nginx and httpd
systemctl status nginx && systemctl status httpd
#To check the port number for nginx and httpd
grep -i Listen /etc/httpd/conf/ht* /etc/nginx/nginx.conf
#install firewall & start and check status
yum install firewalld -y
systemctl start firewalld && systemctl enable firewalld && systemctl status firewalld
find nginx port 8096
yum install net-tools
netstat -tulpn | grep LISTEN
systemctl restart dbus
systemctl start firewalld && systemctl enable firewalld && systemctl status firewalld
#adding firewall rules to allow and block
firewall-cmd --zone=public --add-port=8096/tcp --permanent
firewall-cmd --permanent --zone=public --add-service={http,https}
firewall-cmd --permanent --zone=public --add-rich-rule=‘rule family=“ipv4” source address=“172.16.238.14” port protocol=tcp port=8087 accept’
firewall-cmd --permanent --zone=public --change-interface=wan
firewall-cmd --reload
firewall-cmd --get-active-zones
systemctl restart firewalld && systemctl status firewalld
firewall-cmd --zone=public --list-ports && firewall-cmd --zone=public --list-all && firewall-cmd --list-all
Also, modified the nginx config file
server {
listen 8087;
listen [::]:8087;
server_name 172.16.238.10;
root /usr/share/nginx/html;
}
proxy_pass http://172.16.238.10:8087/;
1 Like
Hi @SZI,
Take a look at what you have in your server block:
server {
listen 8087;
listen [::]:8087;
server_name 172.16.238.10;
root /usr/share/nginx/html;
}
The server block should be listening on the nginx port 8096, not on the apache port 8087. Leave proxy_pass http://172.16.238.10:8087/; as it is because Nginx is running as a reverse proxy server for Apache (as stated in the instructions).
I hope this helps:-)
…and make sure to restart nginx & apache after you’ve made your changes:
systemctl restart nginx
systemctl status httpd
BTW, I assume that you are running these command as the root user because there is no sudo prepended to your commands…
3 Likes
Hi @juliettet, Thank you for pointing out. I recognized my silly mistake while doing this task. But the task is marked as failed and not letting me know to retry since yesterday. Any thoughts as how to bring it back to review mode so i can give a try ?
1 Like
Hi @SZI,
You should have an option (in your dashboard, on the right side of the task that was marked as failed) to mark for review. Click on that & when someone responds with the correct answer/response, click on the check mark to mark the response as correct. After that, you should see an option to retry the task back in your main dashboard.
But no option to re-try , i think it will be re-assigned in future hopefully. Thanks for your support and response to my queries.
You’re welcome @SZI. Hmmmm…maybe try contacting a KodeKloud admin to see why you’re not getting an option to retry.
Good luck!
1 Like
@juliettet
So the task never became pending and yesterday evening it came as new task and i attempted twice ( some issue with environment) and completed it successfully.
So thanks for your inputs . Happy learning
1 Like
Thanks for you help with the review Syed! I was able to complete the task!
2 Likes