Skip to content

Instantly share code, notes, and snippets.

@rimusz

rimusz/README.md

Forked from alexellis/README.md
Created July 16, 2018 08:52
Show Gist options
  • Save rimusz/8e37c9759f739087b4ff4cf3a9c62429 to your computer and use it in GitHub Desktop.
Save rimusz/8e37c9759f739087b4ff4cf3a9c62429 to your computer and use it in GitHub Desktop.
Download ZIP
Bypass corporate firewall that blocks accessing services high ports
Raw
README.md

Scenario

Your work involves using a corporate network for Internet access, which blocks accessing anything other than port 22/80/443 on a remote server.

Example

Kubernetes services deployed with NodePorts use a high TCP port range ~ 30000 which is blocked

Solution

Install a reverse proxy to route traffic from port 80 to your high port, use different hostnames if you have multiple services.

Let's route NodePort 31112 from OpenFaaS to port 80.

Perform all these steps on your remote cloud instance / server.

Install Nginx

apt install -qy nginx

Create config

/etc/nginx/conf.d/openfaas.conf

server {
    listen 80;
    server_name _;

    location / {
        proxy_set_header    X-Real-IP $remote_addr;
        proxy_set_header    Host      $http_host;
        proxy_pass          http://127.0.0.1:31112;
    }
}

Reload the config

sudo systemctl daemon-reload
sudo systemctl restart nginx

Prosper

Now access the OpenFaaS UI via port 80.

Didn't work?

  • Check the logs
systemctl status nginx.service
  • Test the config

Test

nginx -t

Test and print result

nginx -T
  • Check for conflicting default config files

You may have another, default configuration file for NGinx which is conflicting with your new config file. Look for default.conf or similar one level down from the /etc/nginx/ folder and remove it. It may be in /etc/nginx/sites-available/ or /etc/nginx/conf.d or similar.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment