Hide port number.
2017-12-08 23:06:14
Assume you are using Spring Boot and you are doing something like this java -Dserver.port=8091 -jar shopApp.jar & to deploy the app, and off course you have Apache configuration to map address example.com to port 8091. Everything is ok but probably you can open the same page by typing example.com or IP:8091, not good. Here I describe how to hide port.
app probably is available under
- http://example.com
- IP.IP.IP.IP:8091
check which ports are open
sudo netstat -tlpn
-----------------------------------------------------------
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
...
tcp6 0 0 :::80 :::\* LISTEN 368/apache2
...
tcp6 0 0 :::8091 :::\* LISTEN 903/java
tcp6 0 0 :::8092 :::\* LISTEN 934/java
iptables - List the rules
-------------------------
iptables --list
iptables - add new rules
------------------------
iptables -A INPUT -p tcp -s localhost --dport 8091 -j ACCEPT
iptables -A INPUT -p tcp --dport 8091 -j DROP
iptables -A INPUT -p tcp -s localhost --dport 8092 -j ACCEPT
iptables -A INPUT -p tcp --dport 8092 -j DROP
iptables - remove rules (in case if you will screw something)
-------------------------------------------------------------
iptables -D INPUT -p tcp -s localhost --dport 8091 -j ACCEPT
iptables -D INPUT -p tcp --dport 8091 -j DROP
iptables -D INPUT -p tcp -s localhost --dport 8092 -j ACCEPT
iptables -D INPUT -p tcp --dport 8092 -j DROP
iptables - List the rules
-------------------------
iptables --list
remember, now you apache should use localhost no IP
vim /etc/apache2/sites-enabled/000-default.conf
-----------------------------------------------
<VirtualHost example.com:80>
ServerAdmin me@example.com
ServerName example.com
ServerAlias example.com
ProxyPass / http://localhost:8091/
ProxyPassReverse / http://localhost:8091/
ErrorLog ${APACHE\_LOG\_DIR}/example.com-error\_log
CustomLog ${APACHE\_LOG\_DIR}/example.com-access\_log combined
</VirtualHost>
service apache2 restart
now app is available only under
http://example.com