I have a beginner PythonAnywhere account, which, the account comparison page notes, have "Access to External Internet Sites: Specific Sites via HTTP(S) Only."
So I know only certain hosts can be accessed through HTTP protocols, but are there restrictions on use of the socket module? In particular, can I set up a Python server using socket?
PythonAnywhere dev here. Short answer: you can't run a socket server on PythonAnywhere, no.
Longer answer: the socket module is supported, and from paid accounts you can use it for outbound connections just like you could on your normal machine. On a free account, you could also create a socket connection to the proxy server that handles free accounts' Internet access, and then use the HTTP protocol to request a whitelisted site from it (though that would be hard work, and it would be easier to use requests or something like that).
What you can't do on PythonAnywhere is run a socket server that can be accessed from outside our system.
Nope. PythonAnywhere doesn't support the socket module.
Related
I made a WEB application using Bottle and want to publish it. I decided to use paste for the web server because official document said it's the easiest way.
In order to let the web server process listen on the port 80, the process must be launched by the root user. I'm not a security expert and can not judge that it's safe to use the root user for launching an application that is exposed to the internet directly.
Shall I avoid using root user in such a situation ?
No.
Do not run your web server as root.
Shall I avoid using root user in such a situation?
Yes, avoid running as root.
In order to let the web server process listen on the port 80
Your web server does not need to listen on port 80. One common way to structure this is to put a proxy (like a load balancer) in front of your web server. Your server listens on a non-privileged port (e.g. 8000); the load balancer (which is listening on port 80) forwards all requests to your server.
The accepted answer (which does not actually answer your question) merely mentions chroot, but I suggest that you not worry about that. Running as a non-privileged user is a much more important safeguard than using chroot. I would consider chroot to be secondary to your initial, quite legitimate, concerns over running as root.
It is recommended to create an chrooted environment with an restricted user.
Over here you can find a howto on how to create a chrooted environment www.howtogeek.com/441534/how-to-use-the-chroot-command-on-linux/amp/
I'm creating a python flask api on remote desktop and running it on localhost of remote desktop.
Is there anyway I can access this api from my local machine?
We are working in a team and I want to share this with my team members, but this is confidential and not to be deployed on open server.
We want to post and get the result with every member's local machine from api runnnig on remote desktop.
Both of our local machines and remote desktop are windows10.
Sorry for being abstract but I'm searching for any way out. Thanks.
Well, you should open your way to this API. You'll have to set up a VPN or IP address filter in the server so you can access the server from your network while still have it secured on the Internet. You can also setup a simpler proxy if you prefer it. I'll not cover the details on how to setup a VPN or proxy since it can get pretty extensive, but a Google search will help you out find the best alternative for you.
AFAIK, the Remote Desktop Protocol does not allow for any kind of VPN. However, if you can switch to TeamViewer, it does have an easy to setup VPN system that will allow you to get into the network with few configuration. Once a VPN is configured, it will work like if you were in the same network as the server, so from there you can access your API from your host machine by just going to the IP address of the server.
Do notice the security policies of whoever owns the server, since you can get into trouble if you don't have permission to enable some access from the outside. Security goes always in front of comfort.
Short term solution:
Firstly download ngrok for your operating system.
For debugging and testing purposes you can expose a secure tunnel connection to your API by running this command in your command prompt / terminal.
ngrok http <PORT_NUMBER>-host-header="localhost:<PORT_NUMBER>"
Where PORT_NUMBER is the port number in which your flask application is running.
Example if your flask application is running at port 5000 then simply execute this command:
ngrok http 5000 -host-header="localhost:5000"
Running this will give you two hostnames one with HTTP and other a secure HTTPS connected by a tunnel like this for a duration of 8 hours after which the command needs to again re-run.
Which you can call remotely
Long term solution:
Deploy flask application using FastCGI
or
To a cloud infrastructure provider like Microsoft Azure which gives readymade templates for flask applications.
I would like to make HTTP requests over SSH tunnels using Twisted. I have seen examples of using Twisted to set up SSH local port forwarding, but that's not what I am after.
Instead, it seems to me it should be possible using Twisted to wrap the HTTP traffic inside SSH tunnel directly - ie. without having to set up Twisted to listen on a local port for forwarding traffic.
I've checked how Twisted Conch command-line script does the local port forwarding, in conch.ssh.forwarding. Should that be somehow integrated with a HTTP client? Or, on the other hand, I've read that SSHChannel supports twisted.internet.interfaces.ITransport interface, so it could be given to Protocols to run them over the secure connection? Then there's the new-ish endpoints API in Twisted: I wonder if an endpoint for tunneling traffic from the ssh server onwards would make sense?
Or something else?
I wonder if an endpoint for tunneling traffic from the ssh server onwards would make sense?
It would make a lot of sense.
There is an endpoint that connects a protocol to the stdio of a command running remotely using Conch - twisted.conch.endpoints.SSHCommandClientEndpoint. And development has started (but stalled, it seems) on an endpoint for connecting a protocol to a remote subsystem (eg sftp) using Conch. An endpoint for connecting to a remote address over a tunneled connection using Conch would make a great addition.
The branch which begins to implement SSHSubsystemClientEndpoint might be a useful thing to look at to get an idea of what is involved in writing this new endpoint. There may also be useful refactorings started in that branch that make it easier to add new endpoints like this (since the branch adds exactly the 2nd conch endpoint and probably had to do some work to make some code from the 1st conch endpoint more easily re-usable).
If built a script which connects to an ftp server.I have tested it local on my pc and its working, but on the server it says: (113, 'No route to host'). If i connect per shell with ftp XX.XX.XX.XX its working fine! This is how i try to connect in python:
import ftplip
meinftp = ftplib.FTP(ip)
meinftp.login(user,password)
meinftp.cwd(ftpdirectory)
Any ideas why i get no route to host? The firewall is not blocking.
I agree that strace is a good tool here, but it can be a bit daunting if you aren't familiar with it, or at least, familiar with C.
About use of strace and similar tools for debugging:
http://stromberg.dnsalias.org/~strombrg/debugging-with-syscall-tracers.html
python returns 113 'No route to host' even if the DNS name is available, but the service is not working.
May be specific for FTP passive options.
Run your script with the 'strace' so you will be to check what syscall is failing.
strace -fo /tmp/log python yourscript.py
See also https://stumbles.id.au/python-ftps-and-mis-configured-servers.html
Quoting: "I eventually noticed a message in the FileZilla logs, Server sent passive reply with unroutable address. Using server address instead. It turns out that the FTPS server was mis-configured and was replying to the PASV command with an internal IP address that was not accessible from the public internet. It seems that this is a common enough configuration issue that some FTP clients detect the problem and use the existing server address instead. Python's FTP client doesn't do this though."
This is most likely a firewall issue, try disabling the firewall.
I'm developing a website that incorporates an XMPP bot and a custom SMTP server (mainly these services process commands and reply). I'd like to set up a system where I can develop locally, push changes to a staging server, and finally to a production system. (Essentially I'm developing on the live server currently.)
I'm using python, and I'm reading a bit about fabric, but I'm running into a mental block.
I am using sqlalchemy-migrate to manage database versions and have the basic DNS stuff set up for the host. Additionally, I have a library that I'm currently working on that these two services both use (in my global site-packages directory). I deploy this egg after I change anything. This would ideally also be deployable, but only available to the correct version. Would I need two versions, stage-lib and live-lib? Is this possible with python eggs?
Would I need another host to act as a staging server for these services? Or is there a way to tell DNS that something#staging.myhost.com goes to a different port than 25?
I have a fabfile right now that has a bunch of methods like stage_smtp, stage_xmpp, live_smtp, live_xmpp.
Partial answer: DNS has no way to tell you to connect to a non-standard SMTP port, even with SRV records. (XMPP does.)
So, for sending email, you'll have to do something like:
import smtplib
server = smtplib.SMTP('localhost:2525')
server.sendmail(fromaddr, toaddrs, msg)
server.quit()