Trusted Intermediary connecting to ES through private network

Having both the app server (trusted intermediary) and EventStore hosted on the same machine and I’m facing no difficulties.
I receive requests from the client which the the app server verifies and it forwards the request (with an added ‘ES-TrustedAuth’ header w/value i.e. “root; admin, other”) to the EventStore HTTP API which handles it.

I am now attempting to have app server and EventStore be located on two separate machines within the same local/private network.

From the app server i forward the incoming client request to http://10.0.0.x:2113/streams/somestream" with the ‘ES-TrustedAuth’ as usual.
Ports 2113 (and 1113 for good measure) is open on the EventStore node firewall.

Can’t seem to get a response though. I can ping 10.0.0.x just fine. I’m suspecting I need to throw in ‘username:password@’ to the url or some other form of credential setup? I have made sure EventSource is running with an HTTP listener approved user (and Event Source is starting w/–enable-trusted-auth).

It should be fine for TrustedAuth to come from another node. Can you
access the es node from the other node with curl?

actully let me double check the code just to make sure we didn't put a
safety check to only allow loopback :slight_smile:

curl.exe -i -H “Accept:application/vnd.eventstore.events+json” “http://10.0.0.x:2113/streams/somestream” -u username:password
is currently giving me “HTTP Error 400. The request hostname is invalid.”

mandag 24. april 2017 15.36.42 UTC+1 skrev Greg Young følgende:

Ah this is a different issue. What is your config? You likely need to
add a prefix

Two standard Azure nodes w/Win 2012 server.
EventStore.ClusterNode.exe --db=./db --log=./logs --run-projections=all --start-standard-projections --disable-http-caching --enable-trusted-auth
Opened for TCP 1113,2113 in/out on the two nodes.
Everything running close to default at the moment.

PS C:\Windows\system32> curl.exe -i -H “Accept:application/vnd.eventstore.events+json” “http://10.0.0.x:2113/streams/somestream

HTTP/1.1 400 Bad Request

Content-Type: text/html; charset=us-ascii

Server: Microsoft-HTTPAPI/2.0

Connection: close

Content-Length: 334

Bad Request

Bad Request - Invalid Hostname


HTTP Error 400. The request hostname is invalid.

mandag 24. april 2017 15.49.43 UTC+1 skrev Greg Young følgende:

For the system I’m trying to reach:

PS C:\Windows\system32> ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : STAGING-DB01

Primary Dns Suffix . . . . . . . : xxx.local

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : xxx.local

reddog.microsoft.com

Ethernet adapter Ethernet:

Connection-specific DNS Suffix . : reddog.microsoft.com

Description . . . . . . . . . . . : Microsoft Hyper-V Network Adapter

Physical Address. . . . . . . . . : 00-0D-3A-B3-00-B3

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IPv4 Address. . . . . . . . . . . : 10.0.0.7(Preferred)

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Lease Obtained. . . . . . . . . . : Monday, April 24, 2017 2:59:22 PM

Lease Expires . . . . . . . . . . : Thursday, May 31, 2153 11:57:14 PM

Default Gateway . . . . . . . . . : 10.0.0.1

DHCP Server . . . . . . . . . . . : 168.63.127.14

DNS Servers . . . . . . . . . . . : 10.0.0.4

NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.reddog.microsoft.com:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . : reddog.microsoft.com

Description . . . . . . . . . . . : Microsoft ISATAP Adapter

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

mandag 24. april 2017 16.01.03 UTC+1 skrev Erlend Wollan følgende:

"EventStore.ClusterNode.exe --db=./db --log=./logs
--run-projections=all --start-standard-projections
--disable-http-caching --enable-trusted-auth"

Where are you setting the ip address to listen to?

That was the missing piece. Thanks for your patience. :slight_smile:

Final config:
EventStore.ClusterNode.exe --db=./db --log=./logs --run-projections=all --start-standard-projections --disable-http-caching --enable-trusted-auth --ext-ip=10.0.0.7

mandag 24. april 2017 17.16.38 UTC+1 skrev Greg Young følgende: