I'm trying to install HTTPS in a gitlab pages, with a React site and react router.
Certbot is asking me to add a page with a code:
Make sure your web server displays the following content at
http://YOURDOMAIN.org/.well-known/acme-challenge/5TBu788fW0tQ5EOwZMdu1Gv3e9C33gxjV58hVtWTbDM
before continuing:
5TBu788fW0tQ5EOwZMdu1Gv3e9C33gxjV58hVtWTbDM.ewlbSYgvIxVOqiP1lD2zeDKWBGEZMRfO_4kJyLRP_4U
#
# output omitted
#
Press ENTER to continue
It's a one page site, so I don't really know where to add a static page with url: http://YOURDOMAIN.org/.well-known/acme-challenge/5TBu788fW0tQ5EOwZMdu1Gv3e9C33gxjV58hVtWTbDM
Is there a way to do it?
I couldn't do it with static page, but Certbot allows you to use an alternative method with DNS Challenge.
You need to put a TXT in your DNS hostzone, and then Certbot will compare it to the one he is asking you.
To get the TXT content, you must run certbot like that ( I use Docker )
docker run -it --rm --name certbot \
-v "$PWD/letsencrypt:/etc/letsencrypt" \
-v "$PWD/lib/letsencrypt:/var/lib/letsencrypt" \
certbot/certbot \
certonly \
-m email#company.com \
--manual \
--preferred-challenges dns-01 \
--no-eff-email \
--manual-public-ip-logging-ok \
--keep-until-expiring \
--agree-tos \
-d mydomain.com \
--server https://acme-v02.api.letsencrypt.org/directory
Just change your email, and the domain you want to work with.
More details in gitlab docs.
Hope it helps
Related
I'm trying to connect Keycloak with docker to a SQL Server database located on another server, but I'm not getting a connection.
This is the command I'm typing:
docker run --name keycloak \
--net keycloak-network \
-p 8080:8080 \
-e DB_VENDOR=mssql \
-e DB_USER=*** \
-e DB_PASSWORD=*** \
-e DB_ADDR=172.... \
-e DB_DATABASE=Keycloak \
-e KEYCLOAK_USER=user \
-e KEYCLOAK_PASSWORD=password \
jboss/keycloak
Could someone help me to solve it please.
Apparently it could be some SSL and RSA 1024 bitkey error
Caused by: java.security.cert.CertificateException: Certificates do not conform to algorithm constraints
at java.base/sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(SSLContextImpl.java:1681)
at java.base/sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(SSLContextImpl.java:1606)
at java.base/sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:1550)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:638)
... 78 more
Caused by: java.security.cert.CertPathValidatorException: Algorithm constraints check failed on keysize limits: RSA 1024 bit key used with certificate: CN=SSL_Self_Signed_Fallback
at java.base/sun.security.util.DisabledAlgorithmConstraints$KeySizeConstraint.permits(DisabledAlgorithmConstraints.java:889)
at java.base/sun.security.util.DisabledAlgorithmConstraints$Constraints.permits(DisabledAlgorithmConstraints.java:507)
at java.base/sun.security.util.DisabledAlgorithmConstraints.permits(DisabledAlgorithmConstraints.java:247)
at java.base/sun.security.util.DisabledAlgorithmConstraints.permits(DisabledAlgorithmConstraints.java:193)
at java.base/sun.security.provider.certpath.AlgorithmChecker.check(AlgorithmChecker.java:292)
at java.base/sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(SSLContextImpl.java:1677)
... 81 more
These are the errors that appear.
I just created a container instance on azure with an sql server docker image and a mounted file sharing storage as a volume. The fact is that the container got stucked, so I restarted it.
After restart, all data was gone. When I restart a docker container locally, data keep existing because of volumes so I cannot understand the behaviour on azure.
Any clue about this?
Here is the cli command I run to create the container
az container create --resource-group myresource-rg \
--name project-test-db \
--image mcr.microsoft.com/mssql/server:2019-latest \
--location westus2 \
--ports 1433 \
--memory 5 \
--environment-variables SA_PASSWORD=Password ACCEPT_EULA=Y \
--ip-address public \
--azure-file-volume-account-name projectteststorageacc \
--azure-file-volume-account-key \MyKey \
--azure-file-volume-share-name project-test-file-share \
--azure-file-volume-mount-path /databases
Try editing your command as below
Use " " for around ACCEPT_EULA=Y and key-value pair as below. And replace SA_PASSWORD with MSSQL_SA_PASSWORD
--environment-variables "MSSQL_SA_PASSWORD=Password" "ACCEPT_EULA=Y" \
Required setting for the SQL Server image, a strong password that is at least 8 characters and meets the SQL Server password requirements. Given if you have set appropriate strong password and storage key already, the below commands works just fine for me. If the password doesn't meet SQL standards this container fails (restart loop).
PS /home/karthik> $Password = "MyStrongPassword"
PS /home/karthik> $key = "FO/R6WkZELhMzX02wi9KahtLtKppoSIJg/EcJLEnZajRm2uxXs0sb/APaCk1eRsNW31yijSjS1hFm5Rd4rdTew=="
az container create --resource-group Myrg \
--name project-test-db \
--image mcr.microsoft.com/mssql/server:2019-latest \
--location westus2 \
--ports 1433 \
--memory 5 \
--environment-variables "SA_PASSWORD=$Password" "ACCEPT_EULA=Y" \
--ip-address public \
--azure-file-volume-account-name kteststoragee \
--azure-file-volume-account-key $key \
--azure-file-volume-share-name ktestfs2 \
--azure-file-volume-mount-path /databases
When you have a misbehaving container in Azure Container Instances, start by viewing its logs with az container logs, and stream its standard out and standard error with az container attach.
The az container attach command provides diagnostic information during container startup. Once the container has started, it streams STDOUT and STDERR to your local console.
Refer: Quickstart: Run SQL Server container images with Docker and Docker run command fails with Accept-Eula Agreement error #199
I am new with hugo and I dont find the way to addresss it.
My idea is use hugo in docker and get the content from another source, this way hugo will be updated.
The source can be almost anything, but I would prefer a repository.
Is there any way to do it?
From https://firepress.org/en/best-practices-for-getting-code-into-a-container/ it might be an option to use wget to download the data you want.
There might be better ways, but this one seemed like a pretty viable way to accomplish what you want.
I removed some "logging" features from the given sample and added some explanations of what does what.
##############################################################################
# Install App
##############################################################################
WORKDIR $APP
# Some of the APK's are installed that will be removed later in this process.
RUN apk update && \
apk upgrade && \
apk --no-cache add tar curl tini \
&& apk --no-cache add --virtual devs gcc make python wget unzip ca-certificates \
&& apk del devs gcc make python wget unzip ca-certificates \
&& npm cache clean \
&& rm -rf /tmp/npm*
##############################################################################
# PART ONE
# Install/copy FirePress_Klimax into casper from Github
##############################################################################
#directory name, for url building and renaming the unpacked zip.
THEME_NAME_FROM="FirePress_Klimax"; \
# directory where the file should be
THEME_NAME_INTO="casper"; \
# The url where to get you data from.
GIT_URL="https://github.com/firepress-org/$THEME_NAME_FROM/archive/master.zip"; \
# Local directory names.
DIR_FROM="$DIR_THEMES/$THEME_NAME_FROM"; \
DIR_INTO="$DIR_THEMES/$THEME_NAME_INTO"; \
# enter the themes directory.
cd $DIR_THEMES; \
# download the master.zip
wget --no-check-certificate -O master.zip $GIT_URL; \
# unzip the master.zip that was downloaded from github.
unzip $DIR_THEMES/master.zip; \
# remove the zip file, since the contents are on disk now
rm $DIR_THEMES/master.zip; \
# rename the "master" directory that's on disk now to it's proper name
mv $THEME_NAME_FROM-master $THEME_NAME_INTO; \
##############################################################################
# Clean up
##############################################################################
# delete the apk cache of unneeded cached downloads
rm -rf /var/cache/apk/*; \
# we don't need these programs anymore
apk del wget unzip ca-certificates;
Hugo has inbuilt functionality for you Modules, The module can be used to fetch the files from git and also you can specify which folder from git repo needs to be placed on where at your Hugo
List item
site. This happens at the time of Build.
You may need to install Go language to get this work.
I have a create-react-app project, and I'd like the deploy process to generate a Sentry release and upload the source maps to Sentry as well.
This script will create a Sentry release for version specified in the package.json file, and upload the source maps to Sentry.
It will work for any JS project, not just React.
create a file in your project root and name it deploy.sh:
SENTRY_TOKEN="YOUR_TOKEN"
PACKAGE_VERSION=`cat package.json \
| grep version \
| head -1 \
| awk -F: '{ print $2 }' \
| sed 's/[",]//g' \
| tr -d '[[:space:]]'`
printf "\nBuilding version $PACKAGE_VERSION...\n\n"
#2) Build for dev and cd to build directory
npm run build # or whatever your build command is
cd build/static/js # or whatever your build folder is
#3) create Sentry release
SOURCE_MAP=`find . -maxdepth 1 -mindepth 1 -name '*.map' | awk '{ gsub("./", "") ; print $0 }'`
printf "\nCreating a Sentry release for version $PACKAGE_VERSION...\n"
curl https://sentry.io/api/0/projects/:sentry_organization_slug/:sentry_project_slug/releases/ \
-X POST \
-H "Authorization: Bearer ${SENTRY_TOKEN}" \
-H 'Content-Type: application/json' \
-d "{\"version\": \"${PACKAGE_VERSION}\"}" \
#4) Upload a file for the given release
printf "\n\nUploading sourcemap file to Sentry: ${SOURCE_MAP}...\n"
curl "https://sentry.io/api/0/projects/:sentry_organization_slug/:sentry_project_slug/releases/$PACKAGE_VERSION/files/" \
-X POST \
-H "Authorization: Bearer ${SENTRY_TOKEN}" \
-F file=#${SOURCE_MAP} \
-F name="https://THE_URL_OF_THE_MAIN_JS_FILE/$SOURCE_MAP"
#5) IMPORTANT: Delete the sourcemaps before deploying
rm $SOURCE_MAP
#6) upload to your cloud provider
...
replace:
:sentry_organization_slug and :sentry_project_slug with the correct values from sentry (from the URL of any page inside your sentry account website)
SENTRY_TOKEN with your token from Sentry
THE_URL_OF_THE_MAIN_JS_FILE with the URL where your react build file is publicly accessible.
run.
Make sure you don't forget to update the package.json version on every release
I had the same problem recently and despite that there is no official solution for Create React App from Sentry their tooling is great and it's quite easy to automate the process of creating releases by yourself. You would need to generate release name, build the app and use this name to initialize Sentry library, create Sentry Release and upload sourcemaps.
I wrote the article which explains in details how to do it: https://medium.com/#vshab/create-react-app-and-sentry-cde1f15cbaa
Or you can go straight forward and look at example of configured project: https://github.com/vshab/create-react-app-and-sentry-example
I am using GAE for a Laravel application. I use WKHTMLTOPDF to create PDFs. For my local deployment i use a php-fpm docker container and i have to install a few libraries to make it work.
# Install all dependencies
apt-get update -yqq && \
apt-get install -y \
libxrender1 \
libfontconfig1 \
libjpeg62 \
libxtst6 \
libssl1.0-dev \
wget \
&& wget https://github.com/h4cc/wkhtmltopdf-amd64/blob/master/bin/wkhtmltopdf-amd64?raw=true -O /usr/local/bin/wkhtmltopdf \
&& chmod +x /usr/local/bin/wkhtmltopdf \
How do i add these libraries to my GAE deployment?
Here you have an example on how to deploy an application with a Dockerfile to App Engine Flex on a custom runtime. For more information on how to build custom runtimes, check this document.