I have an apache2/httpd install on centos fronting a tomcat instance and I want it to trust all client certificates.
How should I go about it?
There is no such thing as 'SSL Passthrough' with Apache since Apache needs to handle the SSL negotiation. Things I may think of are
Do not use Apache but perform TCP forwarding, using a NAT rule for instance (/sbin/iptables -I PREROUTING -t nat -p tcp -d test.server.ip --dport 443 -j DNAT --to :8443). If you have two IP addresses assigned to the machine, your NAT rule can redirect based on the destination IP.
You could configure a virtual host in Apache dedicated to test where you set SSLVerifyClientto none. This Virtual Host has a reverse proxy rule mapping directly to the non SSL http port of your Tomcat instance, or maps to the HTTP/S port and then you set the SSLProxyMachineCertificateFile with certs that Apache can present to authenticate to Tomcat
Related
For my project i configured the postgresql and pgadmin4 .. but now i want to make the website secure with proper DNS name and run over port 443. DNS is also done but how to make it run over 443 from 80. ie., from http to https. i made changes in httpd.conf file and added certificates required too. but website is not loading ,still the website is opening on http:// ip address but not on https://
I tried making changes in configuration file too
LL be Much thankful.
how to configure pgadmi4 on port 443 https
I have PostgreSQL running on Ubuntu Server and I want to make remote connection with PostgreSQL running on port 5432.
I've checked if I can ping the public IP of ubuntu server from my machine and that works fine.
Next I've changed two files on ubuntu server first I've changed postgresql.conf which looks as below
#------------------------------------------------------------------------------
# CONNECTIONS AND AUTHENTICATION
#------------------------------------------------------------------------------
# - Connection Settings -
listen_addresses = '*' # what IP address(es) to listen on;
# comma-separated list of addresses;
# defaults to 'localhost'; use '*' for all
# (change requires restart)
port = 5432 # (change requires restart)
Next I've added two lines in pg_hba.conf as below
host all all 0.0.0.0/0 trust
host all all ::/0 trust
Finally I checked if firewall is running by running sudo ufw verbose which outputted inactive.
As per my understanding I've allowed PostgreSQL to accept remote connection and firewall is also not present hence nothing is blocking. Still I get the following error.
psycopg2.OperationalError: connection to server at "XXX.XXX.XXX.XXX", port 5432 failed: Connection timed out (0x0000274C/10060)
Is the server running on that host and accepting TCP/IP connections?
How can I fix this error?
Edit
Although I can ping and ssh to the Ubuntu server using public IP but can not telnet.
I checked if port 5432 is open using this link but it turned out to be closed.
I have wireguard setup on a machine (call it MachineA, with the IP 10.42.0.19). I have my laptop configured with the IP 10.42.0.15, call it LaptopB. I am able to SSH into MachineA from the LaptopB when I connect both peers using ssh root#MachineA. Then, if I wait a while, I can no longer SSH into the MachineA from LaptopB. For example, the same command ssh root#MachineA just hangs.
Using -vvvv shows me this:
$ ssh -vvvv root#10.42.0.19
OpenSSH_8.3p1 Ubuntu-1ubuntu0.1, OpenSSL 1.1.1f 31 Mar 2020
debug1: Reading configuration data /home/xrd/.ssh/config
...
debug2: ssh_connect_direct
debug1: Connecting to 10.42.0.19 [10.42.0.19] port 22.
And, it never connects.
There is a simple fix: from inside the machine, ping any other Wireguard machine on the network. MachineA is a DigitalOcean droplet. If I use the web console to login, and then ping any other peer on the network (say 10.42.0.4), then immediately after the ping starts, the SSH connection completes.
How do I troubleshoot this?
I have not restarted wireguard on either LaptopB nor MachineA. Both appear to be connected.
In my wg0.conf on both ends they are more or less like this:
[Interface]
Address = 10.42.0.19/24
PrivateKey = DontYouWishYouHadThis
DNS = 10.42.0.1,8.8.8.8
[Peer]
PublicKey = SomePublicKeyIsHere
AllowedIPs = 10.42.0.0/24
Endpoint = 33.33.33.33.:51280
I'm trying to connect to a local rados GW listening to port 1234
when I configure fs.s3a.connection.ssl.enabled to false it connects to 80 (http)
And when its true (or not set) it connects to 443 (https)
How can I change the port to connect to a different port?
Is there a flink configuration that I can use (beside configure core-site.xml)
I'm working on flink 1.11.2
I'm using s3.endpoint and point it to http://<machine>:<port>. (Use fs.s3a.endpoint when you use both s3 plugins)
Picking up a test system with apache + tomcat. It was supposed to work but has been not working for a while.
If I start Tomcat first, then when starting apache it will show the following error:
[warn] NameVirtualHost *:8081 has no VirtualHosts
(98)Address already in use: make_sock: could not bind to address 0.0.0.0:8081
no listening sockets available, shutting down
If I start Apache first, then start Tomcat, I will see the java exception saying port 8081 has been used already and Tomcat won't start.
What's the correct way to integrate apache2 and tomcat7? Where do I may be missing in the current setup? thanks.
Since port 8081 is not the standard port for Apache to listen to, it must be configured somewhere explicitly. Go through the configuration, find it, and fix it.
Alternatively, you can go though the tomcat configuration, find the port and fix it.
What the fix may be depends on your server setup: Moving it to another port number, disabling it completly, or something different.
A common configuration hides apache tomcat completly behind apache httpd and connects to it via the AJP connector.
You have the apache configure these listening on port 80 and integrate the Tomcat (default ajp port 8009 or default http port 8080) via mod_jk (AJP) or proxypass (AJP or HTTP) to Apache.
Apache (proxypass)
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
or
ProxyPass / ajp://localhost:8009/
ProxyPassReverse / ajp://localhost:8009/