We Keep Coding

Cert fails in type-orm but works fine with node-postgres

I want to connect to a Postgres data source using type-orm like this:
it("can connect using type-orm", async () => {
const signer = new AWS.RDS.Signer({
region: REGION,
hostname: DB_INSTANCE,
port: DB_PORT,
username: DB_USER
})
const AppDataSource = new DataSource({
type: "postgres",
host: DB_HOST,
port: DB_PORT,
username: DB_USER,
password: async () => signer.getAuthToken({}),
database: DB_DATABASE,
entities: [],
synchronize: false,
logging: false,
ssl: {
ca: fs.readFileSync('./cert.pem').toString(),
},
})
await AppDataSource.initialize()
});
But it fails with:
Hostname/IP does not match certificate's altnames: Host: localhost. is not in the cert's altnames: DNS: <TRUE AWS altnames here>
What is interesting is that the exact same credentials/certificate works fine with node-postgres:
it("can connect using node-postgres", async () => {
const signer = new AWS.RDS.Signer({
region: REGION,
hostname: DB_INSTANCE,
port: DB_PORT,
username: DB_USER
})
const client = new Client({
user: DB_USER,
host: DB_HOST,
database: DB_DATABASE,
password: signer.getAuthToken({}),
port: DB_PORT,
ssl: {
ca: fs.readFileSync('./cert.pem').toString(),
},
});
await client.connect();
await client.end();
})
So the certificate should be fine? I'm connecting to localhost:5432 which output a forwarded port on a jump server.

It seems type-orm performs a stricter validation. To bypass it, I added rejectUnauthorized in the extra option:
it("can connect using type-orm", async () => {
const AppDataSource = new DataSource({
type: "postgres",
host: env.DB_HOST,
port: env.DB_PORT,
username: env.DB_USER,
password: 'password123',
database: env.DB_DATABASE,
entities: [],
synchronize: false,
logging: false,
ssl: {
ca: fs.readFileSync('./cert.pem').toString(),
},
extra: {
ssl: {
// Disregard mismatch between localhost and rds.amazonaws.com
rejectUnauthorized: false
}
}
})
await AppDataSource.initialize()
});

Not able to run express-gateway on heroku - failed to bind to $PORT

I'm trying to have the basic example express-gateway running on Heroku
http:
port: ${HTTP_PORT:-8080}
hostname: ${HOST:-localhost}
admin:
port: 9876
host: localhost
apiEndpoints:
api:
host: 'localhost'
paths: '/ip'
serviceEndpoints:
httpbin:
url: 'https://httpbin.org'
...
Looking the logs I got the following error:
2021-02-15T18:53:09.947569+00:00 heroku[web.1]: Error R10 (Boot timeout) -> Web process failed to bind to $PORT within 60 seconds of launch
Any ideas?

I managed to fix that with the following config:
http:
port: ${PORT:-8080}
https:
port: ${PORT:-8081}
admin:
port: 9876
apiEndpoints:
api:
paths: '/ip'
So the default port variable is called PORT and by removing all references to localhost 🙌

Connection refused when connecting to redis on EC2 instance

I am trying to connect to local redis database on EC2 instance from a lambda function. However when I try to execute the code, I get the following error in the logs
{
"errorType": "Error",
"errorMessage": "Redis connection to 127.0.0.1:6379 failed - connect ECONNREFUSED 127.0.0.1:6379",
"code": "ECONNREFUSED",
"stack": [
"Error: Redis connection to 127.0.0.1:6379 failed - connect ECONNREFUSED 127.0.0.1:6379",
" at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1106:14)"
],
"errno": "ECONNREFUSED",
"syscall": "connect",
"address": "127.0.0.1",
"port": 6379
}
The security group has the following entries
Type: Custom TCP Rule
Port: 6379
Source: <my security group name>
Type: Custom TCP Rule
Port: 6379
Source: 0.0.0.0/0
My Lambda function has the following code.
'use strict';
const Redis = require('redis');
module.exports.hello = async event => {
var redis = Redis.createClient({
port: 6379,
host: '127.0.0.1',
password: ''
});
redis.on('connect', function(){
console.log("Redis client conected : " );
});
redis.set('age', 38, function(err, reply) {
console.log(err);
console.log(reply);
});
return {
statusCode: 200,
body: JSON.stringify(
{
message: 'The lambda function is called..!!',
input: event,
redis: redis.get('age')
},
null,
2
),
};
};
Please let me know where I am going wrong.

First thing, Your lambda trying to connect to localhost so this will not work. You have to place the public or private IP of the Redis instance.
But still, you need to make sure these things
Should in the same VPC as your EC2 instance
Should allow outbound traffic in the security group
Assign subnet
Your instance Allow lambda to connect with Redis in security group
const redis = require('redis');
const redis_client = redis.createClient({
host: 'you_instance_IP',
port: 6379
});
exports.handler = (event, context, callback) => {
redis_client.set("foo", "bar");
redis_client.get("foo", function(err, reply) {
redis_client.unref();
callback(null, reply);
});
};
You can also look into this how-should-i-connect-to-a-redis-instance-from-an-aws-lambda-function

On Linux Ubuntu server 20.04 LTS I was seeing a similar error after reboot of the EC2 server which for our use case runs an express app via a cron job connecting a nodeJs app (installed with nvm) using passport.js to use sessions in Redis:
Redis error: Error: Redis connection to 127.0.0.1:6379 failed - connect ECONNREFUSED 127.0.0.1:6379
at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1144:16) {
errno: 'ECONNREFUSED',
code: 'ECONNREFUSED',
syscall: 'connect',
address: '127.0.0.1',
port: 6379
}
What resolved it for me, as my nodeJs app was running as Ubuntu user I needed to make that path available, was to add to the PATH within /etc/crontab by:
sudo nano /etc/crontab Just comment out the original path in there so you can switch back if required (my original PATH was set to: PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin ) and append the location of your bin you may need to refer to, in the format:
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/home/ubuntu/.nvm/versions/node/v12.20.0/bin
And the error disappeared for me
// redisInit.js
const session = require('express-session');
const redis = require('redis');
const RedisStore = require('connect-redis')(session);
const { redisSecretKey } = process.env;
const redisClient = redis.createClient();
redisClient.on('error', (err) => {
console.log('Redis error: ', err);
});
const redisSession = session({
secret: redisSecretKey,
name: 'some_redis_store_name',
resave: true,
saveUninitialized: true,
cookie: { secure: false },
store: new RedisStore(
{
host: 'localhost', port: 6379, client: redisClient, ttl: 86400
}
)
});
module.exports = redisSession;

webpack 0.0.0.0 docker not working

I'm using docker-compose to serve django at 0.0.0.0:80 and webpack-dev-server at 0.0.0.0:3000. They're both work perfectly at 0.0.0.0
I also have domain bound to my external IP and I even can access django from this domain. But somehow, I can't access webpack-dev-server, neither by external IP, nor by domain.
Here is some additional data:
docker-compose.yml
web:
build: backend/
command: sh dockerfiles/init.sh
ports:
- 0.0.0.0:80:80
js:
build: webclient/
command: yarn runserver
ports:
- 0.0.0.0:3000:3000
As you see, they are both served same way here
server.js
new WebpackDevServer(
webpack(config),
{
publicPath: config.output.publicPath,
hot: true,
historyApiFallback: true,
allowedHosts: [
'0.0.0.0',
'localhost',
'DOMAIN',
'*.DOMAIN'
],
headers: {
"Access-Control-Allow-Origin": "*"
}
}
).listen(3000, '0.0.0.0', function (err, result) {
if (err) {
console.log(err)
}
console.log('Listening at 0.0.0.0:3000')
})
When I ping the port 0.0.0.0:3000 - the port is open. When i ping DOMAIN:3000 - the port is closed.
Do you have any ideas what's going on?

you need to use disableHostCheck:
{
publicPath: config.output.publicPath,
hot: true,
historyApiFallback: true,
disableHostCheck: true, // <------ here is the missing piece
allowedHosts: [
'0.0.0.0',
'localhost',
'DOMAIN',
'*.DOMAIN'
],
headers: {
"Access-Control-Allow-Origin": "*"
}
}

Meteor deploy error (mup): pushing meteor app bundle to server failed

I am trying to deploy a meteor app to an AWS server, but am getting this message:
Started TaskList: Configuring App
[52.41.84.125] - Pushing the Startup Script
nodemiral:sess:52.41.84.125 copy file - src: /
Users/Olivia/.nvm/versions/node/v7.8.0/lib/node_modules/mup/lib/modules/meteor/assets/templates/start.sh, dest: /opt/CanDu/config/start.sh, vars: {"appName":"CanDu","useLocalMongo":0,"port":80,"bind":"0.0.0.0","logConfig":{"opts":{"max-size":"100m","max-file":10}},"docker":{"image":"abernix/meteord:base","imageFrontendServer":"meteorhacks/mup-frontend-server","imagePort":80},"nginxClientUploadLimit":"10M"} +0ms
[52.41.84.125] x Pushing the Startup Script: FAILED Failure
Previously I had been able to deploy using mup, but now I am getting this message. The only major thing I've changed is the Python path in my .noderc. I am also able to SSH into my amazon server directly from the terminal. My mup file is:
module.exports = {
servers: {
one: {
host: '##.##.##.###',
username: 'ec2-user',
pem: '/Users/Olivia/.ssh/oz-pair.pem'
// password:
// or leave blank for authenticate from ssh-agent
}}meteor: {
name: 'CanDu',
path: '/Users/Olivia/repos/bene_candu_v2',
servers: {
one: {}
},
buildOptions: {
serverOnly: true,
mobileSettings: {
public: {
"astronomer": {
"appId": "<key>",
"disableUserTracking": false,
"disableRouteTracking": false,
"disableMethodTracking": false
},
"googleMaps": "<key>",
"facebook":{
"permissions":["email","public_profile","user_friends"]
}
},
},
},
env: {
ROOT_URL: 'http://ec2-##-##-##-###.us-west-2.compute.amazonaws.com',
MONGO_URL: 'mongodb://. . . "
},
/*ssl: {
crt: '/opt/keys/server.crt', // this is a bundle of certificates
key: '/opt/keys/server.key', // this is the private key of the certificate
port: 443, // 443 is the default value and it's the standard HTTPS port
upload: false
},*/
docker: {
image: 'abernix/meteord:base'
},
deployCheckWaitTime: 60
}
};
And I have checked to make sure there are no trailing commas, and have tried increasing the wait time. etc. The error message I'm getting is pretty unhelpful. Does anyone have any insight? Thank you so much!