I try to deploy in a development server a copy of wso2 5.9, when i make changes in for example catalina-server.xml for allow reverse proxy in port 443. All my changes overriding.
I already try add the proxyPort in deployment.toml without success.
[server]
hostname = "mydomain.com"
node_ip = "xxx.xxx.xxx..xxx"
base_path = "https://$ref{server.hostname}:${carbon.management.port}"
proxyPort = "443"
Can't found in documentation how i should specify this configuration in new toml file.
This should work.
[transport.https.properties]
proxyPort=443
Seems this is not documented yet. Figured out looking at the repository/resources/conf/templates/repository/conf/tomcat/catalina-server.xml.j2 file.
Seems like this is documented here under Proxy servers in the deployment checklist
so you should use the following
[transport.https.properties]
proxyhost= "you.proxy.host"
proxyPort= "443"
Related
I am using wso2 identity Server as a internal key manager of wso2 api manager and use Shared_db and start two server based on documentation here I got this error in api manager
ERROR {org.wso2.carbon.apimgt.rest.api.util.exception.GlobalThrowableMapper} - An unknown exception has been captured by the global exception mapper. feign.RetryableException: Certificate for <x.x.x.x> doesn't match any of the subject alternative names: [localhost] executing GET https://x.x.x.x:9443/oauth2/token/.well-known/openid-configuration.
x.x.x.x is The Identity Server ip.
The error simply indicated that the certificate you have for IS has the CN localhost and you are trying to access it with a different host(In this case IP) which causes the hostname verification to fail.
The correct solution to resolve this issue is to create proper certificates with correct CN/SAN names and use one of them to access Identity Server.
As a workaround, although it's not recommended, you can try disabling hostname verification by adding the following properties to the server startup script.(Not sure what's the exact parameter that will do the trick, but try following)
-Dorg.opensaml.httpclient.https.disableHostnameVerification=true \
-Dhttpclient.hostnameVerifier=AllowAll \
-Dfeign.httpclient.disableSslValidation=true \
We had the same issue when upgrading from IS 5.11.0 to 6.0.0.
The SSL certificates generated with Letsencrypt didn't have localhost as a Security Alternative Name (SAN). The workaround with self-signed certificates that include localhost as SAN is ok, but not what we needed.
We have bypassed it by adding the internal_hostname parameter under the [server] block inside the <IS_HOME>/repository/conf/deployment.toml config file:
[server]
hostname = "is.wso2.com"
internal_hostname = "is.wso2.com"
Make sure you replace is.wso2.com with your DNS.
More details can be found here.
https://is.docs.wso2.com/en/latest/deploy/change-the-hostname/
I deployed to test the last release of WSO2 5.11.0 in Docker container. I did not change anything in the default configuration except the hostname and callbackURL for the "Console" and "My Account" service providers to match my hostname.
Access to the carbon console is fine. But when I try to reach https://<hostname>/console or https://<hostname>/myaccount, I can fill my login and password, then I have a blank page without anything.
Any idea is welcome. Thank you.
Taking the answer from comments:
If you change the host/port of the server after one fresh pack startup, you have to follow the steps in stackoverflow.com/a/65353673/10055162 manually. On the other hand, if you change the host/port before the fresh IS pack server startup these changes applied automatically.
Out of the steps in stackoverflow.com/a/65353673/10055162,
You should have missed step 5 which causes you to see a blank page.
Navigate to : Resident IDP > Inbound Authentication Configuration > OAuth2/OpenID Connect Configuration and change Identity Provider Entity ID accordingly.
Further, these value changes can't be done via deployment.toml.
I can reproduce the same issue, upon initial startup with what I believe is a correct configuration:
When adding an HTTPS ProxyPort config of 443
[server]
hostname = "identity.myorg.io"
...
[transport.https.properties]
proxyPort = 443
Upon initial startup, the Resident IdP erroneously sets the Identity Provider Entity ID to https://identity.myorg.io:443/oauth2/token.
This means that when accessing -> https://identity.myorg.io/console|myaccount the same issue as described by the OP is encountered.
Manually changing the IDP EID to remove the :443 fixes it. The server should do this automatically for port 443.
· Changing the hostnames from localhost to IP / Domain is not working. Running the API manager server overrides the configuration files (carbon.xml and api-manager.xml) to previous configuration. How should we change the domain names from localhost to domain or live IPs?
· The configuration is not editable in https://localhost:9443/carbon. Is there any other way to change configuration? Even the configuration is not visible in https://localhost:9443/admin.?
Please help...
I guess you are referring to APIM 3.0.0 which comes with new configuration model. These configs are need to be modified in the deployment.toml file. Please refer https://apim.docs.wso2.com/en/latest/Reference/ConfigCatalog/ for more information.
See details on changing hostname in https://apim.docs.wso2.com/en/latest/InstallAndSetup/DeployingWSO2APIManager/changing-the-hostname/
I'm a newbie on REDMINE(my version is 1.4.4)
I just got a question that is there any way that I can encrypt my email password on configuration.yml file which is to set up email configuration.
FYI, current setting is like below.
email_delivery:
delivery_method: :smtp
smtp_settings:
tls: true
address: smtp.gmail.com
port: 587
domain: smtp.gmail.com
authentication: :plain
user_name: "myEmailAddress#gmail.com"
password: "myEmailPassword" # I don't want to reveal my pw here :(
enable_starttls_auto: true
Thx in advance.
Yes you can but the only way I know to do it is to install and use Postfix as the relay and setup stunnel to handle the encrypted password exchange.
I had my system setup that way for a while but now I use Postfix without stunnel because Amazon SES service now supports starttls.
I had help from this site in my original setup:
http://quietmint.com/linux/postfix-relaying-mail-through-an-smtps-smarthost-on-port-465/
My latest setup I derived help from here:
http://blog.duoconsulting.com/2012/01/30/using-amazons-ses-with-postfix-as-a-smarthost-forwarder/
I have a web service deployed behind firewall.
Connection between firewall and WS is on 8080 port, but firewall accept requests from outside only on 443 port.
The problem is that when I open wsdl from outside, schemaLocation attribute has wrong value - begins with http://host:8080, but not with https://host:443
I can change port as described here:
http://metro.java.net/2.0/guide/HTTP_address_in_soap_address_and_import_locations.html
but it lead to wrong: http://host:443
Does anyone know how to fix protocol of schemaLocation attribute from http to https?
it is here: new location of metro user guide