I went to restart Apache after disabling the banner with
sudo /opt/bitnami/apps/wordpress/bnconfig --disable_banner 1
now Apache won't restart
~$ sudo /opt/bitnami/ctlscript.sh status
php-fpm already running
apache not running
mysql already running
I tried
~$ sudo /opt/bitnami/ctlscript.sh start apache
Syntax OK
/opt/bitnami/apache2/scripts/ctl.sh : httpd could not be started
Monitored apache
for error log - cat /opt/bitnami/apache2/logs/error_log
you can find it here in this link
https://drive.google.com/file/d/1f2Xt0bwcMEhKcXkILLMf_kdBl0JoSZUr/view?usp=sharing
for httpd-app.conf file here copy of it in below link
https://drive.google.com/file/d/1l2zEPzIU0uBHdEyFQEZ22eEPS9fMnBTO/view?usp=sharing
Bitnami Engineer here,
From the log file you shared, I see that Apache fails because there is a mismatch when checking the SSL certificates
Certificate and private key localhost:443:0 from /opt/bitnami/apache2/conf/server.crt and /opt/bitnami/apache2/conf/server.key do not match
Did you modify them? In case you configured a new SSL certificate, you probably forgot to copy any of the files. If you didn't want to configure a SSL certificate, you can generate new self-signed certificates by running these commands
sudo openssl genrsa -out /opt/bitnami/apache2/conf/server.key 2048
sudo openssl req -new -key /opt/bitnami/apache2/conf/server.key -out /opt/bitnami/apache2/conf/cert.csr
sudo openssl x509 -in /opt/bitnami/apache2/conf/cert.csr -out /opt/bitnami/apache2/conf/server.crt -req -signkey /opt/bitnami/apache2/conf/server.key -days 365
https://docs.bitnami.com/aws/components/apache/#how-to-create-an-ssl-certificate
Related
I need to run a python Django project with Pycharm IDE locally in HTTPS
so that other services can talk with my service without any errors.
I don't manage to run it locally in HTTPS
You can use runserver_plus extension. It depends on Werkzeug, so you have to install it first. Installation:
pip install Werkzeug
pip install django-extensions
pip install pyOpenSSL
Then add django_extensions to your INSTALLED_APPS inside settings.py:
INSTALLED_APPS = (
...
'django_extensions',
)
Now you need to generate self-signed certificate for your local server. Something like this, credits to Diego Woitasen:
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 365
And now you can run Django this way:
python manage.py runserver_plus --cert-file /path/to/cert.crt
And some links for sources:
runserver_plus with SSL.
Werkzeug installation.
How to fix VMWare Could not open /dev/vmmon
VMWare article 2146460
On Linux host with secure mode enabled, it is not allowed to load any unsigned drivers. Due to this, VMware drivers, such as vmmon and vmnet, are not able to be loaded which prevents virtual machine to power on.
openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der -nodes -days 36500 -subj "/CN=VMWare"
sudo /usr/src/linux-headers-`uname -r`/scripts/sign-file sha256 ./MOK.priv ./MOK.der $(modinfo -n vmmon)
sudo /usr/src/linux-headers-`uname -r`/scripts/sign-file sha256 ./MOK.priv ./MOK.der $(modinfo -n vmnet)
sudo mokutil --import MOK.der
sudo shutdown -r now
During the very next startup, you may need to enter MOK Management during boot, and select "ENROLL MOK" to import the key, and reboot once more.
Ubuntu 20.04 solution that worked for me:
openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der -nodes -days 36500 -subj "/CN=VMWare"
sudo /usr/src/linux-headers-$(uname -r)/scripts/sign-file sha256 ./MOK.priv ./MOK.der $(modinfo -n vmmon)
sudo /usr/src/linux-headers-$(uname -r)/scripts/sign-file sha256 ./MOK.priv ./MOK.der $(modinfo -n vmnet)
sudo su
mokutil --import MOK.der
input password:
input password again:
exit
sudo shutdown -r now
At startup "ENROLL MOK" and "Restart" again.
This may work with Ubuntu but with RHEL 7.8/8 I use the following commands (as root):
openssl req -new -x509 -newkey rsa:2048 -keyout VMWare.priv -outform DEF -out VMWare.der -nodes -days 36500 -subj "/CN=VMware/"
/usr/src/kernels/$(uname -r)/scripts/sign-file sha256 ./VMWare.priv ./VMWare.der $(modinfo -n vmmon)
/usr/src/kernels/$(uname -r)/scripts/sign-file sha256 ./VMWare.priv ./VMWare.der $(modinfo -n vmnet)
mokutil --import VMWare.der
reboot
I get Cant't find private key when I sign vmnet/vmmon however, other articles on the internet have indicated that this is OK.
The mok is imported and then I try to run VMWare and I get Could not open /dev/vmmon: No such file or directory. Please make sure that the kernel module 'vmmon' is loaded.. If I make sure RHEL 7.8 is fully up to date the computer does not get the UEFI splash screen.
This is my post on the Unix/Linux stack exchange channel
https://unix.stackexchange.com/questions/605037/unable-to-run-vmware-on-rhel-8-after-signing-vmmon-and-vmnet
I've been banging my head against the table with this one for a while now. I'm. I've successfully sent emails locally using an AWS access key and secret that has full access. Once I deploy to my staging environment I get an error using the same access key and secret.
RequestError: send request failed\ncaused by: Post https://email.us-east-1.amazonaws.com/: x509: certificate signed by unknown authority
Please help!
If you are using alpine docker image for example:
FROM alpine:3.6 as alpine
RUN apk add -U --no-cache ca-certificates
FROM scratch
COPY --from=alpine /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
After adding root certificates ca-certificates, it will be working fine.
My project is deployed on Ubuntu machine and I am using Golang, so here is my Dockerfile.
Please note that I have used COPY command twice.
I successfully deployed my project and its working as expected.
FROM golang:1.16.5 AS builderStep
# Install Certificate
RUN apt-get update && apt-get install -y --no-install-recommends ca-certificates
FROM scratch AS app
# Copy Certificate
COPY --from=builderStep /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
COPY --from=builderStep /my/source/code/ .
Actually i wants to use my own stun/Turn server instance and i want to use Amazon EC2 .If anybody has any idea regarding this please share with me the steps to create or any reference link to follow.
do an ssh login to your ec2 instance, then run the below commands for installing and starting the turn server.
simple way:
sudo apt-get install coturn
If you say no, I want the latest cutting edge, you can download source code from their downloads page in install it yourself, example:
sudo -i # ignore if you already in admin mode
apt-get update && apt-get install libssl-dev libevent-dev libhiredis-dev make -y # install the dependencies
wget -O turn.tar.gz http://turnserver.open-sys.org/downloads/v4.5.0.3/turnserver-4.5.0.3.tar.gz # Download the source tar
tar -zxvf turn.tar.gz # unzip
cd turnserver-*
./configure
make && make install
sample command for running TURN server:
turnserver -a -o -v -n -u user:root -p 3478 -L INT_IP -r someRealm -X EXT_IP/INT_IP --no-dtls --no-tls
command description:
-X - your amazon instance's external IP, internal IP: EXT_IP/INT_IP
-p - port to be used, default 3478
-a - Use long-term credentials mechanism
-o - Run server process as daemon
-v - 'Moderate' verbose mode.
-n - no configuration file
--no-dtls - Do not start DTLS listeners
--no-tls - Do not start TLS listeners
-u - user credentials to be used
-r - default realm to be used, need for TURN REST API
in your WebRTC app, you can use trun server like:
{
url: 'turn:user#EXT_IP:3478',
credential: 'root'
}
One method to install a turnserver on Amazon EC2 would be to choose Debian and to install the coturn package, which is the successor of the RFC5766-server.
The configuration file at /etc/turnserver.conf includes EC2 specific instructions. The information provided within this file is very exhaustive in general and should answer the majority of configuration questions.
Once configured, the coturn server can be stopped an started however you would any other service.
I've been using stunnel for local Django development on SSL-enabled pages for a while, but since upgrading to Yosemite it seems to have stopped working:
$ sudo stunnel stunnel/dev_https
dyld: Library not loaded: /opt/local/lib/libssl.1.0.0.dylib
Referenced from: /usr/bin/stunnel
Reason: image not found
I tried building libssl from source using this gist and symlinking libssl.1.0.0.dylib to /opt/local/lib/libssl.1.0.0.dylib. That then failed, looking for /opt/local/lib/libcrypto.1.0.0.dylib. So I symlinked the version I'd just built to that expected path, and got this:
$ sudo stunnel stunnel/dev_https
dyld: Library not loaded: /usr/local/ssl/lib/libcrypto.1.0.0.dylib
Referenced from: /opt/local/lib/libssl.1.0.0.dylib
Reason: image not found
What's going on here? stunnel is at /usr/bin/stunnel and I've checked it's not installed via homebrew. Has anyone else managed to work this out?
I just got stunnel working for Django on Yosemite. If I remember correctly, I also had to previously fix my libssl as explained in this other answer for psycopg2.
Then, I use homebrew for everything:
$ brew install stunnel
$ openssl req -new -x509 -days 9999 -nodes -out stunnel.pem -keyout stunnel.pem
I put this in stunnel.conf (derived from here):
pid=/tmp/stunnel.pid
setuid=nobody
setgid=nobody
foreground=yes
client=no
[https]
cert = ./stunnel.pem
accept=443
connect=5000
I run stunnel with:
$ sudo stunnel stunnel.conf
And run Django with:
$ python manage.py runserver 0.0.0.0:5000
Hope that helps.