Going through the motions to get TLS up and running for my website. I read under the AWS documentation to
sudo yum install -y mod24_ssl
but was getting a conflict on some dependencies.
I ended up reading a blog where someone mentioned sudo yum install mod_ssl and I ended up running that without any issues. Can someone let me know if this safe? What's the difference between mod_ssl and mod24_ssl?
Thanks
If your AWS instance is using the Amazon Linux 2 AMI you will use mod_ssl for Apache 2.4 installs.
Note the mod_ssl version is "2.4.6" and the AWS Repository is "amzn2-core".
Available Packages
Name : mod_ssl
Arch : x86_64
Epoch : 1
Version : 2.4.6
Release : 67.amzn2.6.1
Size : 110 k
Repo : amzn2-core/2017.12/x86_64
Summary : SSL/TLS module for the Apache HTTP Server
URL : http://httpd.apache.org/
License : ASL 2.0
Description : The mod_ssl module provides strong cryptography for the Apache Web
: server via the Secure Sockets Layer (SSL) and Transport Layer
: Security (TLS) protocols.
As #stdunbar said mod_ssl works with Apache 2.2 and mod24_ssl works with Apache 2.4.
We can see that the package descriptions are similar except for the Version:
[ec2-user]$ yum info mod_ssl
Available Packages
Name : mod_ssl
Arch : x86_64
Epoch : 1
Version : 2.2.32
Release : 1.9.amzn1
Size : 107 k
Repo : amzn-updates/latest
Summary : SSL/TLS module for the Apache HTTP Server
URL : http://httpd.apache.org/
License : ASL 2.0
Description : The mod_ssl module provides strong cryptography for the Apache Web
: server via the Secure Sockets Layer (SSL) and Transport Layer
: Security (TLS) protocols.
[ec2-user]$ yum info mod24_ssl
Installed Packages
Name : mod24_ssl
Arch : x86_64
Epoch : 1
Version : 2.4.27
Release : 3.71.amzn1
Size : 224 k
Repo : installed
From repo : amzn-updates
Summary : SSL/TLS module for the Apache HTTP Server
URL : http://httpd.apache.org/
License : ASL 2.0
Description : The mod_ssl module provides strong cryptography for the Apache Web
: server via the Secure Sockets Layer (SSL) and Transport Layer
: Security (TLS) protocols.
We can see what each package depends on using yum deplist:
[ec2-user]$ yum deplist mod_ssl
Loaded plugins: priorities, update-motd, upgrade-helper
26 packages excluded due to repository priority protections
package: mod_ssl.x86_64 1:2.2.32-1.9.amzn1
... snip ...
dependency: httpd = 2.2.32-1.9.amzn1
provider: httpd.x86_64 2.2.32-1.9.amzn1
... snip ...
[ec2-user]$ yum deplist mod24_ssl
Loaded plugins: priorities, update-motd, upgrade-helper
26 packages excluded due to repository priority protections
package: mod24_ssl.x86_64 1:2.4.27-3.71.amzn1
... snip ...
dependency: httpd24 = 2.4.27-3.71.amzn1
provider: httpd24.x86_64 2.4.27-3.71.amzn1
... snip ...
httpd and httpd24 conflict--you can't have both installed at the same time.
Related
I followed this answer already. But it didn't help, also, I re-installed gcloud CLI, but now I am not able to install CLI anymore because of the following error.
Here is my output for ./google-cloud-sdk/bin/gcloud init
ERROR: Reachability Check failed.
Cannot reach https://cloudresourcemanager.googleapis.com/v1beta1/projects with httplib2 (SSLCertVerificationError)
Cannot reach https://www.googleapis.com/auth/cloud-platform with httplib2 (SSLCertVerificationError)
Cannot reach https://cloudresourcemanager.googleapis.com/v1beta1/projects with requests (SSLError)
Cannot reach https://www.googleapis.com/auth/cloud-platform with requests (SSLError)
Network connection problems may be due to proxy or firewall settings.
Also, I am not behind any corporate proxy.
It was working perfectly few days ago, until today.I did not changed any settings whatsoever, I didn't install any new services whatsoever.
Output for ./google-cloud-sdk/bin/gcloud info.
./google-cloud-sdk/bin/gcloud info
Google Cloud SDK [354.0.0]
Python Version: [3.7.9 (v3.7.9:13c94747c7, Aug 15 2020, 01:31:08) [Clang 6.0 (clang-600.0.57)]]
Python Location: [/Users/myname/.config/gcloud/virtenv/bin/python3]
Site Packages: [Enabled]
Installation Root: [/Users/myname/Downloads/google-cloud-sdk]
Installed Components:
gsutil: [4.67]
core: [2021.08.20]
bq: [2.0.71]
System PATH: [/Users/myname/.config/gcloud/virtenv/bin:/Users/myname/Downloads/apache-maven-3.8.4/bin:/usr/local/bin:/usr/local/sbin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/go/bin:/usr/local/munki:/usr/local/opt/go/libexec/bin:/Users/myname/go/bin]
Python PATH: [/Users/myname/Downloads/./google-cloud-sdk/lib/third_party:/Users/myname/Downloads/google-cloud-sdk/lib:/Library/Frameworks/Python.framework/Versions/3.7/lib/python37.zip:/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7:/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/lib-dynload:/Users/myname/.config/gcloud/virtenv/lib/python3.7/site-packages]
Cloud SDK on PATH: [False]
Kubectl on PATH: [/usr/local/bin/kubectl]
Installation Properties: [/Users/myname/Downloads/google-cloud-sdk/properties]
User Config Directory: [/Users/myname/.config/gcloud]
Active Configuration Name: [default]
Active Configuration Path: [/Users/myname/.config/gcloud/configurations/config_default]
Account: [None]
Project: [None]
Current Properties:
[core]
disable_usage_reporting: [True]
Logs Directory: [/Users/myname/.config/gcloud/logs]
Last Log File: [/Users/myname/.config/gcloud/logs/2022.08.10/15.35.06.807614.log]
git: [git version 2.32.0 (Apple Git-132)]
ssh: [OpenSSH_8.1p1, LibreSSL 2.7.3]
Update on this, just disable the ssl validation and everything will work.
gcloud config set auth/disable_ssl_validation True
I would like to use mysqlx/xdevapi.h in C++ and for this must be installed MySQL X Plugin in MySQL.
I tried:
mysql> INSTALL PLUGIN mysqlx SONAME 'mysqlx.so';
I got this message :
ERROR 1126 (HY000): Can't open shared library '/Applications/MAMP/Library/lib/plugin/mysqlx.so' (errno: 2 dlopen(/Applications/MAMP/Library/lib/plugin/mysqlx.so, 2): image not found)
He's right, the plugin isn't really there. As you can see I am using MAMP on MAC OS.
Info about DB server:
Server: Localhost via UNIX socket
Server type: MySQL
Server connection: SSL is not being used Documentation
Server version: 5.7.26 - MySQL Community Server (GPL)
Protocol version: 10
User: root#localhost
Server charset: UTF-8 Unicode (utf8)
Is there a page where to download the plugin? Thank you for help!
I am attempting to deploy a Flask app to AWS Elastic Beanstalk (single EC2 instance) with HTTPS enabled. I successfully deployed a version of my app without HTTPS, but then I followed this tutorial to terminate HTTPS:
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/https-singleinstance-python.html
Following the documentation, I created a .ebextensions/https-instance.config file with the template code they provide (truncated here):
packages:
yum:
mod24_ssl : []
files:
/etc/httpd/conf.d/ssl.conf:
mode: "000644"
owner: root
... CERTIFICATES etc. etc. ...
Uploading this with my code, the deployment failed. Checking through the logs, the error was in the first part of the config file when yum attempts to install mod24_ssl:
No package mod24_ssl available
From my research (including here https://forums.aws.amazon.com/thread.jspa?threadID=222977), it seems that I may want to try installing a different package? I've attempted to replace mod24_ssl with mod_ssl orhttpd24-mod_ssl, but both return the same error (with their respective packages "not available").
Help much appreciated! Thanks.
Please double check your settings. The mod24_ssl is only for Amazon Linux 1. The package name for Amazon Linux 2 is mod_ssl. Maybe you misspell it and use modssl instead?
Amazon Linux 1 (mod24_ssl)
yum info mod24_ssl
Loaded plugins: priorities, update-motd, upgrade-helper
Available Packages
Name : mod24_ssl
Arch : x86_64
Epoch : 1
Version : 2.4.43
Release : 1.89.amzn1
Size : 122 k
Repo : amzn-updates/latest
Summary : SSL/TLS module for the Apache HTTP Server
URL : http://httpd.apache.org/
License : ASL 2.0
Description : The mod_ssl module provides strong cryptography for the Apache Web
: server via the Secure Sockets Layer (SSL) and Transport Layer
: Security (TLS) protocols.
Amazon Linux 2 (mod_ssl)
yum info mod_ssl
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
Available Packages
Name : mod_ssl
Arch : x86_64
Epoch : 1
Version : 2.4.43
Release : 1.amzn2
Size : 115 k
Repo : amzn2-core/2/x86_64
Summary : SSL/TLS module for the Apache HTTP Server
URL : https://httpd.apache.org/
License : ASL 2.0
Description : The mod_ssl module provides strong cryptography for the Apache Web
: server via the Secure Sockets Layer (SSL) and Transport Layer
: Security (TLS) protocols.
I'm working on different web application in my new society and I get this issue each time I would like to use Elasticsearch (version 6.3.2) :
elasticsearch.exceptions.ConnectionError: ConnectionError(<urllib3.connection.HTTPConnection object at 0x7f4e2ab26438>: Failed to establish a new connection: [Errno 111] Connection refused) caused by: NewConnectionError(<urllib3.connection.HTTPConnection object at 0x7f4e2ab26438>: Failed to establish a new connection: [Errno 111] Connection refused)
For example with Django, I execute these commands :
sudo service elasticsearch start
then
python manage.py indexdocs
And I get this issue as below. I tried to make :
curl -XGET http://localhost:9200
And I obtain this : curl: (7) Failed to connect to localhost port 9200: Connexion refusée
Do you have any idea about this ? I have to authorized something somewhere ?
Thank you
EDIT :
In /var/log/elasticsearch/elasticsearch.log I have a loop issue :
[2018-08-28T09:27:56,673][INFO ][o.e.n.Node ] [] initializing ...
[2018-08-28T09:27:56,733][INFO ][o.e.e.NodeEnvironment ] [DRmGsVp] using [1] data paths, mounts [[/ (/dev/sda1)]], net usable_space [25.5gb], net total_space [39.1gb], types [ext4]
[2018-08-28T09:27:56,734][INFO ][o.e.e.NodeEnvironment ] [DRmGsVp] heap size [1.9gb], compressed ordinary object pointers [true]
[2018-08-28T09:27:56,749][INFO ][o.e.n.Node ] [DRmGsVp] node name derived from node ID [DRmGsVpYQ8W4E4JTZoM1Lw]; set [node.name] to override
[2018-08-28T09:27:56,749][INFO ][o.e.n.Node ] [DRmGsVp] version[6.4.0], pid[6436], build[default/deb/595516e/2018-08-17T23:18:47.308994Z], OS[Linux/4.15.0-33-generic/amd64], JVM[Oracle Corporation/Java HotSpot(TM) 64-Bit Server VM/1.8.0_181/25.181-b13]
[2018-08-28T09:27:56,749][INFO ][o.e.n.Node ] [DRmGsVp] JVM arguments [-Xms2g, -Xmx2g, -XX:+UseConcMarkSweepGC, -XX:CMSInitiatingOccupancyFraction=75, -XX:+UseCMSInitiatingOccupancyOnly, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -Dio.netty.n$
[2018-08-28T09:27:57,892][ERROR][o.e.b.Bootstrap ] Exception
java.lang.IllegalArgumentException: Plugin [ingest-attachment] was built for Elasticsearch version 6.3.2 but version 6.4.0 is running
at org.elasticsearch.plugins.PluginsService.verifyCompatibility(PluginsService.java:339) ~[elasticsearch-6.4.0.jar:6.4.0]
the problem is about incompatibility between ingest-plugin and elasticsearch.
I suggest download ingest-plugin version 6.4. or remove it.
sudo bin/elasticsearch-plugin install ingest-attachment
sudo bin/elasticsearch-plugin remove ingest-attachment
This plugin can be downloaded for offline install from https://artifacts.elastic.co/downloads/elasticsearch-plugins/ingest-attachment/ingest-attachment-6.4.0.zip.
offline install:
To install a plugin from your local file system at /path/to/plugin.zip, you could run:
sudo bin/elasticsearch-plugin install file:///path/to/plugin.zip
I have tried to use docker toolbox to setup Hyperledger V1.0 in my local machines.
I according to this document:
http://hyperledger-fabric.readthedocs.io/en/latest/asset_setup.html
But when I tried to deploy chaincode.
$node deploy.js
I got an error message:
info: Returning a new winston logger with default configurations
info: [Chain.js]: Constructed Chain instance: name - fabric-client1, securityEnabled: true, TCert download batch size: 10, network mode: true
info: [Peer.js]: Peer.const - url: grpc://localhost:8051 options grpc.ssl_target_name_override=tlsca, grpc.default_authority=tlsca
info: [Peer.js]: Peer.const - url: grpc://localhost:8055 options grpc.ssl_target_name_override=tlsca, grpc.default_authority=tlsca
info: [Peer.js]: Peer.const - url: grpc://localhost:8056 options grpc.ssl_target_name_override=tlsca, grpc.default_authority=tlsca
info: [Client.js]: Failed to load user "admin" from local key value store
info: [FabricCAClientImpl.js]: Successfully constructed Fabric COP service client: endpoint - {"protocol":"http","hostname":"localhost","port":8054}
info: [crypto_ecdsa_aes]: This class requires a KeyValueStore to save keys, no store was passed in, using the default store C:\Users\daniel\.hfc-key-store
[2017-04-15 22:14:29.268] [ERROR] Helper - Error: Calling enrollment endpoint failed with error [Error: connect ECONNREFUSED 127.0.0.1:8054]
at ClientRequest.<anonymous> (C:\Users\daniel\node_modules\fabric-ca-client\lib\FabricCAClientImpl.js:304:12)
at emitOne (events.js:96:13)
at ClientRequest.emit (events.js:188:7)
at Socket.socketErrorListener (_http_client.js:310:9)
at emitOne (events.js:96:13)
at Socket.emit (events.js:188:7)
at emitErrorNT (net.js:1278:8)
at _combinedTickCallback (internal/process/next_tick.js:74:11)
at process._tickCallback (internal/process/next_tick.js:98:9)
[2017-04-15 22:14:29.273] [ERROR] DEPLOY - Error: Failed to obtain an enrolled user
at ca_client.enroll.then.then.then.catch (C:\Users\daniel\helper.js:59:12)
at process._tickCallback (internal/process/next_tick.js:103:7)
events.js:160
throw er; // Unhandled 'error' event
^
Error: Connect Failed
at ClientDuplexStream._emitStatusIfDone (C:\Users\daniel\node_modules\grpc\src\node\src\client.js:201:19)
at ClientDuplexStream._readsDone (C:\Users\daniel\node_modules\grpc\src\node\src\client.js:169:8)
at readCallback (C:\Users\daniel\node_modules\grpc\src\node\src\client.js:229:12)
Is this an question about unable to connect to ca? Or other causes?
Edit:
Environment:
OS: Windows 10 Professional Edition
Docker Toolbox: 17.04.0-ce
Go: 1.7.5
Node.js: 6.10.0
My steps:
1.Open Docker Quickstart Terminal and key commands.
$curl -L https://raw.githubusercontent.com/hyperledger/fabric/master/examples/sfhackfest/sfhackfest.tar.gz -o sfhackfest.tar.gz 2> /dev/null; tar -xvf sfhackfest.tar.gz
$docker-compose -f docker-compose-gettingstarted.yml build
$docker-compose -f docker-compose-gettingstarted.yml up -d
$docker ps
It has been confirmed that six containers have been activated
2.Download examples and install modules.
$curl -OOOOOO https://raw.githubusercontent.com/hyperledger/fabric-sdk-node/v1.0-alpha/examples/balance-transfer/{config.json,deploy.js,helper.js,invoke.js,query.js,package.json}
//This link didn't work, so I downloaded the required files from GitHub of fabric-sdk-node
$npm install --global windows-build-tools
$npm install
3.Try to deploy chaincode.
$node deploy.js
There were several problems, not the least of which that documentation was outdated and was for a preview release of Hyperledger Fabric. The docs are actually in the process of being removed as we need to update our examples / samples.
You mentioned Docker Toolbox - so are you trying to run all of this on Windows or Mac?
UPDATE:
So one of the issue with Docker Toolbox or Docker for Windows is that you cannot use localhost / 127.0.0.1 as the address when trying to communicate from apps on the host (even in the QuickStart Terminal) to the endpoints of the Docker containers. When the QuickStart Terminal first launches Docker, you'll see that it will output the IP address of the endpoint you should use when communicating with exposed ports.
I was having the same issue while following the latest "Writing Your First Application" tutorial (http://hyperledger-fabric.readthedocs.io/en/latest/write_first_app.html). I had installed all the pre-requisites and the fabric-samples and started the local network.
When I got to the step of enrolling the Admin user, $ node enrollAdmin.js, I was getting the same error message as above, Error: connect ECONNREFUSED, followed by the localhost domain.
As the first answer suggests, the root cause is that I'm running Docker Toolbox. I'm developing on an older Mac, OSX v10.9.5, so I couldn't use Docker for Mac.
To fix the issue, I replaced 'localhost' in the enrollAdmin.js code with the IP from Docker Toolbox.
Here are the steps I took:
Started Docker with Applications > Docker Quickstart Terminal
Copied the IP from this sentence: docker is configured to use the default machine with IP...
Opened the copy of enrollAdmin.js from fabric-samples/fabcar directory
Found this code:
// be sure to change the http to https when the CA is running TLS enabled
fabric_ca_client = new Fabric_CA_Client('http://localhost:7054', tlsOptions , 'ca.example.com', crypto_suite); // <-- This is the line to change
Replaced 'localhost' with the Docker IP, leaving the port :7054 as is.
Saved
Re-ran the command, $ node enrollAdmin.js
The script connected to the CA and successfully completed the Admin enrollment.
On to the next step!