connect-script = /app/connect.sh
disconnect-script = /app/disconnect.sh
I have the above configuration in my ocserv.conf in the docker container, but ocserv fails to execute /app/connect.sh when there is a connection. I cann't find the real cause from the following log, has anyone had the same issue?
ocserv[26]: main[test]:xxx.xxx.179.135:57352 user of group 'Route' authenticated (using cookie)
ocserv[29]: main[test]:xxx.xxx.179.135:57352 executing script up /app/connect.sh
ocserv[29]: main[test]:xxx.xxx.179.135:57352 main-user.c:379: Could not execute script /app/connect.sh
ocserv[26]: main[test]:xxx.xxx.179.135:57352 connect-script exit status: 1
ocserv[26]: main[test]:xxx.xxx.179.135:57352 failed authentication attempt for user 'test'
The content of /app/connect.sh:
#!/bin/bash
echo "$(date) [info] User ${USERNAME} Connected - Server: ${IP_REAL_LOCAL} VPN IP: ${IP_REMOTE} Remote IP: ${IP_REAL} Device:${DEVICE}"
Well, I figured it out myself that the docker container I created doesn't have bash, and one solution is to substitute #!/bin/bash with #!/bin/sh.
Been following a tutorial on udemy for python, and atm im suppose to get a django app deployed.
Since I already had a vps, I didnt go with the solution on the tutorial using google cloud, so tried to configure the app on my vps, which is also running plesk.
Followed the tutorial at https://www.plesk.com/blog/tag/django-plesk/ to the letter the best I could, but keep getting the 403 error.
httpdocs
-djangoProject
---djangoProject
------asgi.py
------__init__.py
------settings.py
------urls.py
------wsgi.py
---manage.py
-passenger_wsgi.py
-python-app-venv
-tmp
passenger_wsgi.py:
import sys, os
ApplicationDirectory = 'djangoProject'
ApplicationName = 'djangoProject'
VirtualEnvDirectory = 'python-app-venv'
VirtualEnv = os.path.join(os.getcwd(), VirtualEnvDirectory, 'bin', 'python')
if sys.executable != VirtualEnv: os.execl(VirtualEnv, VirtualEnv, *sys.argv)
sys.path.insert(0, os.path.join(os.getcwd(), ApplicationDirectory))
sys.path.insert(0, os.path.join(os.getcwd(), ApplicationDirectory, ApplicationName))
sys.path.insert(0, os.path.join(os.getcwd(), VirtualEnvDirectory, 'bin'))
os.chdir(os.path.join(os.getcwd(), ApplicationDirectory))
os.environ.setdefault('DJANGO_SETTINGS_MODULE', ApplicationName + '.settings')
from django.core.wsgi import get_wsgi_application
application = get_wsgi_application()
passenger is enabled in
"Tools & Settngs > Apache Web Server"
in "Websites & Domains > Domain > Hosting & DNS > Apache & nginx settings" I've got:
"Additional directives for HTTP" and "Additional directives for HTTPS" both with:
PassengerEnabled On
PassengerAppType wsgi
PassengerStartupFile passenger_wsgi.py
and nginx proxy mode marked
"Reverse Proxy Server (nginx)" is also running
No idea what else I can give to aid in getting a solution, so if you're willing to assist and need more info please let me know.
Very thankfull in advance
EDIT:
on a previous attempt, deploying a real app on a subdomain, was getting:
[Thu Apr 01 22:52:37.928495 2021] [autoindex:error] [pid 23614:tid
140423896925952] [client xx:xx:xx:xx:0] AH01276: Cannot serve
directory /var/www/vhosts/baya.pt/leve/leve/: No matching
DirectoryIndex
(index.html,index.cgi,index.pl,index.php,index.xhtml,index.htm,index.shtml)
found, and server-generated directory index forbidden by Options
directive
This time I'm getting no errors logged
EDIT2:
#Chris:
Not sure what you mean, find no errors on the log folders (ssh), but on Plesk I get this several times:
2021-04-01 23:40:48 Error 94.61.142.214 403 GET /
HTTP/1.0 https://baya.pt/ Mozilla/5.0 (X11; Linux x86_64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114
Safari/537.36 2.52 K Apache SSL/TLS access 2021-04-01
23:40:48 Error 94.61.142.214 AH01276: Cannot serve directory
/var/www/vhosts/baya.pt/httpdocs/djangoProject/: No matching
DirectoryIndex
(index.html,index.cgi,index.pl,index.php,index.xhtml,index.htm,index.shtml)
found, and server-generated directory index forbidden by Options
directive, referer: https://baya.pt/ Apache error
EDIT 3:
removing apache directives and adding to nginx directives:
passenger_enabled on;
passenger_app_type wsgi;
passenger_startup_file passenger_wsgi.py;
Now gives me a Passenger error page, log as follows:
[ N 2021-04-01 23:50:59.1819 908/T9 age/Cor/CoreMain.cpp:671 ]: Signal received. Gracefully shutting down... (send signal 2 more time(s) to force shutdown)
[ N 2021-04-01 23:50:59.1819 908/T1 age/Cor/CoreMain.cpp:1246 ]: Received command to shutdown gracefully. Waiting until all clients have disconnected...
[ N 2021-04-01 23:50:59.1820 908/Tb Ser/Server.h:902 ]: [ApiServer] Freed 0 spare client objects
[ N 2021-04-01 23:50:59.1820 908/Tb Ser/Server.h:558 ]: [ApiServer] Shutdown finished
[ N 2021-04-01 23:50:59.1820 908/T9 Ser/Server.h:902 ]: [ServerThr.1] Freed 0 spare client objects
[ N 2021-04-01 23:50:59.1820 908/T9 Ser/Server.h:558 ]: [ServerThr.1] Shutdown finished
[ N 2021-04-01 23:50:59.2765 30199/T1 age/Wat/WatchdogMain.cpp:1373 ]: Starting Passenger watchdog...
[ N 2021-04-01 23:50:59.2871 908/T1 age/Cor/CoreMain.cpp:1325 ]: Passenger core shutdown finished
[ N 2021-04-01 23:50:59.3329 30209/T1 age/Cor/CoreMain.cpp:1340 ]: Starting Passenger core...
[ N 2021-04-01 23:50:59.3330 30209/T1 age/Cor/CoreMain.cpp:256 ]: Passenger core running in multi-application mode.
[ N 2021-04-01 23:50:59.3472 30209/T1 age/Cor/CoreMain.cpp:1015 ]: Passenger core online, PID 30209
[ N 2021-04-01 23:51:01.4339 30209/T7 age/Cor/SecurityUpdateChecker.h:519 ]: Security update check: no update found (next check in 24 hours)
App 31762 output: Error: Directory '/var/www/vhosts/baya.pt' is inaccessible because of a filesystem permission error.
[ E 2021-04-01 23:51:02.9127 30209/Tc age/Cor/App/Implementation.cpp:221 ]: Could not spawn process for application /var/www/vhosts/baya.pt/httpdocs: Directory '/var/www/vhosts/baya.pt' is inaccessible because of a filesystem permission error.
Think I've got it:
Added directives to nginx, removed proxy mode, and chown passenger_wsgi.py to nginx
at least Im getting a django page now =)
I spent a few days implementing this process and finally found what needed to be modified. So, I'm sharing my findings and hope it will help you as well.
After completing the process step by step, I was getting the error:
No matching DirectoryIndex (index.html,index.cgi,index.pl,index.php,index.xhtml,index.htm,index.shtml) found, and server-generated directory index forbidden by Options directive
So, I unchecked the proxy mode to switch to nginx instead of apache. This time the Phusion Passenger was loading the page but it was saying that something was wrong. It didn't tell me what was wrong. So I did the following:
cd /etc/nginx/conf.d/
touch directives.conf
vi /etc/nginx/conf.d/directives.conf
a text editor opened and I typed:
passenger_app_env development;
This time when I tried to open my website, passenger showed me the error details from which I found what was wrong.
In step 6, instead of using the command $ vi ~/httpdocs/passenger_wsgi.py, just create the file on your computer, copy the content in it, save it on your local machine and then manually upload it on the server. Don't use the command line!!!
That's it. now my Django website is up and running.
i am trying to run phpseclib with Wordpress but its not logging in. the same code runs on PHP Designer 8 which has PHP v 5.* but on word press with PHP 7.3* and PHP 7.4 its not running. I got 2 error in Eventviewer
sshd: Bad packet length 980908999. [preauth]
sshd: ssh_dispatch_run_fatal: Connection from 127.0.0.1 port 15412: message authentication code incorrect [preauth]
SFTP server is Openssh
it gives 2 warnings on the webpage as follows. Can someone guide please. thanks.
Warning: unpack(): Type C: not enough input, need 1, have 0 in C:\Program Files (x86)\xampp\htdocs\testing\wp-content\plugins\sftp\phpseclib\Net\SSH2.php on line 1345
Warning: extract() expects parameter 1 to be array, bool given in C:\Program Files (x86)\xampp\htdocs\testing\wp-content\plugins\sftp\phpseclib\Net\SSH2.php on line 1345
$sftp = new Net_SFTP('127.0.0.1',22); $sftp->getLog(); if
(!$sftp->login('myuser', 'pass')) { //if you can't log on...
$sftp->getLog(); echo $sftp->getErrors();
print_r($sftp->getSFTPErrors()); echo $sftp->getSFTPLog();
exit('sftp Login Failed'); } echo $sftp->pwd();
I have an gitlab ci yaml file. and 2 jobs. My .gitlab-ci.yaml file is:
variables:
MSBUILD_PATH: 'C:\Program Files (x86)\MSBuild\14.0\Bin\msbuild.exe'
SOLUTION_PATH: 'Source/NewProject.sln'
stages:
- build
- trigger_IT_service
build_job:
stage: build
script:
- '& "$env:MSBUILD_PATH" "$env:SOLUTION_PATH" /nologo /t:Rebuild /p:Configuration=Debug'
trigger_IT_service_job:
stage: trigger_IT_service
script:
- 'curl http://webapps.xxx.com.tr/dataBus/runTransfer/ctDigiTransfer'
And It's my trigger_IT_service job report:
Running on DIGITALIZATION...
00:00
Fetching changes with git depth set to 50...
00:05
Reinitialized existing Git repository in D:/GitLab-Runner/builds/c11pExsu/0/personalname/newproject/.git/
Checking out 24be087a as master...
Removing Output/
git-lfs/2.5.2 (GitHub; windows amd64; go 1.10.3; git 8e3c5c93)
Skipping Git submodules setup
$ curl http://webapps.xxx.com.tr/dataBus/runTransfer/ctDigiTransfer
00:02
StatusCode : 200
StatusDescription : 200
Content : {"status":200,"message":"SAP transfer started. Please
check in db","errorCode":0,"timestamp":"2020-03-25T13:53:05
.722+0300","responseObject":null}
RawContent : HTTP/1.1 200 200
Keep-Alive: timeout=10
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json;charset=UTF-8
Date: Wed, 25 Mar 2020 10:53:05 GMT
Server: Apache
I have to control the this report "Content" part in gitlab ci yaml
If "message" is "SAP transfer started. Please check in db" the pipeline should pass otherwise must be failed.
Actually my question is:
how to parse Http json response and fail or pass job based on that
Thank you for all your helps.
Best way would be to install some tool to parse json and use it, different examples here
Given json example from comment:
{
"status": 200,
"message": "SAP transfer started. Please check in db",
"errorCode": 0,
"timestamp": "2020-03-25T17:06:43.430+0300",
"responseObject": null
}
If you can install python3 on your runner you could achieve it all with script:
import requests; # note this might require additional install with pip install requests
message = requests.get('http://webapps.xxx.com.tr/dataBus/runTransfer/ctDigiTransfer').json()['message']
if message != 'SAP transfer started. Please check in db':
print('Invalid message: ' + message)
exit(1)
else:
print('Message ok')
So trigger_IT_service stage in your yaml would be:
trigger_IT_service_job:
stage: trigger_IT_service
script: >
python -c "import requests; message = requests.get('http://webapps.xxx.com.tr/dataBus/runTransfer/ctDigiTransfer').json()['message']; (print('Invalid message: ' + message), exit(1)) if message != 'SAP transfer started. Please check in db' else (print('Message ok'), exit(0))"
When I use the plugin for authentication at server.conf, authentication wont work, but without it, non existent users can authenticate also.
I have added the following lines in the server conf and clinet
Commands in the server.conf file
================================
mode server
tls-server
plugin /usr/lib64/openvpn/plugin/lib/openvpn-auth-pam.so login
key-direction 0
================================
Commands in the client file
=================================
port 1194
proto udp
dev tun
nobind
key-direction 1
redirect-gateway def1
tls-version-min 1.2
auth SHA256
auth-user-pass
tls-client
remote-cert-tls server
resolv-retry infinite
persist-key
persist-tun
verb 3
===============================
Logs:
==============================================================
PLUGIN_CALL: POST /usr/lib64/openvpn/plugin/lib/openvpn-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=1
PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /usr/lib64/openvpn/plugin/lib/openvpn-auth-pam.so
TLS Auth Error: Auth Username/Password verification failed for peer
Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #7 / time = (1559124952) Wed May 29 10:15:52 2019 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
TLS Error: incoming packet authentication failed from [AF_INET6]::ffff:
openvpn[10420]: pam_unix(login:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=*****```
==============================================================
I have used differen approached, although in production plugin /usr/lib64/openvpn/plugin/lib/openvpn-auth-pam.so login is recommended way, but I have taken one shell script and got authentication, but remember it is dangerous.
add following lines in your /etc/openvpn/server.conf file
--verify-cline-cert none
script-security 2
auth-user-pass-verify /etc/openvpn/example.sh via-file
Now create a file in /etc/openvpn/example.sh with following content
!/bin/bash
echo "started"
username=`head -1 $1`
password=`tail -1 $1`
if grep "$username:$password" $0.passwd > /dev/null 2>&1
then
exit 0
else
if grep "$username" $0.passwd > /dev/null 2>&1
then
echo "auth-user-pass-verify: Wrong password entered for user '$username'"
else
echo "auth-user-pass-verify: Unknown user '$username'"
fi
exit 1
fi
Now create username and password in /etc/openvpn/example.sh.passwd with following content
userone:securepassworduserone
usertwo:securepasswordusertwo
Now create a client file and import and connect using your password, but this where I am stack as I don't want to provide client file.