I am working on a Heroku app and am trying to deploy the domain with SLL. (I bought a custom domain from Bluehost). I have 3 files for my SLL:
a .cert.file
a .cabundle file
a .key file
So I typed the command
heroku certs:update mycert.cert mykey.key
I am getting this error:
! ENOTFOUND: getaddrinfo ENOTFOUND ssl-doctor.heroku.com```
Update your heroku cli by running heroku update
Add the flag --bypass as in
heroku certs:update mycert.cert mykey.key --bypass
From https://github.com/heroku/cli/pull/1789
Related
heroku pg:psql suddenly not happy.
π main ✗ ❯ heroku pg:psql postgresql-xyz --app xyz
--> Connecting to postgresql-xyz
psql: error: SSL error: certificate verify failed
FATAL: no pg_hba.conf entry for host "47.123.123.123", user "abc", database "xyz", SSL off
▸ psql exited with code 2
π main ❯ heroku -v
heroku/7.59.1 darwin-x64 node-v12.21.0
I notice "SSL off". How to turn in on via HEROKU cli? Or is it a setting in "Config Vars" at heroku.com ?
On Mac OS, this did the trick.
Postgres seems to install 'root.crt' in ~.postgresql folder. Somehow, referring to it as 'root.key' in the connection string works.
psql "sslmode=require sslrootcert=/Users/abc123/.postgresql/root.key user=abc password=xyz host=ec1.compute-1.amazonaws.com dbname=d123"
I started off all fresh with downloading and unpacking the latest release of API Platform 2.5.7, a fresh Docker for Mac install on my Macbook Pro with a freshly installed Catalina and keep running into the following error, after having docker-compose pull followed by docker-compose up -d.
All other services are up and running (green in the Docker client), only the API Platform client remains grey with the following message in the service's logs:
yarn run v1.22.5
error Command "dev:ssl" not found.
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.
It is not a timeout issue, although I ran the following to double the timeout.
export DOCKER_CLIENT_TIMEOUT=120
export COMPOSE_HTTP_TIMEOUT=120
What am I missing here, there's not much out on the web on this so I must be ignoring some trivial things?
P.S. I think there's a download of the master version Dockerfile for the client happening, since the 2.5.7 doesn't include anything that points at dev:ssl.
P.S.S. The certificate installation seems to have gone well, see the logs of that part below
P.P.S.S. Although I can access the admin service, just like the api service for instance, I fail to access the dev-tls service through the browser. https://localhost:80 yields in a
Secure Connection Failed
An error occurred during a connection to localhost:80. SSL received a record that exceeded the maximum permissible length.
Error code: SSL_ERROR_RX_RECORD_TOO_LONG.
I believe that this might be linked to my problem.
Creating volume "abc_dev-certs" with default driver
Building dev-tls
Step 1/8 : ARG NGINX_VERSION=1.17
Step 2/8 : FROM nginx:${NGINX_VERSION}-alpine
1.17-alpine: Pulling from library/nginx
cbdbe7a5bc2a: Already exists
c554c602ff32: Pull complete
Digest: sha256:763e7f0188e378fef0c761854552c70bbd817555dc4de029681a2e972e25e30e
Status: Downloaded newer image for nginx:1.17-alpine
---> 89ec9da68213
Step 3/8 : RUN apk add --no-cache nss-tools ;
---> Running in e0c151182fb3
fetch http://dl-cdn.alpinelinux.org/alpine/v3.11/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.11/community/x86_64/APKINDEX.tar.gz
(1/6) Installing nspr (4.24-r0)
(2/6) Installing libgcc (9.3.0-r0)
(3/6) Installing sqlite-libs (3.30.1-r2)
(4/6) Installing libstdc++ (9.3.0-r0)
(5/6) Installing nss (3.48-r0)
(6/6) Installing nss-tools (3.48-r0)
Executing busybox-1.31.1-r9.trigger
OK: 30 MiB in 43 packages
Removing intermediate container e0c151182fb3
---> 4895089ff1c6
Step 4/8 : WORKDIR /certs
---> Running in 3e49a528b4d3
Removing intermediate container 3e49a528b4d3
---> 6fdeb78536a9
Step 5/8 : ARG MKCERT_VERSION=1.4.1
---> Running in 632471b47035
Removing intermediate container 632471b47035
---> 1d4da3a96894
Step 6/8 : RUN set -eux; wget -O /usr/local/bin/mkcert https://github.com/FiloSottile/mkcert/releases/download/v$MKCERT_VERSION/mkcert-v$MKCERT_VERSION-linux-amd64; chmod +x /usr/local/bin/mkcert; mkcert --cert-file localhost.crt --key-file localhost.key localhost 127.0.0.1 ::1 mercure; cat localhost.key localhost.crt > server.pem; cp "$(mkcert -CAROOT)/rootCA.pem" /certs/localCA.crt
---> Running in 89fd8efa2967
+ wget -O /usr/local/bin/mkcert https://github.com/FiloSottile/mkcert/releases/download/v1.4.1/mkcert-v1.4.1-linux-amd64
Connecting to github.com (140.82.121.3:443)
Connecting to github-production-release-asset-2e65be.s3.amazonaws.com (52.216.114.227:443)
saving to '/usr/local/bin/mkcert'
mkcert 11% |*** | 543k 0:00:07 ETA
mkcert 42% |************* | 2022k 0:00:02 ETA
mkcert 92% |***************************** | 4469k 0:00:00 ETA
mkcert 100% |********************************| 4815k 0:00:00 ETA
'/usr/local/bin/mkcert' saved
+ chmod +x /usr/local/bin/mkcert
+ mkcert --cert-file localhost.crt --key-file localhost.key localhost 127.0.0.1 ::1 mercure
Created a new local CA at "/root/.local/share/mkcert" 💥
Warning: the local CA is not installed in the system trust store! ⚠️
Run "mkcert -install" to avoid verification errors ‼️
Created a new certificate valid for the following names 📜
- "localhost"
- "127.0.0.1"
- "::1"
- "mercure"
The certificate is at "localhost.crt" and the key at "localhost.key" ✅
+ cat localhost.key localhost.crt
+ mkcert -CAROOT
+ cp /root/.local/share/mkcert/rootCA.pem /certs/localCA.crt
Removing intermediate container 89fd8efa2967
---> ae6d06e250f8
edit out docker/dev-tls/Dockerfile and add in line 23:
mkcert -install; \
then build your images again, worked for me
I'm setting up a redis-ha in my kubernetes cluster. And I used helm to install it. But my haproxy pods keep crashloopbackoff
I'm using helm to install a redis-ha in my kubernetes cluster with command: helm install -f develop-redis-values.yaml stable/redis-ha --namespace=develop -n=develop-redis
In develop-redis-values.yaml, I set haproxy.enabled to true
This is the logs in my crashloopbackoff pod
> [ALERT] 268/104750 (1) : parsing [/usr/local/etc/haproxy/haproxy.cfg:34] : 'tcp-check expect string' expects <string> as an argument.
> [ALERT] 268/104750 (1) : Error(s) found in configuration file : /usr/local/etc/haproxy/haproxy.cfg
> [ALERT] 268/104750 (1) : Fatal errors found in configuration.
I'm expected the haproxy pods is running
CrashLoopBackError can be related to these possible reasons:
the application inside your pod is not starting due to an error;
the image your pod is based on is not present in the registry, or the node where your pod has been scheduled cannot pull from the registry;
some parameters of the pod has not been configured correctly.
In your case, it seems that there are some errors in you haproxy configuration files.
Have you tried to pull the image you're using locally, and start a container to verify it?
You can enter in the container and check the configuration with:
haproxy -c -V -f /usr/local/etc/haproxy/haproxy.cfg
For more information and debugging ways:
https://pillsfromtheweb.blogspot.com/2020/05/troubleshooting-kubernetes.html
i'm trying to install fastlane for my ios app but when i'm trying to install RVM, i'm facing issues.
My command is
gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113************* 7D2BAF1CF37B13E2069D69561*************
Please use
hkp://ipv4.pool.sks-keyservers.net
instead of
hkp://keys.gnupg.net
type this command
gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys 409B6B1796C275462A1703113************* 7D2BAF1CF37B13E2069D69561*************
TL;DR; The list of key servers is unstable and some of them are not pingeable at all. Here's a way of finding an available server
I've tried different key servers and got a
gpg: keyserver receive failed: No route to host or a gpg: keyserver receive failed: Operation timed out
You have to find a server that's up and running correctly
Run gpg-connect-agent --dirmngr 'keyserver --hosttable' to get the list of available servers
Run the gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 409B6B1796C2………………6956105BD0E739499BDB and instead of hkp://pool.sks... try few of the servers URL
src: https://nrogap.medium.com/install-rvm-in-macos-step-by-step-d3b3c236953b
I was trying to include the LDAP module to nginx. I could add the module and make install nginx successfully, however, while trying to restart the nginx, I get the following error:
sudo /usr/local/nginx/sbin/nginx -c /var/www/conf/nginx.conf -t
nginx: [emerg] dlopen() "/usr/local/nginx/modules/ngx_http_auth_ldap_module.so" failed (/usr/local/nginx/modules/ngx_http_auth_ldap_module.so: undefined symbol: ngx_ssl_handshake) in /var/www/conf/nginx.conf:11
nginx: configuration file /var/www/conf/nginx.conf test failed
When I looked at the ngx_http_auth_ldap_module.c file, I found that there is a call to this function. I am not sure where is this function being called from. Is there any other library that needs to be installed?
I have already installed the following:
openssl-devel.x86_64
openldap-devel.x86_64
zlib-devel.x86_64
I figured it out that I wasn't configuring nginx with the http_ssl_module option.
To make it work, I re-configured the nginx as:
./configure --add-module=/path/to/ldap_module --with-http_ssl_module
And then issued make and install commands. The ngx_ssl_handshake error got removed.