I am having a problem with GitLab server external URL
here is what I did :
I changed my GitLab.rb conf
external_url 'https://gitlab.tools.ex.com/'
and here is what I'm using
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.gmail.com"
gitlab_rails['smtp_port'] = 465
gitlab_rails['smtp_user_name'] = "gitlab"
gitlab_rails['smtp_password'] = "XXXXX"
gitlab_rails['smtp_domain'] = "ex.com"
gitlab_rails['smtp_authentication'] = "gitlab#ex.com"
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_tls'] = false
gitlab_rails['smtp_openssl_verify_mode'] = 'none' # Can be: 'none', 'peer', 'client_once', 'fail_if_no_peer_cert', see http://api.rubyon$
gitlab_rails['smtp_ca_path'] = "/etc/ssl/certs"
gitlab_rails['smtp_ca_file'] = "/etc/ssl/certs/ca-certificates.crt"
first problem was a certificate problem :
ssl problem
after generating a certificate here is what I'm getting :
after generating
thanks in advance !
Related
I'm trying to use an hyperv provider for create some virtual machines but I need to define some parameters for the HyperV API. The problem is that WinRm (that is the tool that try to connect with the host) can't access with my credentials using the Basic Auth. However, If I use the Negotiate Auth, it returns a successfully connection. So, I don't know how can I define a parameter in Terraform for that.
Here is my provider config's code in Terraform:
provider "hyperv" {
user = myusername
password = mypassword
host = myhost
port = 5985
https = false
insecure = true
timeout = "60s"
}
My winrm/config/client:
NetworkDelayms = 5000
URLPrefix = wsman
AllowUnencrypted = true
Auth
Basic = true
Digest = true
Kerberos = true
Negotiate = true
Certificate = true
CredSSP = true
DefaultPorts
HTTP = 5985
HTTPS = 5986
TrustedHosts = *
My winrm/config/service:
MaxConcurrentOperations = 4294967295
MaxConcurrentOperationsPerUser = 1500
EnumerationTimeoutms = 240000
MaxConnections = 300
MaxPacketRetrievalTimeSeconds = 120
AllowUnencrypted = true
Auth
Basic = true
Kerberos = true
Negotiate = true
Certificate = true
CredSSP = true
CbtHardeningLevel = Relaxed
DefaultPorts
HTTP = 5985
HTTPS = 5986
IPv4Filter = *
IPv6Filter = *
EnableCompatibilityHttpListener = true
EnableCompatibilityHttpsListener = true
CertificateThumbprint
AllowRemoteAccess = true
Hy again guys. If someone have the same problem I resolve it on that way:
-I activate Administrador user from Local users.
-Then, one have to run this command in a CMD:
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f
-Reboot the system
-Then, run winrm quickconfig in a CMD, and then it would work.
I hope it help you!
The current issues I am having is that LDAP settings do not seem to work with Airflow. My current code does not produce a login screen nor are there logs in the docker container that shows it is attempting to connect to the LDAP server. I have attempted to follow these tutorials but they appear to do nothing (i.e. the webserver_config.py is not being used) TutorialOne TutorialTwo
Any information regarding how the connection works would be greatly appreciated!
webserver_config.py:
import os
from airflow import configuration as conf
from flask_appbuilder.security.manager import AUTH_LDAP
basedir = os.path.abspath(os.path.dirname(__file__))
SQLALCHEMY_DATABASE_URI = conf.get('core', 'SQL_ALCHEMY_CONN')
CSRF_ENABLED = True
AUTH_TYPE = AUTH_LDAP
AUTH_ROLE_ADMIN = 'Admin'
AUTH_USER_REGISTRATION = True
AUTH_USER_REGISTRATION_ROLE = "Admin"
#AUTH_USER_REGISTRATION_ROLE = "Viewer"
AUTH_LDAP_SERVER = 'ldapserveraddressherebutIwon'tshowyousorry'
AUTH_LDAP_SEARCH = "DC=ms,DC=ds,DC=uhc,DC=com"
AUTH_LDAP_BIND_USER = 'CN=Users,DC=ms,DC=ds,DC=uhc,DC=com'
AUTH_LDAP_BIND_PASSWORD ="*******************"
AUTH_LDAP_UID_FIELD = 'sAMAccountName'
AUTH_LDAP_USE_TLS = False
AUTH_LDAP_ALLOW_SELF_SIGNED = False
# Get relative path for CA certificate file
script_dir = os.path.dirname(__file__)
AUTH_LDAP_TLS_CACERTFILE = script_dir + "ca.cer"
I have deleted the authenticate = True and auth_backend = airflow.contrib.auth.backends.ldap_auth from airflow.cfg and my webserver_config.py is in the same folder for use.
This can be achieved through the airflow.cfg.
Please read the LDAP section below and let me know.
https://airflow.apache.org/docs/stable/security.html
I have a deployment of RabbitMQ that uses it's own certificates for end-to-end encryption. It uses both AMQP and MQTT-over-WSS to connect multiple types of clients. AMQP clients are able to connect securely, so I know that the certificate set up is good.
Clients using WS going to ws://hostname:15675/ws can connect fine, but obviously are not secure. Clients attempting to connect to wss://hostname:15676/ws have the connection closed on them. 15676 is the port you will see I have bound the web-mqtt ssl listener to, as shown below. I've gone through both the networking and tls help guide by RabbitMQ, and I see the port correctly bound and can confirm it is exposed and available to the client.
The relevant rabbit.conf:
listeners.tcp.default = 5671
listeners.ssl.default = 5671
ssl_options.cacertfile = /path/to/fullchain.pem
ssl_options.certfile = /path/to/cert.pem
ssl_options.keyfile = /path/to/privkey.pem
ssl_options.verify = verify_none
ssl_options.fail_if_no_peer_cert = false
web_mqtt.ssl.port = 15676
web_mqtt.ssl.backlog = 1024
web_mqtt.ssl.cacertfile = /path/to/fullchain.pem
web_mqtt.ssl.certfile = /path/to/cert.pem
web_mqtt.ssl.keyfile = /path/to/privkey.pem
Basically, I'm wondering if I have the connection string wrong (wss://hostname:15675/ws)? Do I need to go to /wss? Is it a problem my client is a browser running on localhost -- not HTTPS? Do I have a configuration set incorrectly -- am I missing one?
If there is a better source of documentation/examples of this plugin beyond the RabbitMQ website, I would also be interested.
maybe the configuration mismatch
if there any password for the private file you need to add it also.
refer to the following sample rabbitmq.conf
listeners.ssl.default = 5671
ssl_options.cacertfile = <path/ca-bundle (.pem/.cabundle)>
ssl_options.certfile = <path/cert (.pem/.crt)>
ssl_options.keyfile = <path/key (.pem/.key)>
ssl_options.password = <your private key password>
ssl_options.versions.1 = tlsv1.3
ssl_options.verify = verify_peer
ssl_options.fail_if_no_peer_cert = true
ssl_options.ciphers.1 = TLS_AES_256_GCM_SHA384
ssl_options.ciphers.2 = TLS_AES_128_GCM_SHA256
ssl_options.ciphers.3 = TLS_CHACHA20_POLY1305_SHA256
ssl_options.ciphers.4 = TLS_AES_128_CCM_SHA256
ssl_options.ciphers.5 = TLS_AES_128_CCM_8_SHA256
ssl_options.honor_cipher_order = true
ssl_options.honor_ecc_order = true
web_mqtt.ssl.port = 15676
web_mqtt.ssl.backlog = 1024
web_mqtt.ssl.cacertfile = <path/ca-bundle (.pem/.cabundle)>
web_mqtt.ssl.certfile = <path/crt (.pem/.crt)>
web_mqtt.ssl.keyfile = <path/key (.pem/.key)>
web_mqtt.ssl.password = <your private key password>
web_mqtt.ssl.honor_cipher_order = true
web_mqtt.ssl.honor_ecc_order = true
web_mqtt.ssl.client_renegotiation = false
web_mqtt.ssl.secure_renegotiate = true
web_mqtt.ssl.versions.1 = tlsv1.2
web_mqtt.ssl.versions.2 = tlsv1.1
web_mqtt.ssl.ciphers.1 = ECDHE-ECDSA-AES256-GCM-SHA384
web_mqtt.ssl.ciphers.2 = ECDHE-RSA-AES256-GCM-SHA384
web_mqtt.ssl.ciphers.3 = ECDHE-ECDSA-AES256-SHA384
web_mqtt.ssl.ciphers.4 = ECDHE-RSA-AES256-SHA384
web_mqtt.ssl.ciphers.5 = ECDH-ECDSA-AES256-GCM-SHA384
web_mqtt.ssl.ciphers.6 = ECDH-RSA-AES256-GCM-SHA384
web_mqtt.ssl.ciphers.7 = ECDH-ECDSA-AES256-SHA384
web_mqtt.ssl.ciphers.8 = ECDH-RSA-AES256-SHA384
web_mqtt.ssl.ciphers.9 = DHE-RSA-AES256-GCM-SHA384
this is a working configuration file for the rabbitmq-server on ubuntu 20.04
restart the rabbitmq-server
list the listeners port (make sure that the SSL ports enabled) (rabbitmq-diagnostics listeners)
test the SSL (testssl localhost:16567)
also test the telnet (telnet localhost 16567)
please reffer : https://www.rabbitmq.com/ssl.html#erlang-otp-requirements and
troubleshooting
this is worked for me :-)
I have a software package from a vendor that uses Jetty to provide web services. When I put Traefik infront of it and access the frontend I get redirected to the backend URL. For example the frontend URL is https://program.example.com/ and the backend (software) URL is http://192.168.1.1:8088/ when I browse to https://program.example.com/ i automatically get redirected to http://192.168.1.1:8088/. Thoughts?
[backends.sample]
[backends.sample.servers.sample]
url = "http://192.168.1.1:8088/"
[frontends.sample]
backend = "sample"
[frontends.sample.routes.sample]
rule = "Host:program.sample.com"
passHostHeader = true
useXForwardedFor = true
[frontends.sample.redirect]
entryPoint = "https"
permanent = true
I figured it out.
I had 'passHostHeader' in the wrong place.
[frontends.sample]
backend = "sample"
passHostHeader = true
[frontends.sample.routes.sample]
rule = "Host:program.sample.com"
useXForwardedFor = true
[frontends.sample.redirect]
entryPoint = "https"
permanent = true
Right!
I am getting ldap to work with GitLab 7.2.1. I have the correct LDAP connection details posted below:
gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_host'] = '## company url ##'
gitlab_rails['ldap_port'] = 389
gitlab_rails['ldap_uid'] = 'mail'
gitlab_rails['ldap_method'] = 'plain' # 'ssl' or 'plain'
gitlab_rails['ldap_bind_dn'] = ''
gitlab_rails['ldap_password'] = ''
gitlab_rails['ldap_allow_username_or_email_login'] = false
gitlab_rails['ldap_base'] = '## company bind ##'
gitlab_rails['gitlab_signup_enabled'] = 'true'
gitlab_rails['gitlab_default_projects_limit'] = 0
gitlab_rails['gitlab_default_can_create_group'] = false
I have the right username and password tested with others in my team. I have tried ssl and plain ldap on ports 389 & 636.
After wiresharking the traffic I found this:
However it returns:
Could not authorize you from LDAP because "Invalid credentials".
At the login page. which is a 49 response.
Any ideas?