The TLS connection was non-properly terminated in kubernetes - ssl

I am doing an apt-get update for installing Kubernetes and I get this message
https://packages.cloud.google.com/apt kubernetes-xenial Release
Could not handshake: The TLS connection was non-properly terminated.
and ofcourse later in the process; ""The repository 'http://apt.kubernetes.io kubernetes-xenial Release' does not have a Release file"
I have the proxies set correctly:
1 in etc-apt-apt.conf.d -proxy.conf
Acquire::ForceIPv4 "true";
and proxies are set for https_proxy; http_proxy and ftp_proxy
and in **
etc conf I have disabled ipv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
**
Can someone please help me understand what other proxies etc are missing to avoid the TLS error.

Solved the issue:
This was an issue due to be being behind a firewall
The apt-key before the apt-get update instruction was the issue
By rerunning the apt-key using
"curl -sSL
'http://keyserver.ubuntu.com/pks/lookup?op=get&search=0xBBEBDCB318AD50EC6865090613B00F1FD2C19886'
| sudo apt-key add - "
instead of the original instruction
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
Full set of instructions
sudo apt-get update
sudo apt-get install docker.io
sudo apt-get update && sudo apt-get install -y apt-transport-https curl
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add –
cat <<EOF | sudo tee /etc/apt/sources.list.d/kubernetes.list
deb https://apt.kubernetes.io/ kubernetes-xenial main
EOF
sudo apt-get update:

Related

docker & docker-compose - Apache image with an option to switch between SSL Cert, self-signed, Let's Encryp or disabled

I'm creating a docker image for Apache. I would like to configure SSL certs with an option to switch between different certificate provider.
SSL Cert (or) Let's Encryp (or) Self Signed (or) Disable SSL altogether
Any idea on how to accomplish that? Unfortunately cannot find any example out on the internet. Any help is greatly appreciated. Thanks!
Dockerfile:
FROM centos:centos7
RUN yum -y install epel-release && \
yum -y update
RUN yum -y install httpd mod-ssl
RUN yum clean all && \
rm -rf /var/cache/yum
...
I want to be able to do something like this.
Docker run:
SSL Cert:
docker run -d -e sslCertType=sslCert
-v /etc/cert.crt:/etc/httpd/conf.d/cert.crt
-v /etc/intermediate.crt:/etc/httpd/conf.d/intermediate.crt
-v /etc/passphrase.sh:/etc/httpd/conf.d/passphrase.sh
apache
LetsEncrpt:
docker run -d -e sslCertType=letsEncrypt apache
Self Signed:
docker run -d -e sslCertType=selfSigned apache
disabled:
docker run -d apache
Why don't you just build 4 different images with different configuration and tag them correctly i.e.
apache:selfSigned
apache:sslCert
and then just run them accordingly i.e.:
docker run -d apache:selfSigned

Crystal installation on WSL fails

I'm following the current crystal installation docs, my installation stops at the first moment and give the error:
gpg: connecting dirmngr at '/tmp/apt-key-gpghome.4GKHZljOFL/S.dirmngr' failed: IPC connect call failed
gpg: keyserver receive failed: No dirmngr
I've already installed dirmngr.
First of all, you need to remove crystal.list from sources directory to install from start manually.
sudo rm /etc/apt/sources.list.d/crystal.list
And then:
curl -s "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x09617FD37CC06B54" | sudo apt-key add -
echo "deb https://dist.crystal-lang.org/apt crystal main" > /etc/apt/sources.list.d/crystal.list
sudo apt-get update
sudo apt-get install crystal

Apache's root directory in my provisions file

I have a question. I finally found out how to change the root directory of apache. I simply have to edit this line of code DocumentRoot /var/www/html but since vagrant is amazing and has this provision script, I thought that I could tell apache the root directory from here.
Because think of it if i could use this provision script for every time I make a new website that would save me a lot of time. I wouldn't have to like go to the config file and change it every time
ADDED:
This is how my provision script looks now:
#!/usr/bin/env bash
PROJECT="foundation"
PROJECT_LOG="foundation"
MYSQL_PASSWORD="wachtwoord"
set -o nounset -o errexit -o pipefail -o errtrace
error() {
local sourcefile=$1
local lineno=$2
echo "ERROR at ${sourcefile}:${lineno}; Last logs:"
grep "${PROJECT}" /var/log/syslog | tail -n 20
}
trap 'error "${BASH_SOURCE}" "${LINENO}"' ERR
oe() { "$#" 2>&1 | logger -t "${PROJECT}" > /dev/null; }
ol() { echo "[${PROJECT_LOG}] $#"; }
export DEBIAN_FRONTEND=noninteractive
ol 'Updating repository caches'
oe sudo apt-get -q -y update
ol 'Adding apt repositories'
oe sudo apt-get -q -y install python-software-properties
oe sudo add-apt-repository ppa:ondrej/php5-5.6
ol 'Updating repository caches (second time)'
oe sudo apt-get -q -y update
ol "Installing misc packages"
oe sudo apt-get -q -y install language-pack-nl
ol 'Installing Apache 2'
oe sudo apt-get -q -y install apache2
oe sudo systemctl restart apache2
oe sudo systemctl status apache2
ol "Installing PHP"
oe sudo apt-get -q -y install php5 libapache2-mod-php5 php5-mysql php5-curl php5-gd php5-intl php-pear php5-imagick php5-imap php5-mcrypt php5-memcached php5-ming php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl php5-xcache
debconf-set-selections <<< 'phpmyadmin phpmyadmin/dbconfig-install boolean true'
debconf-set-selections <<< 'phpmyadmin phpmyadmin/app-password-confirm password ${MYSQL_PASSWORD}'
debconf-set-selections <<< 'phpmyadmin phpmyadmin/mysql/admin-pass password ${MYSQL_PASSWORD}'
debconf-set-selections <<< 'phpmyadmin phpmyadmin/mysql/app-pass password ${MYSQL_PASSWORD}'
debconf-set-selections <<< 'phpmyadmin phpmyadmin/reconfigure-webserver multiselect apache2'
ol "Installing PHPmyadmin"
apt-get install -y phpmyadmin
# Make Composer available globally
ln -s /etc/phpmyadmin/apache.conf /etc/apache2/sites-enabled/phpmyadmin.conf
ol 'Installing Sendmail'
oe sudo apt-get -q -y install sendmail
ol 'Restarting Apache 2'
oe sudo systemctl restart apache2
oe sudo systemctl status apache2
ol "Installing MySQL"
oe sudo debconf-set-selections <<< "mysql-server mysql-server/root_password password ${MYSQL_PASSWORD}"
oe sudo debconf-set-selections <<< "mysql-server mysql-server/root_password_again password ${MYSQL_PASSWORD}"
oe sudo apt-get -q -y install mysql-server mysql-client
oe sudo systemctl restart mysql
oe sudo systemctl status mysql
you can play with sed command to make a replacement in file, something like
sed -i "s/DocumentRoot.*/DocumentRoot <your new path>" <path to httpd/apache2.conf>
PS:
-i makes a backup of your file
DocumentRoot.* will replace all line starting with DocumentRoot (dont remember by heart if there are multiple lines starting with DocumentRoot; in this case, make the correct pattern and not wildcard)
if you have / in your new path, make sure to use \/
The other option (probably a bit more simple) is to push a new conf file under the /etc/apache2/conf-enabled/ directory with your specific setting, in case you have other settings such as VirtualHost or other it will make it more simple

I would like to set up rfc5766-turn-server in Ubuntu 14.04, can anyone give me the set of steps listed all together ? I am doing it in AWS EC2

I have tried to install and set up rfc5766-turn-server in AWS EC2 but unable to do it as I do not see a proper flow of work or command line for that, can someone help me about this ? I need to set it up in Ubuntu 14.04
do an ssh login to your ec2 instance, then run the below commands for installing and starting the turn server.
commands for installing turnserver:
sudo apt-get update
sudo apt-get install make gcc libssl-dev libevent-dev wget -y # for installing modules required by turn server
mkdir ~/turn && cd ~/turn # creating temp directory
wget turnserver.open-sys.org/downloads/v3.2.5.9/turnserver-3.2.5.9.tar.gz # downloading the TURN source code
tar -zxvf *.gz # extract
cd turn*
make
sudo make install # installing the rfc5766
cd ../.. && rm -rf turn # cleaning up
command for starting the TURN server:
turnserver -a -o -v -n -u user:root -p 3478 -L INT_IP -r someRealm -X EXT_IP/INT_IP
assumptions:
your ip, internal ip = EXT_IP, INT_IP
desired port for listening: 3478
single credential username:password = user:root
realm: someRealm
in your WebRTC app, you can use trun server like:
{
url: 'turn:user#EXT_IP:3478',
credential: 'root'
}

Add trusted CA to Debian/Ubuntu image

I'm trying to deploy a CA certificate as a trusted root certificate in a Debian/nodejs container as described in https://askubuntu.com/a/94861/88763 or http://blog.bigon.be/2014/03/22/add-a-new-ca-certificate-to-the-certificates-stash-in-debian/ but it fails with no apparent reason. My Dockerfile:
FROM debian:jessie # or buildpack-deps:jessie or node:5
RUN apt-get update -y && \
apt-get install ca-certificates netcat strace wget -y
ADD rootCa.pem /usr/local/share/ca-certificates/rootCa.crt
RUN update-ca-certificates --verbose
CMD ["netcat", "-l", "12345"] # just to keep the container running
When building the container it actually tells me a certificate was added (1 added, 0 removed; done.) Nonetheless, when I try to use the root CA with wget, it is not found:
$ sudo docker exec -it cleanslatehg_catests_1 wget https://foo.v3.testing
converted 'https://foo.v3.testing' (ANSI_X3.4-1968) -> 'https://foo.v3.testing' (UTF-8)
--2016-02-02 15:11:33-- https://foo.v3.testing/
Resolving foo.v3.testing (foo.v3.testing)... 172.19.0.7
Connecting to foo.v3.testing (foo.v3.testing)|172.19.0.7|:443... connected.
ERROR: The certificate of 'foo.v3.testing' is not trusted.
Using the Ubuntu base image, I can access https://foo.v3.testing successfully:
FROM ubuntu
RUN apt-get update -y && \
apt-get install ca-certificates netcat strace wget -y
ADD rootCa.pem /usr/local/share/ca-certificates/rootCa.crt
RUN update-ca-certificates --verbose
CMD ["netcat", "-l", "12345"]
$ sudo docker exec -it cleanslatehg_catests_1 wget https://foo.v3.testing
--2016-02-02 15:23:17-- https://foo.v3.testing/
Resolving foo.v3.testing (foo.v3.testing)... 172.19.0.7
Connecting to foo.v3.testing (foo.v3.testing)|172.19.0.7|:443... connected.
HTTP request sent, awaiting response... 200 OK
[…]
2016-02-02 15:23:17 (33.9 MB/s) - 'index.html' saved [170/170]