serverless deploy From Behind a Proxy? - npm

On a windows machine how do I run serverless deploy from behind a proxy using a cafile?
I am able to install serverless but when I run serverless deploy I get the following error:
Serverless: Injecting required Python packages to package...
Serverless: Recoverable error occurred (unable to get local issuer certificate), sleeping for 5 seconds. Try 1 of 4
I have tried the following solutions, suggested from this issue page, with no benefit:
set environment variable cafile to a path containing my pem file
set environment variable ca to the contents of my pem file
set environment variable NODE_TLS_REJECT_UNAUTHORIZED=0
npm config set cafile = "/path/to/my/cert"
npm config set strict-ssl = false

Try to set default *nix proxy environment variables:
http-proxy and
https-proxy
in the form: http(s)://username:password#proxy.address:proxy_port.

If it is a secure proxy that you use, it might be the proxy certificate or certificate's CA that you need to set as cafile.

Related

yarn - Unable to get local issuer certificate

I have this problem with Unable to get local issuer certificate.
I already tried yarn config set strict-ssl false. I also set proxy. And also tried npm config set strict-ssl false, but none of these worked.
It's a Windows Computer with a proxy network.
Hope someone can help me here.

Gitlab SSL Handshake failed server most likely require client certificate

Everything was working fine from months I was able to clone/fetch/push/pull from my Gitlab repo on my mac:
Suddenly started to get this error on mac:
When I run the command:
git fetch "repo_link" I get the following error
unable to access : SSL peer handshake failed, the server most likely requires a client certificate to connect.
git config http.sslVerify false is already set.
Even if try to fetch/push/pull from Android studio getting the same error.
Tried clone/fetch on another mac it's working fine.
Please help.
It worked for me by using SSL instead of HTTPS.
I simply added another remote repo using the following command
git remote add org git#gitlab.com:***/***.git
Replace *** with your SSH path details
Then add an SSH to your GitLab account from here
To add an SSH key you need to generate one or use an existing key.
Once the key has been added to your GitLab account you can try
git push -u org master
Try to enable the sslVerify
locally at repo git config http.sslVerify true or globally git config --global http.sslVerify true

Artifactory - Migrate from HTTP to HTTPS

The following are steps that I executed:
Created CSR using https://www.digicert.com/easy-csr/openssl.htm
Obtained CA certificate & Certificate chain in pem format
Modified files for HTTPS implementation: httpd.conf, ssl.conf, server.xml
I put the certificate & key in /etc/httpd/certificates:
armdev.key certnew.cer certnew-chain.crt
stop/start apache and artifactory service
launch https://arm.cn.ca:8443/artifactory. Errors:
IE error: "This page can not be displayed".
Chrome error: "This site can not be reached".
JFrog instruction to configure Artifactory behind Apache is not clear. Could you help please.
You can use the Artifactory reverse proxy configuration generator in order to create the Apache configuration.
Using the generator you can fill in a set of fields to generate the required configuration snippet which you can then download and install directly in the corresponding directory of your reverse proxy server.

Self signed certificate SSL Error using self hosted GitLab

I have a hosted Git repo on my company intranet. I can clone, pull, push, etc successfully with command line Git by disabling sslverify. I know this is not ideal but I have no control over our certificate or IT infrastructure so it is what it is.
I paid for GitLab EE, setup the omnibus package and I'm trying to clone the repo via https. However I get an error that it cannot verify the SSL certificate. This is not entirely unexpected but I cannot figure out how to bypass the ssl verification with GitLab EE. In the http settings I set self verified to true and pointed it to my .pem in /etc/gitlab/ssl but I get the same error.
Can I just set sslverify to false like I did command line git?
Since GitLab fails to pull from a Repo because the certificate check failed, you can set git specific settings in your /etc/gitlab/gitlab.rb. There is a key called omnibus_gitconfig['system'] there your config should be something like:
omnibus_gitconfig['system'] = { "http" => ["sslVerify = false"]}
This is bad practice and you should use it with caution.
You could specify the domain to disable certificate checks for with:
omnibus_gitconfig['system'] = { "http \"https://example.com\"" => ["sslVerify = false"]}
You can define it in omnibus configuration package like Fairy says.
Or you can use int a git bash command :
git config --global sslVerify false
This will disable the HTTPS verification of current repository

Tunnel Connection Failed error when logging into artifactory docker registry

We have created a private docker registry in artifactory.
Our artifactory is a standalone installation and have Nginx as a webserver.
SSL certificates are trusted and works fine.
on docker client, I have copied the ca.crt to /etc/docker/certs.d/:5001/
while am trying to login or push images from my docker client i see below error.
[root#cds-dev-test ~]# docker login artifactory.host:5001
Username: raj
Password:
Email: raj#gmail.com
Error response from daemon: invalid registry endpoint
https://artifactory.host:5001/v0/: unable to ping registry endpoint
v2 ping attempt failed with error: Get https://artifactory.host:5001/v2/: Tunnel Connection Failed
v1 ping attempt failed with error: Get artifactory.host:5001/v1/_ping: Tunnel Connection Failed. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add --insecure-registry artifactory.host:5001 to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/artifactory.host:5001/ca.crt
my docker version is 1.9.1 and artifactory versioin 4.4.3.
It works when i use --insecure-registry option but not the secure way. We have all trusted certs in place, still see the error.
I have tried using proxy settings on docker client and also without proxy... always the same error.
Any help guys?
I figured it out.
I have proxy settings under my docker deamon. I have added No_Proxy and it works fine.
FYI....
so people if you are using trusted CA cert, and your network is behind proxy, make sure your docker services file doesnt have proxy settings, if it does add No-proxy=artifactory.host.
/etc/systemd/system/docker.service.d/http-proxy.conf
Thanks