We Keep Coding

How to correctly set SSL in pg_hba.conf of postgreSQL-11?

In Ubuntu 18.04.02 Server Edition with postgreSQL-11 I want to add the possibility of SSL communication between the postgreSQL server and a client.
I turned the ssl on in postgresql.conf :
sudo nano /etc/postgresql/11/main/postgresql.conf
ssl = on
and in pg_hba.conf I added a line for ssl :
sudo nano /etc/postgresql/11/main/pg_hba.conf
local all postgres peer
# TYPE DATABASE USER ADDRESS
METHOD
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
local replication all peer
host replication all 127.0.0.1/32 md5
host replication all ::1/128 md5
host all all 192.168.1.1/24 md5
# Only for SSL connections :
hostssl all all cert
But when reloading the new configuration, and restarting postgreSQL :
(base) marco#pc:~$ sudo /etc/init.d/postgresql reload
[ ok ] Reloading postgresql configuration (via systemctl):
postgresql.service.
(base) marco#pc:~$ sudo service postgresql restart
(base) marco#pc:~$ sudo service postgresql status
● postgresql.service - PostgreSQL RDBMS
Loaded: loaded (/lib/systemd/system/postgresql.service; enabled;
vendor preset: enabled)
Active: active (exited) since Mon 2019-09-16 18:48:13 CEST; 6s
ago
Process: 3349 ExecReload=/bin/true (code=exited, status=0/SUCCESS)
Process: 3399 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
Main PID: 3399 (code=exited, status=0/SUCCESS)
Sep 16 18:48:13 pc systemd[1]: Starting PostgreSQL RDBMS...
Sep 16 18:48:13 pc systemd[1]: Started PostgreSQL RDBMS.
I get this error:
(base) marco#pc:~$ sudo su -l postgres
postgres#pc:~$ psql
psql: could not connect to server: No such file or directory
Is the server running locally and accepting
connections on Unix domain socket "/var/run/postgresql/.s.PGSQL.5432"?
I already tried the suggestions found here: https://askubuntu.com/questions/50621/cannot-connect-to-postgresql-on-port-5432
withour any success
When commenting the hostssl line in pg_hba.conf:
# Only for SSL connections :
#hostssl all all cert
The error disappears:
(base) marco#pc:~$ sudo /etc/init.d/postgresql reload
[ ok ] Reloading postgresql configuration (via systemctl):
postgresql.service.
(base) marco#pc:~$ sudo service postgresql restart
(base) marco#pc:~$ sudo service postgresql status
● postgresql.service - PostgreSQL RDBMS
Loaded: loaded (/lib/systemd/system/postgresql.service; enabled;
vendor preset: enabled)
Active: active (exited) since Mon 2019-09-16 18:52:37 CEST; 3s
ago
Process: 3455 ExecReload=/bin/true (code=exited, status=0/SUCCESS)
Process: 3511 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
Main PID: 3511 (code=exited, status=0/SUCCESS)
Sep 16 18:52:37 pc systemd[1]: Starting PostgreSQL RDBMS...
Sep 16 18:52:37 pc systemd[1]: Started PostgreSQL RDBMS.
(base) marco#pc:~$ sudo su -l postgres
postgres#pc:~$ psql
psql (11.5 (Ubuntu 11.5-1.pgdg18.04+1))
Type "help" for help.
postgres=# help
You are using psql, the command-line interface to PostgreSQL.
Type: \copyright for distribution terms
\h for help with SQL commands
\? for help with psql commands
\g or terminate with semicolon to execute query
\q to quit
postgres=#
So, my question is : how to correctly set ssl in /etc/postgresql/11/main/pg_hba.conf ?
SOLVED: adding the IP addresses range in pg_hba.conf:
hostssl all all 192.168.1.0/24 cert

Net Core 2.2 AWS RHEL 7.5 Deployment

I m trying to deploy my 1st ASP.NET Core 2.2 API on AWS RHEL 7.5
my /etc/systemd/system/kestrel-mytest.service
[Unit]
Description=.NET Prototypes Application on Linux
[Service]
WorkingDirectory=/home/ec2-user/webapi
ExecStart=/usr/bin/dotnet /home/ec2-user/webapi/prototypes.dll
Restart=always
# Restart service after 10 seconds if the dotnet service crashes:
RestartSec=10
KillSignal=SIGINT
SyslogIdentifier=dotnet-example
User=apache
Environment=ASPNETCORE_ENVIRONMENT=Production
Environment=DOTNET_PRINT_TELEMETRY_MESSAGE=false
TimeoutStopSec=90
[Install]
WantedBy=multi-user.target
now I am facing with:
[ec2-user#ip-172-31-6-33 dotnet]$ sudo systemctl status kestrel-mytest.service
â kestrel-mytest.service - .NET Prototypes Application on Linux
Loaded: loaded (/etc/systemd/system/kestrel-mytest.service; disabled; vendor preset: disabled)
Active: activating (auto-restart) (Result: exit-code) since Tue 2019-02-19 14:06:39 UTC; 6s ago
Process: 3902 ExecStart=/usr/bin/dotnet /home/ec2-user/webapi/prototypes.dll (code=exited, status=145)
Main PID: 3902 (code=exited, status=145)
Feb 19 14:06:39 ip-172-31-6-33.ap-southeast-1.compute.internal systemd[1]: kestrel-mytest.service: main process exited, code=exited, status=145/n/a
Feb 19 14:06:39 ip-172-31-6-33.ap-southeast-1.compute.internal systemd[1]: Unit kestrel-mytest.service entered failed state.
Feb 19 14:06:39 ip-172-31-6-33.ap-southeast-1.compute.internal systemd[1]: kestrel-mytest.service failed.
[ec2-user#ip-172-31-6-33 dotnet]$
what I missed?..
thanks a lot in advance
Don

this would resolved:
working directory MUST be the same as DocumentRoot of Apache (/etc/httpd/conf/httpd.conf) (in my case, DocumentRoot is /var/www/html/ so, it should be:
WorkingDirectory=/var/www/html/webapi, do does the ExecStart as below:
ExecStart=/usr/bin/dotnet /var/www/html/webapi/prototypes.dll
things to consider:
chown -R apache:your_group /var/www/html/webapi
don't forget to stop and start kestrel to take effect.
systemctl stop kestrel-xxx
systemctl start kestrel-xxx
systemctl enable kestrel-xxx to automate start after machine rebooted
to check dotnet listener port status
sudo lsof -i -P -n | grep LISTEN

td-agent won't work on amazon linux 2

I'd like to know how to have td-agent read apache log files on Amazon linux2.
It seems td-agent doesn't have permission to read log file but I cannot fix this.
I installed amazon linux2 into virtualbox using vagrant.
Ref.
https://app.vagrantup.com/aibax/boxes/amazonlinux2
https://docs.fluentd.org/v1.0/articles/install-by-rpm#systemd
versions
virtual box: 5.2.16 r123759
vagrant: Vagrant 2.1.2
1 install apache and td-agent using ansible.
# ansible/playbook.yml
# install apache
- name: install httpd (apache)
become: yes
yum:
name: httpd
state: present
# install td-agent
- name: install td-agent
raw: "curl -L https://toolbelt.treasuredata.com/sh/install-amazon2- td-agent3.sh | sh"
- name: upload etc/td-agent/td-agent.conf
become: yes
copy: src=../etc/td-agent/td-agent.conf
dest=/etc/td-agent/td-agent.conf
directory_mode=yes
--
# /etc/td-agent/td-agent.conf
<source>
type tail
format apache
path /var/log/httpd/access_log
tag apache.access_log
pos_file /var/log/td-agent/access_log.pos
</source>
<source>
type tail
format apache
path /var/log/httpd/error_log
tag apache.error_log
pos_file /var/log/td-agent/error_log.pos
</source>
<match apache.**>
type forward
<server>
name jobq01
host 52.68.22.100
port 24224
</server>
</match>
run apache
$ sudo systemctl start httpd
confirm apache works from chrome.
run td-agent and confirm
--
$ sudo systemctl start td-agent.service
$ sudo systemctl status td-agent.service
● td-agent.service - td-agent: Fluentd based data collector for Treasure Data
Loaded: loaded (/usr/lib/systemd/system/td-agent.service; disabled; vendor preset: disabled)
Active: active (running) since 月 2018-08-06 05:24:22 UTC; 1min 1s ago
Docs: https://docs.treasuredata.com/articles/td-agent
Process: 5532 ExecStart=/opt/td-agent/embedded/bin/fluentd --log /var/log/td-agent/td-agent.log --daemon /var/run/td-agent/td-agent.pid $TD_AGENT_OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 5537 (fluentd)
CGroup: /system.slice/td-agent.service
└─5537 /opt/td-agent/embedded/bin/ruby /opt/td-agent/embedded/bin/fluentd --log /var/log/td-agent/td-agent.log --daemon /var/run/td-agent/td-agent.pid
8月 06 05:24:21 localhost systemd[1]: Starting td-agent: Fluentd based data collector for Treasure Data...
8月 06 05:24:22 localhost systemd[1]: Started td-agent: Fluentd based data collector for Treasure Data.

I fixed this problem myself
User and Group in the file below should be modified to root.
/lib/systemd/system/td-agent.service

Cpanel - Startup Script

How can one go about getting a java command when they reboot their server using Cpanel or WHM? I have a spring boot application running (starting it using java -jar jarname.jar. When I restart Cpanel I have to run the script manually. How Can I make it so the command will automatically run when Cpanel or Centos7 restart? I installed java as the root so I dont know if that means I have to run it as a Centos7 script instead of a Cpanel script of some sort.
The error I am currently getting using a centos7 systemctl service:
blah.service - Startsspring boot
Loaded: loaded (/etc/systemd/system/blah.service; enabled; vendor preset: disabled)
Active: inactive (dead) since Fri 2018-04-27 19:19:47 EDT; 2s ago
Process: 3642 ExecStart=/usr/bin/bash /usr/bin/blah.sh (code=exited, status=0/SUCCESS)
Main PID: 3642 (code=exited, status=0/SUCCESS)
Apr 27 19:19:47 server systemd[1]: Started Starts spring boot.
Apr 27 19:19:47 server systemd[1]: Starting Starts spring boot...
Thats all the help i get says it starts but the service never starts my jar it says inactive :(
startups script:
[Unit]
Description=Starts spring boot
After=network.target
[Service]
ExecStart=/usr/bin/bash /usr/bin/blah.sh
Type=simple
User=root
[Install]
WantedBy=multi-user.target
the .sh file (works fine if i run it command line)
/usr/bin/nohup /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.161-0.b14.el7_4.x86_64/jre/bin/java -jar /home/domain/public_html/jarname.jar &
Thanks,
Brian

I found a solution here. I just did the java command in the systemd service not in a shell script.
https://techdev.io/en/developer-blog/jvm-applications-as-a-service-with-systemd

nginx is started but not found service on ubuntu

I try to restart the apache service on ubuntu 16.04 but i can not because the port '80' is listened to by nginx.
But when I try to stop nginx, the service is not found.
netstat -ltnp | grep ':80'
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 6069/nginx
systemctl status nginx
● nginx.service
Loaded: not-found (Reason: No such file or directory)
Active: inactive (dead)
service nginx stop
Failed to stop nginx.service: Unit nginx.service not loaded.
So how can I stop nginx in order to restart apache ?
Thanks for your help

nginx on your machine was started in other way then systemd standard nginx service.
alex#openresty:~$ ps aux | grep nginx
root 2668 0.0 0.0 41040 928 ? Ss 12:33 0:00 nginx: master process /usr/local/openresty/bin/openresty -p /usr/local/openresty/nginx/
nobody 2669 0.0 0.0 41040 3316 ? S 12:33 0:00 nginx: worker process
Will show you the full path of running nginx with command line arguments. Here is example from my PC (I use Openresty bundle so your paths may vary).
Now take a look at nginx master process command line parameters. If -p is present you should use exactly the same to stop nginx. For my case it should be:
/usr/local/openresty/bin/openresty -p /usr/local/openresty/nginx/ -s stop
If -p is missed you may just
/usr/local/openresty/bin/openresty -s stop
It would stop nginx, but it may be possible that on your PC nginx is configured to run as not standard service, for example hand written systemd unit.
So on every reboot you will have nginx running again.