pagekite.py [flying] DynDNS updates may be incomplete, will retry - tunneling

I am trying to make my localhost:80 available on the internet using pagekite with config at ~/.pagekite.rc:
## NOTE: This file may be rewritten/reordered by pagekite.py.
#
##[ Default kite and account details ]##
kitename = myemail#gmail.com
kitesecret = my_kite_secret
##[ Front-end settings: use pagekite.net defaults ]##
defaults
##[ Back-end service examples ... ]##
#
service_on = https:asldkjdk39090.pagekite.me:localhost:80:my_kite_secret
END
I run pagekite:
# pagekite.py
>>> Hello! This is pagekite.py v0.5.9.3. [CTRL+C = Stop]
Connecting to front-end relay 54.84.55.54:443 ...
- Protocols: http http2 http3 https websocket irc finger httpfinger raw
- Protocols: minecraft
- Ports: 79 80 443 843 2222 3000 4545 5222 5223 5269 5670 6667 8000 8080
- Ports: 8081 8082 8083 9292 25565
- Raw ports: virtual
~<> Flying localhost:80 as https://asldkjdk39090.pagekite.me/
Trying localhost:80 as https://asldkjdk39090.pagekite.me/
<< pagekite.py [flying] DynDNS updates may be incomplete, will retry...
Then I request https://asldkjdk39090.pagekite.me/ and it gives an error:
$ curl https://asldkjdk39090.pagekite.me/
curl: (6) Could not resolve host: asldkjdk39090.pagekite.me
I don't clearly understand why it's not working and how to fix it. I expect that pagekite pass request to my localhost:80 when I request https://asldkjdk39090.pagekite.me/ but it doesn't.
Update
With this config it's working:
## NOTE: This file may be rewritten/reordered by pagekite.py.
#
##[ Default kite and account details ]##
kitename = my_kite_name
kitesecret = my_kite_secret
##[ Front-end settings: use pagekite.net defaults ]##
defaults
##[ Back-end service examples ... ]##
#
service_on = http:my_kite_name.pagekite.me:localhost:80:my_kite_secret
END
Where my_kite_name is the name I created on settings page.
Then curl https://my_kite_name.pagekite.me/ redirects properly to my localhost
So it's working for pre-created names and not working for a random name like asldkjdk39090 which I want to use as a subdomain on the fly without registering it on the settings page.

On-the-fly subdomains aren't supported by pagekite.net.
You always have to pre-register, either using the website or the built-in registration tool in pagekite.py itself. Unfortunately, on some modern distros the built-in pagekite.py registration is currently broken because our API server is obsolete and modern versions of OpenSSL refuse to connect to it.
We are working on fixing that, obviously, but it will take some time because of dependencies.

Related

I want to configure the Prometheus using kube-prom-stack to federate metrics from https server

I have kube-prom-stack runnning on a node and i have configure it using federate endpoint to scrape metrics from a remote server as below in my values.yaml file:
additionalScrapeConfigs:
- job_name: 'sp-federation'
scrape_interval: 20s
scrape_timeout: 20s
scheme: http
metrics_path: /federate
honor_labels: true
metric_relabel_configs:
- source_labels: [id]
regex: '^static-agent$'
action: drop
params:
match[]:
- '{__name__=~"kube_.*"}'
static_configs:
- targets: ['X.X.X.X:9090']
But the remote server only accepts connection on https.
I want to configure it in such a way that it pull the metrics from https by skipping the certificate validation part as i don't have the remote server certificate now.
Please help, as i am a beginner in the networking and prometheus.
I used below configuration to deploy the kube-prom-stack, but not sure what to do next to skip the server certificate validation.
serviceMonitor:
## Scrape interval. If not set, the Prometheus default scrape interval is used.
##
interval: ""
selfMonitor: true
## proxyUrl: URL of a proxy that should be used for scraping.
##
proxyUrl: ""
## scheme: HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS.
scheme: ""
## enableHttp2: Whether to enable HTTP2.
## See https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#endpoint
enableHttp2: true
## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS.
## Of type: https://github.com/coreos/prometheus-operator/blob/main/Documentation/api.md#tlsconfig
tlsConfig: {}
bearerTokenFile:

Mercure keeps binding to port 80

I'm using the Mercure hub 0.13, everything works fine on my development machine, but on my test server the hub keeps on trying to bind on port 80, resulting in a error, as nginx is already running on port 80.
run: loading initial config: loading new config: http app module: start: tcp: listening on :80: listen tcp :80: bind: address already in use
I'm starting the hub with the following command:
MERCURE_PUBLISHER_JWT_KEY=$(cat publisher.key.pub) \
MERCURE_PUBLISHER_JWT_ALG=RS256 \
MERCURE_SUBSCRIBER_JWT_KEY=$(cat publisher.key.pub) \
MERCURE_SUBSCRIBER_JWT_ALG=RS256 \
./mercure run -config Caddyfile.dev
Caddyfile.dev is as follows:
# Learn how to configure the Mercure.rocks Hub on https://mercure.rocks/docs/hub/config
{
{$GLOBAL_OPTIONS}
}
{$SERVER_NAME:localhost:3000}
log
route {
redir / /.well-known/mercure/ui/
encode zstd gzip
mercure {
# Transport to use (default to Bolt)
transport_url {$MERCURE_TRANSPORT_URL:bolt://mercure.db}
# Publisher JWT key
publisher_jwt {env.MERCURE_PUBLISHER_JWT_KEY} {env.MERCURE_PUBLISHER_JWT_ALG}
# Subscriber JWT key
subscriber_jwt {env.MERCURE_SUBSCRIBER_JWT_KEY} {env.MERCURE_SUBSCRIBER_JWT_ALG}
# Permissive configuration for the development environment
cors_origins *
publish_origins *
demo
anonymous
subscriptions
# Extra directives
{$MERCURE_EXTRA_DIRECTIVES}
}
respond /healthz 200
respond "Not Found" 404
}
When I provider the SERVER_NAME as an environment variable, without a domain, SERVER_NAME=:3000, the hub actually starts on port 3000, but runs in http mode, which only allows for anonymous subscriptions and is not what I need.
Server:
Operating System: CentOS Stream 8
Kernel: Linux 4.18.0-383.el8.x86_64
Architecture: x86-64
Full output when trying to start the Mercure hub:
2022/05/10 04:50:29.605 INFO using provided configuration {"config_file": "Caddyfile.dev", "config_adapter": ""}
2022/05/10 04:50:29.606 WARN input is not formatted with 'caddy fmt' {"adapter": "caddyfile", "file": "Caddyfile.dev", "line": 3}
2022/05/10 04:50:29.609 INFO admin admin endpoint started {"address": "tcp/localhost:2019", "enforce_origin": false, "origins": ["localhost:2019", "[::1]:2019", "127.0.0.1:2019"]}
2022/05/10 04:50:29.610 INFO http enabling automatic HTTP->HTTPS redirects {"server_name": "srv0"}
2022/05/10 04:50:29.610 INFO tls.cache.maintenance started background certificate maintenance {"cache": "0xc0003d6150"}
2022/05/10 04:50:29.627 INFO tls cleaning storage unit {"description": "FileStorage:/root/.local/share/caddy"}
2022/05/10 04:50:29.628 INFO tls finished cleaning storage units
2022/05/10 04:50:29.642 INFO pki.ca.local root certificate is already trusted by system {"path": "storage:pki/authorities/local/root.crt"}
2022/05/10 04:50:29.643 INFO tls.cache.maintenance stopped background certificate maintenance {"cache": "0xc0003d6150"}
run: loading initial config: loading new config: http app module: start: tcp: listening on :80: listen tcp :80: bind: address already in use
I'm a bit late, but I hope that will help someone.
As mentionned here, you can specify the http_port manually in your caddy configuration file.

I can see live app on secured port 443 red5pro

I prepared server ubuntu like from docs. I created SSL cert to my domin and i have open required ports. I installed red5pro in to /usr/local/red5pro/ and server fine. When i will go to http://example.com:5080/ i can see home page red5pro and is ok. But when i click on broadcast i have a info: No suitable Publisher found. WebRTC & Flash not supported. Ok, maybe because is http not https. I decided create test index page in to /var/www/test/index.html and i have basic configuration like:
var config = {
protocol: 'wss',
host: 'example.com',
port: 443,
app: 'live',
streamName: 'abccaccaa',
rtcConfiguration: {
iceServers: [{urls: 'stun:stun2.l.google.com:19302'}],
iceCandidatePoolSize: 2,
bundlePolicy: 'max-bundle'
} // See https://developer.mozilla.org/en-US/docs/Web/API/RTCPeerConnection/RTCPeerConnection#RTCConfiguration_dictionary
};
And now when i try broadcast have an info: WebSocket connection to 'wss://example.com/live/?id=abccaccaa' failed: Error during WebSocket handshake: Unexpected response code: 404
Looks like have no example.com/live and cant figure out what is wrong :( since 2 days. Maybe someone could give me an advice ? Or alternative on other application than red5pro

Kafka over ssl: does not have listener with name `ListenerName(SSL)’

I try to configure my Kafka brokers to work under ssl. I have the following configuration in all brokers:
listeners=PLAINTEXT://0.0.0.0:9092, SSL://0.0.0.0:9093
advertised.host.name=my_host_ip
port=9092
ssl.truststore.location=/opt/kafka/kafka.server.truststore.jks
ssl.keystore.location=/opt/kafka/kafka.server.keystore.jks
ssl.key.password=123456
ssl.keystore.password=123456
ssl.truststore.password=123456
And some other definitions which are not related to my ssl configuration.
In the client configuration I have the following:
security.protocol=SSL
ssl.truststore.location=/opt/kafka_2.12-0.10.2.0/config/ssl/kafka/client.truststore.jks
ssl.truststore.password=123456
With port 9092 (no ssl) everything works well, but when I try to use port 9093 - I got the following error, and I can't post message to the Kafka topic:
2017-04-25T16:59:19.945801000Z [2017-04-25 16:59:19,857] ERROR [KafkaApi-2] Error when handling request {topics=null} (kafka.server.KafkaApis)
2017-04-25T16:59:19.945991000Z kafka.common.BrokerEndPointNotAvailableException: Broker `2` does not have listener with name `ListenerName(SSL)’
I have ssl connection between the machines (checked with openssl)
What can be the reason?
I think you're exposing port 9092, but your SSL is configured to listen to 9093. Also, if I remember correctly, advertised.host.name is a deprecated parameter in kafka 0.10.x
I'll suggest commenting out advertised.host.name=my_host_ip and port=9092 and putting advertised.listeners=PLAINTEXT://<ip>:9092, SSL://<ip>:9093

svn support on reverse proxy (pound) OPTIONS authorization failed

How do I implement the WebDav support on pound?
Error:
svn: OPTIONS of "[repo] "authorization failed"
I can't find any examples. What I have gives me unknown directive
ListenHTTPS
Address 192.168.1.200
Port 443
Cert "/etc/pound/server.pem"
WebDav 1
HTTPSHeaders 1 "Front-End-Https: on"'
Service
HeadRequire "Host: .*svn.mydomain.com.*"
BackEnd
Address 192.168.1.21
Port 80
End
End
Service
HeadRequire "Host: .*svn.mydomain.org.*"
BackEnd
Address 192.168.1.21
Port 80
End
End
End
Solution xHTTP 2
ListenHTTPS
Address 192.168.1.200
Port 443
Cert "/etc/pound/server.pem"
xHTTP 2
Service
...
From man pound (who knew manuals had useful information?):
xHTTP value
Defines which HTTP verbs are accepted. The possible values are:
...
2 additionally allow standard WebDAV verbs (LOCK, UNLOCK, PROPFIND, PROPPATCH, SEARCH, MKCOL, MOVE, COPY, OPTIONS, TRACE, MKACTIVITY, CHECKOUT, MERGE, REPORT).
...