I am suing passphrase protected SSL certificate for my Apache server. Whenever I try to restart the Apache server is is asking for passphrase, I can enter the passphrase manually however how to restart the service using Ansible module (either systemd or command)? How can I pass my passphrse in ansible to start the service?
To make apache receive the passphrase everytime it restarts, add this to the httpd.conf:
SSLPassPhraseDialog exec:/path/to/passphrase-file
and in your /path/to/passphrase-file file:
#!/bin/sh
echo "the passphrase"
answer from https://serverfault.com/questions/71043/ssl-password-on-apache2-restart
Related
I have setup an ansible environment with a control machine (centos) and 3 other remote hosts (centos). Everything is fine with regards to the actual functioning but I want it to work a little seamlessly I guess.
I have setup the ssh authentication using #ssh-key-gen on my master server and then used #ssh-copy-id to all my 3 hosts for the passphrase and it works.
Now each time I run my ansible command to these servers it asks me for passphrase and only then the command completes. I dont want that to happen. I tried defining that in my hosts file as you see below but that hasnt worked. I even tried with the vars and it doesnt work with that as well. When i run the command #ansible servers -m ping it asks me for the ssh passphrase and the it runs...
[servers]
10.0.0.1
ansible_ssh_user=root ansible_ssh_private_key_file=/home/ansible/.ssh/id_rsa
Thanks
A
Now each time I run my ansible command to these servers it asks me for passphrase and only then the command completes. I dont want that to happen.
Generate your ssh key without passphrase.
or
Setup ssh key agent.
This is a bit off-topic for SO
I started an instance on amazon ec2, ami is ubuntu 14.04. I followed the steps on https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/putty.html exactly up until "Transferring Files to Your Linux Instance Using the PuTTY Secure Copy Client" Since I don't need to put files on there just yet. Then I followed the following: https://help.ubuntu.com/community/ApacheMySQLPHP.
"To install the default LAMP stack in Ubuntu 10.04 and above
First refresh your package index...
$ sudo apt-get update
... and then install the LAMP stack:
$ sudo apt-get install lamp-server^
Mind the caret (^) at the end. "
After that I tried
sudo /etc/init.d/apache2 restart
After which ubuntu said: httpd (pid 5549) already running
Yet when I try to browse with chrome to the public ip which shows in the amazon console I get
This webpage is not available
ERR_CONNECTION_TIMED_OUT
In my browser. What am I doing wrong?
check your security group settings. What are the inbound rules?
You need to add the IP(s) from where you are opening the web browser in the inbound rules. Also, check whether you are using private IP or public IP on the browser. You need to use public IP.
Running sudo puppet agent -t from host: host.internaltest.com
err: Could not retrieve catalog from remote server: Error 400 on SERVER: Another local or imported resource exists with the type and title Host[host.internaltest.com] on node host.internaltest.com
This machine had its ssl certs messed with so I cleaned it off the master and then using autosign (bad bad i know!) I ran sudo puppet agent -t which regenerated the ssl cert but also threw this error. Let me know if you need more information, I haven't delete with this aspect of puppet too much.
Most likely puppetmaster has this cert in the memory. You need to clean the cert both on client and in the master
#On client machine do this assuming puppet libdir = /var/lib/puppet
rm -rf /var/lib/puppet/ssl/*/*.pem
#On the puppet-master
puppet cert clean host.internaltest.com
# Restart puppet-master
/sbin/service puppetmasterd restart
# If you are using puppet-master behind passenger, you may need to restart httpd
/sbin/service httpd restart
# then run puppet agent on the client to regenerate the cert
If one uses an stunnel and globally set http_proxy this error will occur when it is redirected to the wrong endpoint.
I have an virtual Ubuntu machine (13.04) which i can currently use to ssh to a virtual OpenWrt machine. It works no problem with passwordless SSH because I set up the keys.
Also on the Ubuntu machine is a web server (XAMPP/LAMPP package that uses Apache) from which I have a PHP page that runs the SSH script on the command line using shell_exec().
But the webserver does not have the same permissions as the Ubuntu user, as when I run the script from the webserver, it asks for the password (in a pop up box).
Is there anyway that I can create a key for the webserver in the same way that I have for the Ubuntu machine?
I've looked for an Apache user that I can use in the command line, but as far as I can tell, Apache uses a daemon (of which I have basically no understanding).
Is this possible?
yes, it is possible. easiest way is probably like this
in ubuntu generate a new key as any user (ssh-keygen)
register the key on the openwrt server
check that the key works
in ubuntu move the key to a sensible location (/var/www if it is NOT used as docroot, or something under /etc/ or /srv) and chown it to the apache user (www-data probably)
in shell_exec use ssh -i $KEYFILE when connecting
The scenario is this: I have an Apache web server installed on a Windows 7 machine. The same machine has cygwin installed, and cygwin is configured with ssh. This allows me to ssh into cygwin remotely, and then, through cygwin, I can access other files on this computer (even those not in cygdrive).
My question: How can I restart the web server through cygwin if I am accessing it remotely through ssh? Is it possible? Thanks
If your service is called Apache, then like this:
ssh machine "net stop Apache; net start Apache"
Sometimes it is called Apache2 or httpd, depending on your distro.
In linux is
$ sudo service apache2 restart
or
$ sudo /etc/init.d/apache2 restart
See: http://httpd.apache.org/docs/2.2/platform/windows.html#winsvc
and http://httpd.apache.org/docs/2.2/platform/windows.html#wincons
You can try this one
$ service httpd restart
or
$ /etc/init.d/httpd restart