I am using OpenStack Ocata release installed on my own servers. Long time all worked well.
A few days ago OpenStack dashboard starts frequently sign out users. And I can't figure out what is wrong.
Why httpd return 302 redirect to the login page? And how to debug what is wrong?
Httpd access logs:
10.0.0.2 - - [21/Mar/2018:08:29:26 +0000] "POST /dashboard/auth/login/ HTTP/1.1" 302 - "http://dashboard.example.com/dashboard/auth/login/?next=/dashboard/" "Mozilla/5.0 ... Firefox/59.0"
10.0.0.2 - - [21/Mar/2018:08:29:27 +0000] "GET /dashboard/ HTTP/1.1" 302 - "http://dashboard.example.com/dashboard/auth/login/?next=/dashboard/" "Mozilla/5.0 ... Firefox/59.0"
10.0.0.2 - - [21/Mar/2018:08:29:27 +0000] "GET /dashboard/identity/ HTTP/1.1" 200 53953 "http://dashboard.example.com/dashboard/auth/login/?next=/dashboard/" "Mozilla/5.0 ... Firefox/59.0"
193.169.81.251 - - [21/Mar/2018:08:29:29 +0000] "GET /dashboard/i18n/js/horizon+openstack_dashboard/ HTTP/1.1" 200 2372 "http://dashboard.example.com/dashboard/identity/" "Mozilla/5.0 ... Firefox/59.0"
10.0.0.2 - - [21/Mar/2018:08:29:33 +0000] "GET /dashboard/project/ HTTP/1.1" 302 - "http://dashboard.example.com/dashboard/identity/" "Mozilla/5.0 ... Firefox/59.0"
10.0.0.2 - - [21/Mar/2018:08:29:33 +0000] "GET /dashboard/auth/login/?next=/dashboard/project/ HTTP/1.1" 200 9041 "http://dashboard.example.com/dashboard/identity/" "Mozilla/5.0 ... Firefox/59.0"
10.0.0.2 - - [21/Mar/2018:08:29:34 +0000] "GET /dashboard/i18n/js/horizon+openstack_dashboard/ HTTP/1.1" 200 2372 "http://dashboard.example.com/dashboard/auth/login/?next=/dashboard/project/" "Mozilla/5.0 ... Firefox/59.0"
Httpd error logs:
[Wed Mar 21 08:29:26.646941 2018] [:error] [pid 41571] Attempted scope to domain default failed, will attemptto scope to another domain.
[Wed Mar 21 08:29:26.851412 2018] [:error] [pid 41571] Login successful for user "exampeuser", remote address 10.0.0.2.
[Wed Mar 21 08:29:27.161127 2018] [authz_core:error] [pid 25877] [client 10.0.0.2:44688] AH01630: client denied by server configuration: /usr/bin/keystone-wsgi-public, referer: http://dashboard.example.com/dashboard/auth/login/?next=/dashboard/
The problem was related to Memcached.
In my case, Memcached was DoSed from externally.
To resolve this I bind Memcached to local management interface instead any (0.0.0.0)
Related
I have a docker compose file which creates node js, php container and one MySql DB. Everything works fine and containers are up. But when I try to check website status it gives me error 503 for a while. Website is up after like 5 minutes. I do not see any error in docker logs. docker stats command output is attached. Memory allocation looks fine.
App docker logs, you see 4 minutes difference there.
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.*.*.2. Set the 'ServerName' directive globally to suppress this message
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.*.*.2. Set the 'ServerName' directive globally to suppress this message
[Wed Aug 19 13:22:09.190559 2020] [mpm_prefork:notice] [pid 1] AH00163: Apache/2.4.38 (Debian) PHP/7.3.18 configured -- resuming normal operations
[Wed Aug 19 13:22:09.190694 2020] [core:notice] [pid 1] AH00094: Command line: 'apache2 -D FOREGROUND'
172.*.*.* - - [19/Aug/2020:13:26:53 -0400] "GET / HTTP/1.1" 200 2327 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
172.*.*.* - - [19/Aug/2020:13:26:54 -0400] "GET /static/js/main.0c1fa848.chunk.js HTTP/1.1" 200 9534 "https://example.ai/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.39.149 Safari/537.36"
Docker logs does not guarantee that website is running fine, it can check the services status, but website may take some time to come UP. Try to find out how much time it takes after all the services you start manually.
I'm running Apache 2.4 as Reverse Proxy in front of Tomcat 9 on Ubuntu 18.04.
The Tomcat application is deployed in /apachetest and is using form-based authentification.
When calling "http://10.10.50.20/apachetest" (without proxy)
the login-page is comming up
I put in the credentials
and than "index.html" is delivered
So far ...
On Apache I have configured a virtual host for ssl:
ProxyPass / http://localhost:8087/apachetest/
ProxyPassReverse / http://localhost:8087/apachetest/
ProxyPassReverseCookiePath / /apachetest
when calling https://apachetest.localdomain/
- the login-page is comming up
- I put in the credentials
- and than I receive "HTTP Status 408 – Request Timeout" from Tomcat
By using the developer tools of Chrome I can see the following header for request "j_security_check"
General:
- Request URL: https://apachetest.localdomain/j_security_check
- Request Method: POST
- Status Code: 408
- Remote Address: 10.10.50.20:443
- Referrer Policy: no-referrer-when-downgrade
Response Header
Connection: close
- Content-Language: de
- Content-Length: 1239
- Content-Type: text/html;charset=utf-8
- Date: Mon, 09 Dec 2019 10:36:28 GMT
- Server: Apache/2.4.29 (Ubuntu)
- X-Content-Type-Options: nosniff
- X-Frame-Options: DENY
Request Header:
-Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3
- Accept-Encoding: gzip, deflate, br
- Accept-Language: de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7
- Cache-Control: max-age=0
- Connection: keep-alive
- Content-Length: 43
- Content-Type: application/x-www-form-urlencoded
- Cookie: JSESSIONID=B859EE1F208D4D1C26C7B5714A41B03D
- Host: apachetest.localdomain
- Origin: https://apachetest.localdomain
- Referer: https://apachetest.localdomain/
- Sec-Fetch-Mode: navigate
- Sec-Fetch-Site: same-origin
- Upgrade-Insecure-Requests: 1
- User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
Thank you for your interest in my question.
ok, I will try again.
I'm looking for a configuration to have a Tomcat Web-Application running behind an Apache Reverse Proxy.
The Tomcat Web-Application have a form-based authentification implemented.
By calling the Tomcat Web-Application, through proxy, I get the expected login-page.
But after putting in the right credentials and submit, I receive the following message:
"HTTP Status 408 – Request Timeout".
The expected site "index.html" is not provided.
I try to run my site on docker and this is my docker-compose.yml:
version: '2'
services:
php:
image: yiisoftware/yii2-php:7.1-apache
volumes:
- ~/projects/my-project-name.local/composer-
docker/cache:/root/.composer/cache:delegated
- ./:/app:delegated
ports:
- '8000:80'
When I run "docker-compose up -d --build" and open an url localhost:8000 the error occured "Forbidden.You don't have permission to access / on this server."
The logs of container is:
AH00112: Warning: DocumentRoot [/var/www/html] does not exist
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.22.0.2. Set the 'ServerName' directive globally to suppress this message
AH00112: Warning: DocumentRoot [/var/www/html] does not exist
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.22.0.2. Set the 'ServerName' directive globally to suppress this message
[Tue Jul 10 06:42:22.442648 2018] [mpm_prefork:notice] [pid 1] AH00163: Apache/2.4.25 (Debian) configured -- resuming normal operations
[Tue Jul 10 06:42:22.442713 2018] [core:notice] [pid 1] AH00094: Command line: 'apache2 -D FOREGROUND'
[Tue Jul 10 06:42:25.985025 2018] [core:error] [pid 17] [client 172.22.0.1:48650] AH00037: Symbolic link not allowed or link target not accessible: /var/www/html
172.22.0.1 - - [10/Jul/2018:06:42:25 +0000] "GET / HTTP/1.1" 403 503 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36"
[Tue Jul 10 06:42:26.117774 2018] [core:error] [pid 17] [client 172.22.0.1:48650] AH00037: Symbolic link not allowed or link target not accessible: /var/www/html, referer: http://localhost:8000/
172.22.0.1 - - [10/Jul/2018:06:42:26 +0000] "GET /favicon.ico HTTP/1.1" 403 513 "http://localhost:8000/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36"
When I use same docker-compose.yml with yii2 basic everything works fine.
Please help me to fix this problem. My OS is Ubuntu-18.04.
the yii2 docker image is based on the php image and has the following lines in its Dockerfile:
# Copy the app code into the image
COPY . /var/www/html
This is consistent with the warning from the logs.
When you add this to your Dockerfile, you should be fine (Assuming you have your source code in the current directory).
If you want to use the docker container as a development environemt, you could instead mount the folder of the source code to /var/www/html. In that case you have to add a volume:
volumes:
- .:/var/www/html # Add this line
i installed slapd (2.4.40+dfsg-1+deb8u2) recently, and i' m trying to get apache2 (2.4.10-10+deb8u7) authenticated through ldap. The system itself is debian (8.6).
Ldap should run on localhost on the default port, and using phpldapadmin the DN ( cn=admin,dc=1000,dc=hu ) seems to be ok. For apache2 authenticaion i use .htaccess file, and basic authentication (htpasswd file) works also fine.
My configucation is:
AuthName "Add your login message here."
AuthType Basic
AuthBasicProvider ldap
AuthLDAPURL "ldap://localhost:389/dc=1000,dc=hu?sAMAccountName?sub?(objectClass=*)"
AuthLDAPBindDN "cn=admin,dc=1000,dc=hu"
AuthLDAPBindPassword ******
require ldap-user testtest test ttest
.
Whatever i do, i got the "user not found" error in apache2 logs:
==> /var/log/apache2/error.log <==
[Sat Jan 21 12:54:29.272676 2017] [auth_basic:error] [pid 27767] [client 127.0.0.1:52852] AH01618: user ttest not found: /t1/
==> /var/log/apache2/access.log <==
127.0.0.1 - ttest [21/Jan/2017:12:54:29 +0100] "GET /t1/ HTTP/1.1" 401 738 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0"
==> /var/log/apache2/error.log <==
[Sat Jan 21 12:54:44.388323 2017] [auth_basic:error] [pid 27766] [client 127.0.0.1:52854] AH01618: user test not found: /t1/
==> /var/log/apache2/access.log <==
127.0.0.1 - test [21/Jan/2017:12:54:44 +0100] "GET /t1/ HTTP/1.1" 401 738 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0"
==> /var/log/apache2/error.log <==
[Sat Jan 21 12:54:49.460321 2017] [auth_basic:error] [pid 27770] [client 127.0.0.1:52856] AH01618: user testtest not found: /t1/
==> /var/log/apache2/access.log <==
127.0.0.1 - testtest [21/Jan/2017:12:54:49 +0100] "GET /t1/ HTTP/1.1" 401 738 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0"
ttest, test and testtest are username, sn, cn in my system.
Password for AuthLDAPBindPassword is triple checked, also for the user.
Where do i make the mistake? Does the AuthLDAPURL have the right value in this scenario?
Well, in the above example the AuthLDAPURL was wrong for the described setup. It should be only:
AuthLDAPURL ldap://localhost/dc=256,dc=hu?cn?sub
.
I was getting the same error and it was related to using the default attribute 'uid' with Active Directory, rather than specifying sAMAccountName.
AuthLDAPURL ldap://192.168.1.1:389/dc=domain,dc=local?sAMAccountName
seem AuthLDAPURL question
I change:
ldap://localhost:389/dc=1000,dc=hu?sAMAccountName?sub?(objectClass=*)
ldap://localhost:389/dc=1000,dc=hu?name
refer to
I am running Apache 2.2 with PHP5.3 running a PHP business app. Everything works fine from a business point of view, however I do get an error in my apache error.log
[Thu Nov 01 12:07:17 2012] [error] [client 10.200.8.37] File does not exist: /var/www/webroot/itassistant
[Thu Nov 01 12:07:17 2012] [error] [client 10.200.8.37] File does not exist: /var/www/webroot/xmldata
In my access.log the following is logged:
10.200.8.37 - - [01/Nov/2012:12:07:17 +0100] "GET /itassistant/ui/omaBaseFrame.htm HTTP/1.1" 404 490 "-" "Jakarta Commons-HttpClient/3.0.1"
10.200.8.37 - - [01/Nov/2012:12:07:17 +0100] "GET / HTTP/1.1" 200 348073 "-" "Jakarta Commons-HttpClient/3.0.1"
10.200.8.37 - - [01/Nov/2012:12:07:17 +0100] "GET /xmldata?item=All HTTP/1.1" 404 485 "-" "Jakarta Commons-HttpClient/3.0.1"
The PHP log gives no errors.
The PHP applications is the only application I am running and my application provider says that this isn't caused by the application.
I am running on an Ubuntu 12.04 server. Can anybody help me find the cause of these errors? How can I find out what is trying to call these non existing items and why
I have the same message in my access-logs, on al my web-servers. The message is logged daily, always at the same time. In our case HP-SIM (Systems Insight Manager monitoring tool) is causing these messages.