nginx ldap module error - ssl

I was trying to include the LDAP module to nginx. I could add the module and make install nginx successfully, however, while trying to restart the nginx, I get the following error:
sudo /usr/local/nginx/sbin/nginx -c /var/www/conf/nginx.conf -t
nginx: [emerg] dlopen() "/usr/local/nginx/modules/ngx_http_auth_ldap_module.so" failed (/usr/local/nginx/modules/ngx_http_auth_ldap_module.so: undefined symbol: ngx_ssl_handshake) in /var/www/conf/nginx.conf:11
nginx: configuration file /var/www/conf/nginx.conf test failed
When I looked at the ngx_http_auth_ldap_module.c file, I found that there is a call to this function. I am not sure where is this function being called from. Is there any other library that needs to be installed?
I have already installed the following:
openssl-devel.x86_64
openldap-devel.x86_64
zlib-devel.x86_64

I figured it out that I wasn't configuring nginx with the http_ssl_module option.
To make it work, I re-configured the nginx as:
./configure --add-module=/path/to/ldap_module --with-http_ssl_module
And then issued make and install commands. The ngx_ssl_handshake error got removed.

Related

How to fix following ansible galaxy SSL error?

Started learning Ansible and want to facilitate ansible-galaxy search nginx command, but I'm getting:
ERROR! Unknown error when attempting to call Galaxy at 'https://galaxy.ansible.com/api/api': <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852)>
Had try to use ansible-galaxy --ignore-certs search nginx and ansible-galaxy -c search nginx but now getting ansible-galaxy: error: unrecognized arguments: --ignore-certs for booth.
OS :
Distributor ID: Ubuntu
Description: Ubuntu 18.04.5 LTS
Release: 18.04
Codename: bionic
Ansible version:
ansible 2.9.5
config file = /home/maciej/projects/priv/ansible_nauka/packt_course/ansible.cfg
configured module search path = ['/home/maciej/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /home/maciej/.local/lib/python3.6/site-packages/ansible
executable location = /home/maciej/.local/bin/ansible
python version = 3.6.9 (default, Jul 17 2020, 12:50:27) [GCC 8.4.0]
I had the same issue, but on Mac OS X.
The underlying problem is that your Python environment is not finding/making use of the default root certificates that are installed on your OS. These root certs are required to connect securely (via TLS) with Ansible Galaxy.
For Mac OS X I was able to solve this based on this answer:
How to make Python use CA certificates from Mac OS TrustStore?
i.e. by running the script to install the certs, shipped with the installation:
cd /Applications/Python\ 3.7/
./Install\ Certificates.command
For Ubuntu / Debian:
Update: As pointed out by Maciej in the accepted answer, certs can be regenerated and added to the environment:
sudo update-ca-certificates --fresh
export SSL_CERT_DIR=/etc/ssl/certs
P.S.: I would not suggest to use --ignore-certs, this will skip verification of the certificate in the TLS connection, making the connection insecure (allowing Man-in-the-middle attacks)
Worked for me:
ansible-galaxy search --ignore-certs postgresql
Had back to this issue... life is best motivator. What helped me is:
sudo update-ca-certificates --fresh
export SSL_CERT_DIR=/etc/ssl/certs
For RHEL/CENTOS
You may want to check the cryptopolicy, if the policy is set to future temporarily set it to default
sudo update-crypto-policies --set=DEFAULT
bahrathkumaraju#Bahrathkumarajus-MacBook-Pro vault_ansible % ansible-galaxy collection install community.hashi_vault --ignore-certs
Starting galaxy collection install process
Process install dependency map
Starting collection install process
Downloading https://galaxy.ansible.com/download/community-hashi_vault-3.0.0.tar.gz to /Users/bahrathkumaraju/.ansible/tmp/ansible-local-91443c5vh69v3/tmp76qmz32a/community-hashi_vault-3.0.0-635b3qde
Installing 'community.hashi_vault:3.0.0' to '/Users/bahrathkumaraju/.ansible/collections/ansible_collections/community/hashi_vault'
community.hashi_vault:3.0.0 was installed successfully
bahrathkumaraju#Bahrathkumarajus-MacBook-Pro vault_ansible %
in case someone else is looking at this, the args are order dependent. On rhel8 with a cntlm proxy ....
declare -x https_proxy='127.0.0.1:3128'
declare -x http_proxy='127.0.0.1:3128'
# this works through a proxy
ansible-galaxy collection install ovirt.ovirt --ignore-certs
# this does not
ansible-galaxy --ignore-certs collection install ovirt.ovirt
# and this does not
ansible-galaxy collection --ignore-certs install ovirt.ovirt

Gentoo install mod_proxy_balancer

I installed in Apache in Gentoo and i need to use it like a proxy but i am unable to install mod_proxy_balancer. If i restart apache it display the following:
apache2 has detected an error in your setup: AH00526: Syntax error
on line 4 of /etc/apache2/vhosts.d/jira.conf: Invalid command
'ProxyRequests', perhaps misspelled or defined by a module not
included in the server configuration * ERROR: apache2 failed to stop
Any suggestion how to?
May seems a easy question for Gentoo expert, but not for beginners.
Please create a new file if not existing:
nano /etc/portage/package.use/apache2
Add the line containing the following:
www-servers/apache apache2_modules_proxy_balancer apache2_modules_slotmem_shm apache2_modules_proxy slotmem_shm mod_proxy_balancer mod_proxy apache2_modules_lbmethod_byrequests apache2_modules_proxy_balancer apache2_modules_slotmem_shm apache2_modules_proxy apache2_modules_proxy_ajp apache2_modules_proxy_balancer apache2_modules_proxy_http
Please run the following command in order to update the packages:
emerge -avDU #world
The purpose of this file is to add the following modules when apache2 ( www-servers/apache ) will be installed with the following command:
emerge www-servers/apache
After apache is installed with the requested modules need to add ( -D PROXY )
nano /etc/conf.d/apache2
APACHE2_OPTS="-D DEFAULT_VHOST -D INFO -D SSL -D SSL_DEFAULT_VHOST -D LANGUAGE -D PROXY "
Now we should be ok with the apache modules.

mod_wsgi-express: error: Invalid command was specified

I am trying to run wsgi application (hello.wsgi) on localhost through apache24 with mod_wsgi module but it shows this:
cd c:/apache24/bin
mod_wsgi-express start-server hello.wsgi
Usage: mod_wsgi-express command [params]
Commands:
module-config
module-location
mod_wsgi-express: error: Invalid command was specified.
Please help me!
On Windows the start-server command is not available. Using pip install mod_wsgi on Windows is only for getting the mod_wsgi module compiled. Once you have it compiled, run:
mod_wsgi-express module-config
Copy the output from that into your Apache configuration file to have it load the mod_wsgi module. Then configure Apache manually to host your specific WSGI application.
See section "Connecting into Apache installation" in:
https://pypi.python.org/pypi/mod_wsgi
for more details about the module-config command.

installed mcrypt but still undefined function mcrypt_create_iv()

I have :
1- installed mcrypt
2- checked phpinfo(); and doubled checked that php.ini is my app config file.
3- got mcrypt path from my /usr/local which is /usr/local/Cellar/php53-mcrypt/5.3.29/mcrypt.so , and included it in my php.ini which is the ini file for my application like the following :
extension="/usr/local/Cellar/php53-mcrypt/5.3.29/mcrypt.so" .
4- restarted with sudo apachectl restart
and after restarting apache the error still appears :(
PHP Fatal error: Call to undefined function mcrypt_create_iv()
what am I missing here?

installing mod_headers on Linux, apache 2.2.21

Trying to install the mod_headers to be able to append a HTTP header with the Header directive. But the installation process doesn't show the header module as being installed.
Did the following steps. Switched over to the httpd installation and under the modules/metadata directory did:
apxs -c mod_headers.c
the so file is created under the metadata/.libs directory (not sure why). Added the module with:
apxs -i -a -n mod_headers ./metadata/.libs/mod_headers.so
Restarted apache and tried a dump of the modules but getting:
httpd: Syntax error on line 54 of /www/fkwiki/apache/conf/httpd.conf: Can't locate API module structure `mod_headers' in file /www/fkwiki/apache/modules/mod_headers.so: /www/fkwiki/apache/modules/mod_headers.so: undefined symbol: mod_headers
Got a warning in the installation of the module (i.e. apxs -i ....):
Warning! dlname not found in /www/fkwiki/apache/modules/mod_headers.so
Anybody else have the same problem?