I have installed rabbitMQ on my system with a static IP and a domain name as well. I used letsencrypt to generate SSL certificates for rabbitMQ but rabbitMQ doesn't work when I enable SSL port
I have used the following config settings:
listeners.ssl.default = 5671
ssl_options.verify=verify_peer
ssl_options.fail_if_no_peer_cert=false
ssl_options.cacertfile = (path to cacert.pem)
ssl_options.certfile = (path to cert.pem)
ssl_options.keyfile = (path to key.pem)
Is there any other settings which are left or am I doing anything wrong?
Related
I am trying to use Traefik as Loadbalancer for MQTT over tcp with TLS (1.2). I found some posts here for the topic how to setup traefik for mqtt, but nothing related or solving my special problem/case.
I have setup the following configuration for simulating locally the behaviour of Traefik as a Reverse Proxy & Loadbalancer for MQTT on my developer Windows 10 machine
Mosquitto_168_8883 on Windows locally on Port 8883 with TLS enabled/selfsigned certificates
Traefik 2.1.2 on Windows listening on Port 7883 for routing to mqqt (toml see below)
Node-Red 1.0.3 on Windows (NodeJs 12.14.1) client connecting (a) directly to Mosquitto (b) over Traefik to Mosquito
(a) Directly connecting and publishing is working for Node-Red Client (Port 8883)
(b) via Traefik: Node-Red can not connect or publish to MQTT (Port 7883)
My Traefik TOML Configuration is as follows:
[tracing]
serviceName = "mqtt"
[log]
level = "DEBUG" # --log.level
[entryPoints]
[entryPoints.mqtt]
address = ":7883"
[entryPoints.traefik]
address ="localhost:8091"
[api]
dashboard = true
insecure = true
[tcp] # YAY!
[tcp.routers]
[tcp.routers.mqtt]
entrypoints = ["mqtt"]
rule = "HostSNI(`*`)" # Catches every request
service = "mqtt"
[tcp.routers.mqtt.tls]
passthrough = true
[tcp.services]
[tcp.services.mqtt]
[tcp.services.mqtt.loadBalancer]
[[tcp.services.mqtt.loadBalancer.servers]]
address = "localhost:8883"
Currently, I see nothing of interest within the active tracing and logging output. The Traefik UI shows no connection attemps via port 7883/TCP/Entrypoint mqtt
Does anyone has this usecase implemented up & running?
What am I doing wrong / what am I missing?
Thank you in advance.
Hello I configured Gitlab server on a VM OL7. I can easily call the http page. but when I use my self-signed ssl certificate generated using the method offered here, I can't call my page and I get a timeout as error. My configuration is simple and I have already tried different variants someone could tell me how I can configure this one. note that I don't want to use let's encrypt for this.
this is an example of my gitlab.rb
external_url 'http://gitlab.icw19.lab'
nginx['redirect_http_to_https'] = true
nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab.icw19.lab.crt"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab.icw19.lab.key"
Your external_url value should include https:// to indicate that you wish to use SSL on port 443. Then GitLab will listen on 443 and will configure Nginx to use your SSL certificates.
external_url 'https://gitlab.icw19.lab'
nginx['redirect_http_to_https'] = true
nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab.icw19.lab.crt"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab.icw19.lab.key"
I'm running Samba 4.3.11-Ubuntu on Ubuntu 16.04, and I'm unable to get LDAPS (port 636) to work at all.
Samba is running as an Active Directory Domain Controller, and other AD DC fncitonality seems to be fine.
This used to work, but now there's nothing listening on that port. I'm not sure what I did to break it, but it stopped working after I updated my server with a trusted certificate.
Here's what I have for /etc/samba/smb.conf:
# Global parameters
[global]
workgroup = AD
realm = AD.<redacted>.COM
netbios name = SAMBADC
server role = active directory domain controller
dns forwarder = 8.8.8.8
idmap_ldb:use rfc2307 = yes
tls enabled = yes
tls keyfile = tls/ad.<redacted>.com.key
tls certfile = tls/c7535fc6c5e8e557.crt
tls cafile = tls/gd_bundle-g2-g1.crt
ldap server require strong auth = allow_sasl_over_tls
[netlogon]
path = /var/lib/samba/sysvol/ad.<redacted>.com/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
The error I'm getting is:
nitsadmin#sambadc:/etc/samba$ telnet localhost 636
Trying 127.0.0.1...
Trying ::1...
telnet: Unable to connect to remote host: Cannot assign requested address
Anyone have any idea why this might not work? Any idea what Cannot assign requested address means?
Could you please provide a log file which is specified in your smb.conf parameter log file = while you start the samba service?
There could be something wrong with your certificates.
One thing you could try is to switch to autogenerated self-signed certificate and see if it solves the issue. If it does - you have to fix your certificates.
To do this, remove all certificates from tls folder and reconfigure smb.conf:
tls enabled = yes
tls keyfile = tls/key.pem
tls certfile = tls/cert.pem
tls cafile = tls/ca.pem
Then restart samba service and see if it helps.
So I have several different domains that would be pointing to my server that is running Docker and Traefik as a reverse proxy.
I want Traefik to convert all HTTP traffic to HTTPS, but is it possible to to have individual SSL certificates (issued by Let's Encrypt) for each domain that is hosted by the server?
If it is possible, how can I properly set this up in the traefik.toml file?
I see this:
[entryPoints]
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[acme]
email = "test#traefik.io"
storage = "acme.json"
caServer = "http://172.18.0.1:4000/directory"
entryPoint = "https"
[[acme.domains]]
main = "local1.com"
sans = ["test1.local1.com", "test2.local1.com"]
[[acme.domains]]
main = "local2.com"
sans = ["test1.local2.com", "test2x.local2.com"]
[[acme.domains]]
main = "local3.com"
[[acme.domains]]
main = "local4.com"
But is it possible to have Traefik send a request to generate a certificate based on what is entered in the traefik.frontend.rule ?
Yes, follow the traefik + letsencrypt guide here : https://docs.traefik.io/user-guide/docker-and-lets-encrypt/
Traefik can connect to the docker daemon, and automatically check the labels for traefik.frontend.rule and generate hosts and SSL certificates from these.
I have an Apache server running with SSL enabled. Now I made a small chat which is using node.js and socket.io to transmit data. Using port 8080 on a none secured connection is working just fine, but when I try it on a SSL secured domain it is not working. I do not get how the whole setup should work since SSL is only working through port 443. Apache is already listining on port 443. On which port should socket.io listen?
I had to set the SSL certificates like
var fs = require('fs');
var options = {
key: fs.readFileSync('/etc/ssl/ebscerts/wildcard.my_example.com.no_pass.key'),
cert: fs.readFileSync('/etc/ssl/ebscerts/wildcard.my_example.com.crt'),
ca: fs.readFileSync('/etc/ssl/ebscerts/bundle.crt')
};
var app = require('https').createServer(options),
io = require('socket.io').listen(app);
app.listen(8080);
I found the solution on github