I have an Phoenix/Elixir App that works fine with https locally, however when I try to change it to use the production certificates the server does not respond and no error messages are shown.
In my dev.exs this was made with the hostname localhost
In prod.exs here are the keys. These were made with my production URL
I have tried to change the localhost to production url on local by adding host into the https portion in the config
https: [port: 443,
host: "produrl.com"
keyfile: "priv/keys/domain.key",
certfile: "priv/keys/domain.crt"],
This throws an error
sudo MIX_ENV=prod mix phoenix.server
[info] Running LiteChartBe.Endpoint with Cowboy using http://localhost:80
[info] Application lite_chart_be exited: LiteChartBe.start(:normal, []) returned an error: shutdown: failed to start child: LiteChartBe.Endpoint
** (EXIT) shutdown: failed to start child: Phoenix.Endpoint.Server
** (EXIT) shutdown: failed to start child: {:ranch_listener_sup, LiteChartBe.Endpoint.HTTPS}
** (EXIT) shutdown: failed to start child: :ranch_acceptors_sup
** (EXIT) :badarg
{"Kernel pid terminated",application_controller,"{application_start_failure,lite_chart_be,{{shutdown,{failed_to_start_child,'Elixir.LiteChartBe.Endpoint',{shutdown,{failed_to_start_child,'Elixir.Phoenix.Endpoint.Server',{shutdown,{failed_to_start_child,{ranch_listener_sup,'Elixir.LiteChartBe.Endpoint.HTTPS'},{shutdown,{failed_to_start_child,ranch_acceptors_sup,badarg}}}}}}}},{'Elixir.LiteChartBe',start,[normal,[]]}}}"}
Kernel pid terminated (application_controller) ({application_start_failure,lite_chart_be,{{shutdown,{failed_to_start_child,'Elixir.LiteChartBe.Endpoint',{shutdown,{failed_to_start_child,'Elixir.Phoeni
If I simply forward localhost to produrl in my local hosts file, no errors are thrown and nothing connects to the server using https.
The error states that you provided a wrong argument for the configuration of your Endpoint (** (EXIT) :badarg). I suppose that is beacause you are missing a comma behind your host url.
This does probably not solve your problem, but that is supposedly the reason for the error message shown after your change.
Related
I'm trying to publish message to a Tibco Queue on a SSL Tibco Server through JMeter 5.4.1 using JMS Point-to-Point Logic Controller.
JMS Point To Point Controller Config
But I'm getting the following error message:
2021-06-13 12:25:46,278 ERROR o.a.j.p.j.s.JMSSampler: Not permitted:
Failed to connect to any server at: ssl://[server-name]:7352,
ssl://[server-name]:7352 [Error: Failed to connect via SSL to
[ssl://[server-name]:7352]: Received fatal alert:
protocol_version: url that returned this exception =
SSL://[server-name]:7352 ]
javax.naming.AuthenticationException: Not permitted: Failed to connect
to any server at: ssl://[server-name]:7352,
ssl://[server-name]:7352 [Error: Failed to connect via SSL to
[ssl://[server-name]:7352]: Received fatal alert:
protocol_version: url that returned this exception =
SSL://[server-name] ] at
com.tibco.tibjms.naming.TibjmsContext.lookup(TibjmsContext.java:670)
~[tibjms.jar:8.0.0] at
com.tibco.tibjms.naming.TibjmsContext.lookup(TibjmsContext.java:491)
~[tibjms.jar:8.0.0] at
javax.naming.InitialContext.lookup(InitialContext.java:417)
~[?:1.8.0_291] at
org.apache.jmeter.protocol.jms.sampler.JMSSampler.threadStarted(JMSSampler.java:638)
[ApacheJMeter_jms.jar:5.4.1] at
org.apache.jmeter.threads.JMeterThread$ThreadListenerTraverser.addNode(JMeterThread.java:784)
[ApacheJMeter_core.jar:5.4.1] at
org.apache.jorphan.collections.HashTree.traverseInto(HashTree.java:993)
[jorphan.jar:5.4.1] at
org.apache.jorphan.collections.HashTree.traverse(HashTree.java:976)
[jorphan.jar:5.4.1] at
org.apache.jmeter.threads.JMeterThread.threadStarted(JMeterThread.java:752)
[ApacheJMeter_core.jar:5.4.1] at
org.apache.jmeter.threads.JMeterThread.initRun(JMeterThread.java:740)
[ApacheJMeter_core.jar:5.4.1] at
org.apache.jmeter.threads.JMeterThread.run(JMeterThread.java:252)
[ApacheJMeter_core.jar:5.4.1]
I tried:
openssl s_client -connect [server-name]:7352
It gave the following output:
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID:
Session-ID-ctx:
So added the following line in jmeter.properties file.
https.default.protocol=TLSv1.2
Also commented jdk.tls.disabledAlgorithms from java.security file for JDK (I'm using jdk1.8.0_291)
# jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \
# DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
# include jdk.disabled.namedCurves
But still I'm getting the same error. Someone please help.
I think you're using the wrong property (not only the wrong property but the wrong place as well), you're setting default protocol for HTTPS, while you need to set it for TLS, i.e. add the next line to system.properties file
jdk.tls.client.protocols=TLSv1.2
JMeter restart will be required to apply this property.
If it won't help or you will get different errors - consider adding the next line there as well:
javax.net.debug=all
and then check jmeter.log file and stdout for any suspicious entries
More information:
Configuring JMeter
Apache JMeter Properties Customization Guide
I resolved it by using the latest tibjms.jar in the lib directory in JMeter as the Tibco server was upgraded some hours before I raised this issue.
I'm trying to start Pentaho server on Debian Jessie.
Pentaho crap itself by showing the following error:
15:55:24,198 WARN [PentahoSolutionSpringApplicationContext] Exception encountered during context initialization - cancelling refresh attempt
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.h2.tools.Server' defined in file [/opt/pentaho-biplatform-ce-6.1.0.1-196/biserver-ce/pentaho-solutions/system/GettingStartedDB-spring.xml]: Invocation of init method failed; nested exception is org.h2.jdbc.JdbcSQLException: Exception opening port "H2 TCP Server (tcp://localhost:9092)" (port may be in use), cause: "timeout" [90061-131]
Error is very clear - port 9092 is used by something else. The problem is that it is actually used by Pentaho, so it's complaining about the port which is currently used by itself...
To test that I've changed the port to 9093 in the following file:
./pentaho-solutions/system/GettingStartedDB.properties
The only difference between exceptions now was that port, which was 9093 this time, so it's definitely complaining about the port it is using, very weird.
Full log can be found here: http://ix.io/1ydv
Ideas?
Try to add the following attribute to the CATALINA_OPTS options in the start_pentaho.sh file :
CATALINA_OPTS="... -Dh2.bindAddress=ip_of_your_machine"
It helped me to remove the Exception opening port "H2 TCP Server (tcp://localhost:9092)" (port may be in use) error.
adding as follows in CATALINA_OPTS options in the start_pentaho.sh file is solving this issue:
CATALINA_OPTS="... -Dh2.bindAddress=localhost"
The root cause of the problem is that your server's hostname does not points to 127.0.0.1
Just add(edit) this line into your /etc/hosts:
127.0.0.1 localhost YOUR_HOST_NAME
Apache crashes and I get the following error in the apache log:
AH00428: Parent: child process exited with status 3221226356 -- Restarting.
Backtrace:
Count: 2
Exception #: 0XC0000008
Stack:
ntdll!KiRaiseUserExceptionDispatcher+0x3a
KERNELBASE!CloseHandle+0x1b
libapr_1!apr_shm_size_get+0x27d
libapr_1!apr_shm_destroy+0x12
mod_socache_shmcb+0x161c
mod_ssl!ssl_run_proxy_post_handshake+0x8d12
mod_ssl!ssl_run_pre_handshake+0x3d97
libapr_1!apr_pool_clear+0x6e
httpd!OPENSSL_Applink+0xcef
httpd!OPENSSL_Applink+0x1f98
KERNEL32!BaseThreadInitThunk+0x22
ntdll!RtlUserThreadStart+0x34
Seems to have to do with mod_ssl. I do have a http proxy set up in a https virtual host. However, the same error appears in the Apache log even if I comment out the proxy portion of the config file. This error also tends to be followed by a couple of MySQL errors in the Windows application log complaining about a lost connection. I think that might just be because Apache crashed while the connections were open. I am using the latest versions of Apache 2.4.20, PHP 7.0.8, and MySQL 5.7. Any ideas? Thanks!
I've created a new Phoenix web application on OSX and I'm trying to get SSL working on localhost. To do that, I read and performed the steps of this article. So now I have a server.key, server.crt and server.csr files. The files are not binary and are in readable form. I placed those files in the priv folder as the Phoenix docs suggested.
My config file looks like this:
config :{{name}}, {{name}}.Endpoint,
http: [port: 4000],
debug_errors: true,
code_reloader: true,
cache_static_lookup: false,
check_origin: false,
watchers: [node: ["node_modules/brunch/bin/brunch", "watch", "--stdin"]],
https: [port: 4043,
otp_app: :{{name}},
keyfile: System.get_env("server.key"),
certfile: System.get_env("server.crt"),
# OPTIONAL Key for intermediate certificates
# cacertfile: System.get_env("INTERMEDIATE_CERTFILE_PATH")
]
When I run mix phoenix.server I'm getting the following error:
** (Mix) Could not start application {{name}}: {{name}}.start(:normal, []) returned an error: shutdown: failed to start child: {{name}}.Endpoint
** (EXIT) shutdown: failed to start child: Phoenix.Endpoint.Server
** (EXIT) shutdown: failed to start child: {:ranch_listener_sup, {{name}}.Endpoint.HTTPS}
** (EXIT) shutdown: failed to start child: :ranch_acceptors_sup
** (EXIT) an exception was raised:
** (MatchError) no match of right hand side value: {:error, {:options, {:certfile, nil}}}
(ranch) src/ranch_acceptors_sup.erl:30: :ranch_acceptors_sup.init/1
(stdlib) supervisor.erl:243: :supervisor.init/1
(stdlib) gen_server.erl:306: :gen_server.init_it/6
(stdlib) proc_lib.erl:237: :proc_lib.init_p_do_apply/3
What am I doing wrong? I'm a Phoenix newbie and the project I'm working on requires SSL on localhost to prevent cross-domain issues.
It seems phoenix is not able to find your certificates.
To overcome this problem, you can either provide an absolute path or can take advantage of otp_app to use a relative path where phoenix can search for the certificates. If you provide otp_app, phoenix will look in your application root for certificates.
If you want to provide an absolute path you can do something like that:
keyfile: Path.expand("../../../some/path/to/ssl/cer.key", __DIR__),
certfile: Path.expand("../../../some/path/to/ssl/cer.crt", __DIR__)
If you want to take advantage of otp_app, create two env variable say KEY_HOME and CERT_HOME. Go to console and fire these two commands. You should add them to your bashrc file later.
export KEY_HOME=priv/ssl/server.key
export CERT_HOME=priv/ssl/server.crt
you must include priv directory here
Now your config looks like this
https: [port: 443,
otp_app: :hello_phoenix,
keyfile: System.get_env("KEY_HOME"),
certfile: System.get_env("CERT_HOME")
]
Don't forget to copy your files in priv/ssl.
After I login to rabbitmq, I get the following error :
Got response code 500 with body
Internal Server Error
The server encountered an error while processing this request:
{error,{error,{badmatch,{error,nxdomain}},
[{rabbit_nodes,cluster_name_default,0},
{rabbit_nodes,cluster_name,0},
{rabbit_mgmt_wm_overview,to_json,2},
{webmachine_resource,resource_call,3},
{webmachine_resource,do,3},
{webmachine_decision_core,resource_call,1},
{webmachine_decision_core,decision,1},
{webmachine_decision_core,handle_request,2}]}}
I see the following error in the log file in /var/log/rabbitmq :
=ERROR REPORT==== 31-Oct-2014::06:20:40 ===
webmachine error: path="/api/overview"
{error,{error,{badmatch,{error,nxdomain}},
[{rabbit_nodes,cluster_name_default,0},
{rabbit_nodes,cluster_name,0},
{rabbit_mgmt_wm_overview,to_json,2},
{webmachine_resource,resource_call,3},
{webmachine_resource,do,3},
{webmachine_decision_core,resource_call,1},
{webmachine_decision_core,decision,1},
{webmachine_decision_core,handle_request,2}]}}
The workers are able to connect to the broker and are receiving the messages, also the new relic plugin for rabbitmq seems to be working fine. However I am unable to login thru the management plugin. Any pointers in this regard will be helpful.
I had updated the hostname of the system and that was causing the issue. See the link below
https://groups.google.com/forum/#!msg/rabbitmq-users/9P-BAwGVHJU/fwOpZPJywwYJ
I added 127.0.0.1 'hostname' in /etc/hosts. That solved the management plugin problem. However rabbitmqctl still showed the following error. Restarted rabbitmq and it solved the rabbitmqctl problem as well
Listing queues ...
Error: unable to connect to node 'rabbit#<hostname>': nodedown
DIAGNOSTICS
===========
attempted to contact: ['rabbit#<hostname>']
rabbit#<hostname>:
* connected to epmd (port 4369) on <hostname>
* epmd reports node 'rabbit' running on port 25672
* TCP connection succeeded but Erlang distribution failed
* suggestion: hostname mismatch?
* suggestion: is the cookie set correctly?
current node details:
- node name: <nodename>
- home dir: <homedir>
- cookie hash: <cookiehash>