We Keep Coding

LDAP with starttls on redmine

Redmine does not use StartTLS by default. When I configure my LDAP server to require TLS, redmine fails to authenticate users.
With openldap you might see "Confidentially required" error message in redmine logs.

Make sure LDAPS is NOT enabled. ldaps:// is a different encryption scheme than StartTLS. With StartTLS unecrypted connection is promoted to encrypted over same port.
When using redmine 3.2.4 find a file with name redmine/app/models/auth_source_ldap.rb
search for "encryption", find:
options = { :host => self.host,
:port => self.port,
:encryption => (self.tls ? :simple_tls : nil)
}
When LDAPS is unchecked, we want to use StartTLS:
:encryption => (self.tls ? :simple_tls : :start_tls)
Save and restart your web server. Redmine should now use encrypted connection.

I know this is old but I just had a similar problem but with Redmine 4.1.2.
I had to make a similiar change to get StartTLS to work without LDAPS:
in redmine/app/models/auth_source_ldap.rb
Search for this block of code
if tls
options[:encryption] = {
:method => :simple_tls,
# Always provide non-empty tls_options, to make sure, that all
# OpenSSL::SSL::SSLContext::DEFAULT_PARAMS as well as the default cert
# store are used.
:tls_options => { :verify_mode => verify_peer? ? OpenSSL::SSL::VERIFY_PEER : OpenSSL::SSL::VERIFY_NONE }
}
and update it with the an else clause as:
if tls
options[:encryption] = {
:method => :simple_tls,
# Always provide non-empty tls_options, to make sure, that all
# OpenSSL::SSL::SSLContext::DEFAULT_PARAMS as well as the default cert
# store are used.
:tls_options => { :verify_mode => verify_peer? ? OpenSSL::SSL::VERIFY_PEER : OpenSSL::SSL::VERIFY_NONE }
}
else
options[:encryption] = {
:method => :start_tls,
:tls_options => { :verify_mode => OpenSSL::SSL::VERIFY_NONE}
}
end

Puppetlabs-Apache: enable both 80 and 443 for virtualhost

I'm relatively new to puppet and currently working on 'puppetlabs-apache' module. I'm missing something while setting both ssl and non-ssl on a virtual-host.
Manifest applied:
include apache
include apache::mod::rewrite
#apache::vhost { 'site.mydomain.com':
# port => '80',
# docroot => '/var/www/site',
# rewrite_rule => '(.*) https://site.mydomain.com [R,L]',
#}
apache::vhost { 'site.mydomain.com':
port => '443',
ssl => true,
docroot => '/var/www/site',
docroot_owner => 'www-data',
docroot_group => 'www-data',
# rewrite_rule => '(.*) https://site.mydomain.com [R,L]',
}
The thing is I don't need the non-ssl (80 port), but all requests should redirect to 443.
If I comment out the first vhost definition of site.mydomain.com for port 80, it throws an error:
Error 400 on SERVER: Duplicate declaration: Apache::Vhost[site2.mydomain.com] is already declared in file..
Not sure what I'm missing here. What should I do to make this permanent redirect happen?
http://site2.mydomain.com/ => https://site2.mydomain.com/

To configure a virtual host to redirect unencrypted connections to SSL, declare them with separate apache::vhost defined types and redirect unencrypted requests to the virtual host with SSL enabled:
apache::vhost { 'site.mydomain.com:80':
servername => 'site.mydomain.com',
port => '80',
docroot => '/var/www/site',
rewrite_rule => '(.*) https://site.mydomain.com [R,L]',
redirect_status => 'permanent',
redirect_dest => 'https://site.mydomain.com'
}
apache::vhost { 'site.mydomain.com:443':
servername => 'site.mydomain.com',
port => '443',
ssl => true,
docroot => '/var/www/site',
docroot_owner => 'www-data',
docroot_group => 'www-data',
rewrite_rule => '(.*) https://site.mydomain.com [R,L]',
}
You also needed those additional redirect attributes for the non-ssl virtualhost resource. Since apache::vhost is a defined resource type with no namevar, you can circumvent the multiple resource declaration issue by using two unique and purely cosmetic resource titles.

Working out Matt's answer and error while running it made me come at following answer.
apache::vhost { 'site.mydomain.com:80' ... }
apache::vhost { 'site.mydomain.com:443' : ...}
Thanks,

Amazon S3 Upload error SSL certificate issues

I'm trying to test Laravel Amazon S3 on my localhost but keep getting the same error:
S3Exception in WrappedHttpHandler.php line 192: Error executing
"ListObjects" on
"https://s3-us-west-2.amazonaws.com/app?prefix=appimages%2FIMG-1469840859-j.jpg%2F&max-keys=1&encoding-type=url";
AWS HTTP error: cURL error 60: SSL certificate problem: unable to get
local issuer certificate (see
http://curl.haxx.se/libcurl/c/libcurl-errors.html)
My code:
$s3 = \Storage::disk('s3');
$filePath = '/images/' . $filename;
$s3->put($filePath, file_get_contents($image), 'public');

You have do a tweak to the php.ini file. Download this file http://curl.haxx.se/ca/cacert.pem and set the path in php.ini like this and then restart the server.
;;;;;;;;;;;;;;;;;;;;
; php.ini Options ;
;;;;;;;;;;;;;;;;;;;;
curl.cainfo = "C:\xampp\php\extras\ssl\cacert.pem"
Above path is common for XAAMP
And that will fix your issue.

$s3 = new S3Client
([
'version' => 'latest',
'scheme' =>'http',
'region' => $this->config->item('s3_region'),
'credentials' => [
'key' => $this->config->item('s3_access_key'),
'secret' => $this->config->item('s3_secret_key')
],
]);
Add 'scheme' =>'http' for development.

I had the same problem.
Error reason is you are working on local or on a not verified server.
Just you need to add the following line to "filesystem.php"
'scheme' => 'http' // to disable SSL verification on local development
Your filesystem.php should look like this :
's3' => [
'driver' => 's3',
'key' => env('AWS_ACCESS_KEY_ID'),
'secret' => env('AWS_SECRET_ACCESS_KEY'),
'region' => env('AWS_DEFAULT_REGION'),
'bucket' => env('AWS_BUCKET'),
'url' => env('AWS_URL'),
'scheme' => 'http' // to disable SSL verification on local development
],
When you run it on your server which has SSL verification, you need to comment 'scheme' line.
Try it and you will see it works.
Enjoy your coding !

How to use Vagrant & Puppet with https

I am trying for hours, but I just can't figure it out, how to enable a https connection with vagrant and puppet.
I have a folder files/htdocs which contains different configs-files. Like vhosts. It was a preset, with an empty ssl and empty vhosts_ssl folder. It put my ssl certificate in the ssl folder and my httpd-ssl.conf in the vhosts_ssl folder. Those files where working lokal with my MAMP Webserver.
In the Puppet config I wrote the following:
file { "/etc/httpd/vhosts":
replace => true,
ensure => present,
source => "/vagrant/files/httpd/vhosts",
recurse => true,
}
file { "/etc/httpd/vhosts_ssl":
replace => true,
ensure => present,
source => "/vagrant/files/httpd/vhosts_ssl/httpd-ssl.conf",
}
file { "/etc/httpd/ssl":
replace => true,
ensure => present,
source => "/vagrant/files/httpd/ssl",
recurse => true,
}
The normal vhosts are working, therefore I thougt I can copy the structure and just enter the new paths for ssl and vhosts_ssl.
But its not working. Maybe you know how to fix this.
Thanks.

I think I found a solution, but I have no time to test it right know.
Here is the link to the possible solution.
https://forge.puppetlabs.com/puppetlabs/apache
I will update my Questing/Answere when I tried it.

Enabling .htaccess files via puppet

I'm trying to enable .htaccess files in Apache using Vagrant and Puppet. When I add the "override" parameter to my vhost config and run "vagrant up", I get an error:
Invalid parameter override in [...]
When I remove that line, the vm boots perfectly and runs. Except, .htaccess files are ignored.
Here's my vhost config:
apache::vhost { 'local.testsite':
server_name => 'local.testsite',
serveraliases => [],
docroot => '/var/www/',
port => '80',
env_variables => [],
priority => '1',
override => ["All"],
}
Why am I getting this error and how can I fix it?

If you are using the latest version of the puppetlabs-apache module
I see an *allow_override* attribute and not override
https://github.com/puppetlabs/puppetlabs-apache#allow_override