Cannot configure log42j using Fuseki - fuseki

This question was answered and is related to the version of Fuseki. It is now resolved.
I am working with a Fuseki triplestore and want to set up logging. I follow the instructions here - https://apache.googlesource.com/jena/+/jena-fuseki-new-ui/docs/fuseki-logging.md
I download the default log42j.properties file and put it into the "current" directory, and run Fuseki. I do not get any indication that log42j has been read in. Am I following the instructions correctly?
Kind regards,
Fuseki on starup up -
[2021-03-08 15:35:10] Server INFO Apache Jena Fuseki 3.13.1
[2021-03-08 15:35:11] Config INFO FUSEKI_HOME=C:\Users\user\Desktop\triplestore\fusekiDB.
[2021-03-08 15:35:11] Config INFO FUSEKI_BASE=C:\Users\user\Desktop\triplestore\fusekiDB\run
[2021-03-08 15:35:11] Config INFO Shiro file: file://C:\Users\user\Desktop\triplestore\fusekiDB\run\shiro.ini
[2021-03-08 15:35:11] Config INFO Configuration file: C:\Users\user\Desktop\triplestore\fusekiDB\run\config.ttl
[2021-03-08 15:35:11] Config INFO Load configuration: file:///C:/Users/user/Desktop/triplestore/fusekiDB/run/configuration/db_test.ttl
[2021-03-08 15:35:11] Config INFO Register: /db_test
[2021-03-08 15:35:11] Server INFO Started 2021/03/08 15:35:11 GMT on port 3030
Contents of log4j2.properties -
My folder structure:

The documentation states the following:
The preferred customization is to use a custom log4j2.properties file
in the directory where Fuseki Main is run.
For the war file packaging, the log4j2.properties should go in
FUSEKI_BASE which defaults to /etc/fuseki on Linux.
For the standalone webapp server, FUSEKI_BASE defaults to directory
run/ within the directory where the server is run.
========================== Final Edit ===================
Please note the following:
If you are running a WAR file, then the log4j.properties needs to exists in your unpacked war. If you are running from command line, then it needs to exists in the same directory as your server.jar
When running from a WAR file in a webapp container such as Apache
Tomcat, the logging configuration comes from the file
log4j2.properties in the root of the unpacked war file, e.g.
/var/lib/tomcat9/webapps/fuseki/log4j2.properties.
The name of the file is taken from web.xml:
log4jConfiguration log4j2.properties
This only applies when running in a webapp container. When run from
the command line, the server looks for log4j2.properties in the
current directory and if not found, uses a built-in configuration.
This logging goes to the standard output.
Tested by updating the log4j.properties file which exists in the same folder as the fuseki-server.jar and as you can see the logging time changes from printing only seconds to milliseconds.
The update I applied was:
ORIGINAL: appender.console.layout.pattern = %d{HH:mm:ss} %-5p %-15c{1} :: %m%n
CHANGED TO: appender.console.layout.pattern = %d{HH:mm:ss:sss} %-5p %-15c{1} :: m%n
ezsusmu#SE-00018098 /cygdrive/c/Documents and Settings/ezsusmu/Downloads/apache-jena-fuseki-3.17.0
$ java -jar fuseki-server.jar --memTDB /Susan
16:13:30 INFO Server :: Apache Jena Fuseki 3.17.0
16:13:31 INFO Config :: FUSEKI_HOME=C:\Documents and Settings\ezsusmu\Downloads\apache-jena-fuseki-3.17.0\.
16:13:31 INFO Config :: FUSEKI_BASE=C:\Documents and Settings\ezsusmu\Downloads\apache-jena-fuseki-3.17.0\run
16:13:31 INFO Config :: Shiro file: file://C:\Documents and Settings\ezsusmu\Downloads\apache-jena-fuseki-3.17.0\run\shiro.ini
16:13:32 INFO Config :: Template file: templates/config-tdb-mem
16:13:32 INFO Server :: Database: TDB1 dataset (in-memory)
16:13:32 INFO Server :: Path = /Susan
16:13:33 INFO Server :: System
16:13:33 INFO Server :: Memory: 7,1 GiB
16:13:33 INFO Server :: Java: 1.8.0_201
16:13:33 INFO Server :: OS: Windows 10 10.0 amd64
16:13:33 INFO Server :: PID: 14568
16:13:33 INFO Server :: Started 2021/03/08 16:13:33 CET on port 3030
ezsusmu#SE-00018098 /cygdrive/c/Documents and Settings/ezsusmu/Downloads/apache-jena-fuseki-3.17.0
$ java -jar fuseki-server.jar --memTDB /Susan
16:14:50:050 INFO Server :: Apache Jena Fuseki 3.17.0
16:14:51:051 INFO Config :: FUSEKI_HOME=C:\Documents and Settings\ezsusmu\Downloads\apache-jena-fuseki-3.17.0\.
16:14:51:051 INFO Config :: FUSEKI_BASE=C:\Documents and Settings\ezsusmu\Downloads\apache-jena-fuseki-3.17.0\run
16:14:51:051 INFO Config :: Shiro file: file://C:\Documents and Settings\ezsusmu\Downloads\apache-jena-fuseki-3.17.0\run\shiro.ini
16:14:51:051 INFO Config :: Template file: templates/config-tdb-mem
16:14:52:052 INFO Server :: Database: TDB1 dataset (in-memory)
16:14:52:052 INFO Server :: Path = /Susan
16:14:52:052 INFO Server :: System
16:14:52:052 INFO Server :: Memory: 7,1 GiB
16:14:52:052 INFO Server :: Java: 1.8.0_201
16:14:52:052 INFO Server :: OS: Windows 10 10.0 amd64
16:14:52:052 INFO Server :: PID: 16720
16:14:52:052 INFO Server :: Started 2021/03/08 16:14:52 CET on port 3030
As you can see, changed from logging seconds to milliseconds as well.
The default is Console, not to a log file. You can change that by looking into log4j more :)

Related

Run nginx.exe on Windows as another user

I'm working on a project for deploying pentest lab with terraform & ansible. All is working good except that last problem.
In my lab I have a nginx server running on a Windows server. Nginx with php works when I start them as Administrator with ansible but i need them to run with a non admin local account.
For the php i've made a wrapper using this tools : https://github.com/antonioCoco/RunasCs
But it doesn't work with nginx cause of a working directory problem :
Here is the error :
PS C:\Users\Administrator> .\RunAsCs.exe nginx ***** C:\Web\nginx-1.19.6\nginx.exe
[*] Warning: GetUserProfileDirectory failed with error code: 2
[*] Warning: Unable to obtain environment for user 'nginx'.
[*] Warning: Environment of created process might be incorrect.
nginx: [alert] could not open error log file: CreateFile() "logs/error.log" failed (3: The system cannot find the path specified)
2021/03/06 10:18:33 [emerg] 5556#6124: CreateFile() "C:\Windows\system32/conf/nginx.conf" failed (3: The system cannot find the path specified)
And that's normal because as you can see my wrapper start in Windows/System32
I would like to know if there is a solution either with nginx.conf or with ansible to start this exe as the "nginx" user.
This is a working code for starting nginx as Administrator
- name: Starting web server
win_shell: .\nginx.exe
args:
chdir: C:\Web\nginx-1.19.6
async: 180
poll: 0
I know that there is a psexec module in ansible but psexec will work only for Local Admin account and the goal of that is that my nginx don't run as Local Admin.
Thanks for the help !

After configuring Nexus 3 SSL Nexus no longer runs without sudo

I had my new Nexus 3 repository running okay. I was able to configure some of the basic settings. Then I went through the process of enabling SSL. I used the instructions here. I also watched the video on that page, which does not give instructions that match the page.
My system info: ubuntu 14.4 with Java 8.
Install directory: /opt/nexus-3.0.0-b2016011501/
To simplify the path, I created a link to this directory: nexus -> /opt/nexus-3.0.0-b2016011501/ therefore the path to nexus is /opt/nexus
I generated my keystore as follows:
Created directory: /opt/nexus/etc/ssl
Changed to that directory and ran: keytool -keystore keystore -alias jetty -genkey -keyalg RSA -validity 3650. This generated a file called keystore. I then copied that file to keystore.jks.
Updated the following files: /opt/nexus/etc/org.sonatype.nexus.cfg added application-port-ssl=443 and added ${karaf.etc}/jetty-https.xml(this is different from the written instructions) to the end of the nexus-args=$ line. Then (this is in the video, but not the written instructions) I edited the /opt/nexus/etc/jetty-https.xml file and replaced the password in three places with the password I specified when I generated my keystore.
After this if I start nexus with ./nexus run it get the following error:
2016-01-27 02:20:41,013+0000 ERROR [jetty-main-1] *SYSTEM org.sonatype.nexus.bootstrap.jetty.JettyServer - Failed to start
java.net.SocketException: Permission denied
at sun.nio.ch.Net.bind0(Native Method) [na:1.8.0_72]
at sun.nio.ch.Net.bind(Net.java:433) [na:1.8.0_72]
at sun.nio.ch.Net.bind(Net.java:425) [na:1.8.0_72]
at sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:223) [na:1.8.0_72]
at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:74) [na:1.8.0_72]
at org.eclipse.jetty.server.ServerConnector.open(ServerConnector.java:326) [org.eclipse.jetty.server:9.3.5.v20151012]
at org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNetworkConnector.java:80) [org.eclipse.jetty.server:9.3.5.v20151012]
at org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java:244) [org.eclipse.jetty.server:9.3.5.v20151012]
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68) [org.eclipse.jetty.util:9.3.5.v20151012]
at org.eclipse.jetty.server.Server.doStart(Server.java:384) [org.eclipse.jetty.server:9.3.5.v20151012]
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68) [org.eclipse.jetty.util:9.3.5.v20151012]
at org.sonatype.nexus.bootstrap.jetty.JettyServer$JettyMainThread.run(JettyServer.java:274) [org.sonatype.nexus.bootstrap:3.0.0.b2016011501]
If it start it with sudo ./nexus run it will work but shows me the nag message saying I should not run it as root.
I have verified that my user is the owner of all the files and directories /opt/nexus
On Linux (and other unix type systems) you can't run on port numbers less than 1024 unless you are root. The best way to solve this is to run Nexus behind a reverse proxy. You can find instructions for this here:
http://books.sonatype.com/nexus-book/reference/install-sect-proxy.html
The above was written for Nexus 2.x, but the configuration needed will be the same in Nexus 3.
Regarding running as non-root as a service, there is a bug in 3.0m7 that makes this problematic:
https://issues.sonatype.org/browse/NEXUS-9437
The fix is to edit the "bin/nexus" startup script is to replace this line:
INSTALL4J_JAVA_PREFIX="su - $run_as_user -c"
With this:
exec su - $run_as_user "$prg_dir/$progname" $#
This fix will be in the next release.
Once that change is made, symlink $NEXUS_HOME/bin/nexus to /etc/init.d/nexus, then install the service. And edit "$NEXUS_HOME/bin/nexus.rc" and set the "run_as_user" appropriately.

Launch shiny application on server

I am trying to launch shiny application on server. I just followed instruction from Administering guide:
mkdir ~/ShinyApps
sudo cp -R /opt/shiny-server/samples/sample-apps/hello ~/ShinyApps/
Then tried to access the hello application through http://<server-address>:3838/<your_username>/hello But it shows this page can't be displayed error. Anyone has any idea about what can cause this problem? Thanks!
Cont.
Thanks Jeff, I used the exact same part in guide.
Here is the shiny-server.conf file:
server {
listen 3838;
# Define a location at the base URL
location /users {
#this is set up so that I can run apps sithout sudo
run_as :HOME_USER:
user_dirs;
}
location /apps {
run_as shiny;
# Host the directory of Shiny Apps stored in this directory
site_dir /srv/shiny-server;
# Log all Shiny output to files in this directory
log_dir /var/log/shiny-server;
# When a user visits the base URL rather than a particular application,
# an index of the applications available in this directory will be shown.
directory_index on;
}
}
shiny-server.log shows lots of error:
[32m[2014-04-28 11:04:42.871] [INFO] shiny-server - [39mShiny Server v1.1.0.10000 (Node.js v0.10.21)
[32m[2014-04-28 11:04:42.875] [INFO] shiny-server - [39mUsing pidfile /var/run/shiny-server.pid
[32m[2014-04-28 11:04:42.877] [INFO] shiny-server - [39mUsing config file "/etc/shiny-server/shiny-server.conf"
[33m[2014-04-28 11:04:42.973] [WARN] shiny-server - [39mRunning as root unnecessarily is a security risk! You could be running more securely as non-root.
[31m[2014-04-28 11:04:42.217] [ERROR] shiny-server - [39mError loading config: location directive must contain (or inherit) one of site_dir, user_apps, app_dir, or redirect (/etc/shiny-server/shiny-server.conf:10:3)
[32m[2014-04-28 11:04:42.218] [INFO] shiny-server - [39mShutting down worker processes
How can I fix those those error?
I assume you got that command from this portion of the guide? If so, did you also use the deploy-example script to change your configuration file? Did you get any errors when you ran that script?
Alternatively, edit your question to include your configuration file at /etc/shiny-server/shiny-server.conf and we'll be able to see if your server is properly configured to use user_dirs which would be needed for users to be able to host their own applications.
Also check for (and/or edit your question to include) any recent entries in the server's log at /var/log/shiny-server.log.
Try the URL http://<server-address>:4949/sample-apps/.
If not 4949, try 3838.
The reason is whether the port 3838 is open. If it's not open, maybe you should run the following directives in your server:
iptables -I INPUT -p tcp --dport 3838 -j ACCEPT
iptables -I INPUT -p gre -j ACCEPT

Openldap unexpectedly shutdown

I installed openldap 2.4.35 from source tarball with berkeleydb 5.0.32.NC on CentSO 6.4 x86_64.
After running a few days , the ldap server shutdown unexpectedly. And here is the last log:
ber_get_next
TLS trace: SSL3 alert read:warning:close notify
52b7b798 ber_get_next on fd 13 failed errno=0 (Success)
52b7b798 conn=1023 op=70 do_unbind
52b7b798 connection_close: conn=1023 sd=13
TLS trace: SSL3 alert write:warning:close notify
52b7cbba daemon: shutdown requested and initiated.
52b7cbba slapd shutdown: waiting for 0 operations/tasks to finish
52b7cbba slapd shutdown: initiated
52b7cbba ====> bdb_cache_release_all
52b7cbba slapd destroy: freeing system resources.
52b7cbba slapd stopped.
The configuration file (slapd.conf):
include /home/ucportal/local/openldap/etc/openldap/schema/core.schema
include /home/ucportal/local/openldap/etc/openldap/schema/corba.schema
include /home/ucportal/local/openldap/etc/openldap/schema/cosine.schema
include /home/ucportal/local/openldap/etc/openldap/schema/duaconf.schema
include /home/ucportal/local/openldap/etc/openldap/schema/dyngroup.schema
include /home/ucportal/local/openldap/etc/openldap/schema/inetorgperson.schema
include /home/ucportal/local/openldap/etc/openldap/schema/java.schema
include /home/ucportal/local/openldap/etc/openldap/schema/misc.schema
include /home/ucportal/local/openldap/etc/openldap/schema/nis.schema
include /home/ucportal/local/openldap/etc/openldap/schema/openldap.schema
include /home/ucportal/local/openldap/etc/openldap/schema/ppolicy.schema
include /home/ucportal/local/openldap/etc/openldap/schema/collective.schema
include /home/ucportal/local/openldap/etc/openldap/schema/uc.schema
pidfile /home/ucportal/local/openldap/var/run/slapd.pid
argsfile /home/ucportal/local/openldap/var/run/slapd.args
loglevel 1
logfile /home/ucportal/openldap/var/log/slapd.log
database bdb
suffix "dc=ucweb,dc=com"
rootdn "cn=admin,dc=ucweb,dc=com"
rootpw 123456
directory /home/ucportal/local/openldap/var/openldap-data
index objectClass eq
index entryUUID,entryCSN eq
TLSCACertificateFile /home/ucportal/openldap/etc/openldap/cacerts/ca.crt
TLSCertificateFile /home/ucportal/openldap/etc/openldap/ldap-server.crt
TLSCertificateKeyFile /home/ucportal/openldap/etc/openldap/ldap-key.pem
Attention : I installed and run openldap with non-root user
I used this command to start ldap daemon process: slapd -f ~/openldap/etc/openldap/slapd.conf -d 1 -h 'ldaps://0.0.0.0:6361'
Any suggestions?
This is a very common issue with Open-LDAP servers, firstly I'll recommend you to migrate this question to serverfault. This will be a good practice to always run your daemons with root priviledges.
Based on my so far research I'd like to share these links with you, I hope they may help you to fix your problems.
http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,10/func,view/id,19945/
http://www.openldap.org/lists/openldap-software/200502/msg00268.html
Configure OpenLDAP
https://serverfault.com/questions/138286/configuring-openldap-and-ssl
http://www.openldap.org/doc/admin24/slapdconf2.html

Problems running flask app on uwsgi / nginx

I have created a flask app and up to this point have been using the default flask server for creating/testing it. Now i want to deploy it to a server. I am using uwsgi and nginx, though i am pretty new to both. i know there are a lot of guides and questions about similar things, but i couldnt find the solution after looking through as much as i could understand
The following is from my uwsgi log :
machine: x86_64
clock source: unix
detected number of CPU cores: 1
current working directory: /home/ben/flask/MLS-Flask
detected binary path: /home/ben/flask/MLS-Flask/mls-flask-ve/bin/uwsgi
!!! no internal routing support, rebuild with pcre support !!!
*** WARNING: you are running uWSGI without its master process manager ***
your processes number limit is 1024
your memory page size is 4096 bytes
detected max file descriptor number: 1024
lock engine: pthread robust mutexes
thunder lock: disabled (you can enable it with --thunder-lock)
uwsgi socket 0 bound to UNIX address /home/ben/flask/MLS-Flask/mls_uwsgi.sock fd 3
Python version: 3.3.3 (default, Dec 30 2013, 16:29:41) [GCC 4.4.7 20120313 (Red Hat 4.4.7-4)]
Set PythonHome to /home/ben/flask/MLS-Flask/mls-flask-ve
*** Python threads support is disabled. You can enable it with --enable-threads ***
Python main interpreter initialized at 0x11755d0
your server socket listen backlog is limited to 100 connections
your mercy for graceful operations on workers is 60 seconds
mapped 72760 bytes (71 KB) for 1 cores
*** Operational MODE: single process ***
added /home/ben/flask/MLS-Flask/ to pythonpath.
WSGI app 0 (mountpoint='') ready in 0 seconds on interpreter 0x11755d0 pid: 2926 (default app)
*** uWSGI is running in multiple interpreter mode ***
spawned uWSGI worker 1 (and the only) (pid: 2926, cores: 1)
I am assuming the uwsgi is at least running? I am fairly new to this so i am not quite sure that the problem is.
my nginx config is :
server{
listen 8080;
charset utf-8;
location / {try_files $uri #app; }
location #app {
include uwsgi_params;
uwsgi_pass unix:/home/ben/flask/MLS-Flask/mls_uwsgi.sock;
}
}
my uwsgi ini is :
[uwsgi]
uid = nginx
gid = nginx
base = /home/ben/flask/MLS-Flask
home = %(base)/mls-flask-ve
pythonpath = %(base)
chdir = /home/ben/flask/MLS-Flask
module = runp
#socket file's location
socket = /home/ben/flask/MLS-Flask/mls_uwsgi.sock
#permissions for the socket file
chmod-socket = 666
#variable that holds a flask application inside the module imported
callable = app
#location of log file
logto = /var/log/uwsgi/%n.log
and the file the uwsgi ini is running is my flask app:
from app import app
if __name__ == "__main__":
app.run(debug = False, port = 8080)
I may have some extraneous stuff in my uwsgi ini or nginx config, but i am not sure if those would necessarily be the problems. Can anyone see any reasons why this might not be working? I am currently getting a 502 bad gateway error on localhost:8080, so i am guessing it has something to do with my flask, uwsgi ini/socket.
i appreciate any help.
It turned out my nginx user didnt have access to the socket because the / and /home/ directory was owned by the root group and root user. I ended up giving full access to the owner and group all the way from / directory to the socket (this probably is not the safest solution security wise, but i can further refine it after i get everything working.)
I had the same problem :
Always check socket permissions by using ls -lhtr
Try putting socket in /run/myapp/mysock.sock folder
Create an empty sock file in this folder vi mysock.sock
Set permissions of this empty file to have full access by your user and group stated
in the service. chown user:group /run/myapp/mysock.sock

Resources