My laptop and my nixos-server (hostname=nixos) are both conected to my router (fritz.box). I can access the rooter via ping (ping nixos.fritz.box) and ssh (ssh username#nixos.fritz.box).
What I want is to follow the first part of this guide to set up grafana on nixos. I then want to be able to access grafana from my laptop.
On the server I have configured nixos to run both grafana and a reverse proxy (nginx):
services.grafana = {
enable = true;
domain = "grafana.nixos.fritz.box";
port = 2342;
addr = "127.0.0.1";
};
# nginx reverse proxy for grafana
services.nginx.virtualHosts.${config.services.grafana.domain} = {
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.grafana.port}";
proxyWebsockets = true;
};
};
# Open ports for http and https
networking.firewall.allowedTCPPorts = [ 80 443 ];
system.stateVersion = "21.03";
Unfortunatelly I can't access the grafana webinterface from my laptop.
I tried changing around the value of services.grafana.domain and what I type into my browser (firefox/curl), here is what I got:
services.grafana.domain
argument of curl
output of curl
grafana.nixos.fritz.box
http://grafana.nixos.fritz.box/
curl: (6) Could not resolve host: grafana.nixos.fritz.box
grafana.nixos.fritz.box
https://grafana.nixos.fritz.box/
curl: (6) Could not resolve host: grafana.nixos.fritz.box
grafana.nixos.fritz.box
http://nixos.fritz.box/
curl: (52) Empty reply from server
grafana.nixos.fritz.box
https://nixos.fritz.box/
curl: (35) LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to nixos.fritz.box:443
nixos.fritz.box
http://nixos.fritz.box/
curl: (52) Empty reply from server
nixos.fritz.box
https://nixos.fritz.box/
curl: (35) LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to nixos.fritz.box:443
grafana.localhost
(on the server) http://grafana.localhost
curl: (7) Failed to connect to grafana.localhost port 80: Connection refused
grafana.localhost
(on the server) https://grafana.localhost
curl: (7) Failed to connect to grafana.localhost port 443: Connection refused
Especially the last 2 lines leave me perplexed.
netstat -an | grep LISTEN on the server gives me this:
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:2342 0.0.0.0:* LISTEN
tcp6 0 0 :::22 :::* LISTEN
unix 2 [ ACC ] STREAM LISTENING 1837 /run/systemd/private
unix 2 [ ACC ] STREAM LISTENING 1841 /run/systemd/userdb/io.systemd.DynamicUser
unix 2 [ ACC ] SEQPACKET LISTENING 1853 /run/systemd/coredump
unix 2 [ ACC ] STREAM LISTENING 1862 /run/systemd/journal/stdout
unix 2 [ ACC ] SEQPACKET LISTENING 1868 /run/udev/control
unix 2 [ ACC ] STREAM LISTENING 26958 /var/run/nscd/socket
unix 2 [ ACC ] STREAM LISTENING 1905 /run/systemd/journal/io.systemd.journal
unix 2 [ ACC ] STREAM LISTENING 12193659 /run/user/1001/bus
unix 2 [ ACC ] STREAM LISTENING 12205464 /run/user/1001/systemd/private
unix 2 [ ACC ] STREAM LISTENING 13312 /nix/var/nix/daemon-socket/socket
unix 2 [ ACC ] STREAM LISTENING 18416 /var/run/dhcpcd.sock
unix 2 [ ACC ] STREAM LISTENING 18418 /var/run/dhcpcd.unpriv.sock
unix 2 [ ACC ] STREAM LISTENING 13308 /run/dbus/system_bus_socket
I don't know how to make grafana available in the local network. Can someone help me with that, please?
(I know this question is somewhat similar to this one, but the solution there doesn't help me)
Adding the following line solved my problem (thanks to #Tch):
services.nginx.enable = true;
Related
These are my dns records:
Name | Type | TTL | Target
A 3600 185.199.108.153
A 3600 185.199.109.153
A 3600 185.199.110.153
A 3600 185.199.111.153
www CNAME 3600 pushp1997.github.io
A 3600 34.71.130.252
Here, the first 5 entries are to open my static github pages site.
The last entry is the ip address of my VM instance on GCloud.
These are my nginx server settings:
server {
listen 80;
server_name pushp.ml;
location /linkedin {
return 302 https://in.linkedin.com/in/pushp-vashisht;
}
}
Now, if I try 34.71.130.252/linkedin it redirects me to https://in.linkedin.com/in/pushp-vashisht.
But, when I try pushp.ml/linkedin it shows a 404 page of Github Pages.
How do I make pushp.ml/linkedin to redirect to https://in.linkedin.com/in/pushp-vashisht?
Edit:
On running dig command:
$ dig pushp.ml
; <<>> DiG 9.11.3-1ubuntu1.12-Ubuntu <<>> pushp.ml
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36898
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;pushp.ml. IN A
;; ANSWER SECTION:
pushp.ml. 3600 IN A 185.199.109.153
pushp.ml. 3600 IN A 185.199.110.153
pushp.ml. 3600 IN A 34.71.130.252
pushp.ml. 3600 IN A 185.199.108.153
pushp.ml. 3600 IN A 185.199.111.153
;; Query time: 431 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Fri Jul 17 17:13:57 EDT 2020
;; MSG SIZE rcvd: 117
In answer section we can see that ip addresses of github pages server as well as my vm instance are there.
I have a WebSocket which works good over WebSocket protocol, but I can not switch to WebSocketSecure protocol, It doesn't generate any errors on server side, client says error:141970DF:SSL routines:tls_construct_cke_psk_preamble:psk identity not found. The certificate was generated by certbot and is used of for https web site on same domain.
Server code:
QSslConfiguration conf = server.sslConfiguration();
QFile * privkey =
new QFile{"/etc/letsencrypt/live/example.com/privkey.pem"};
privkey->open(QFile::ReadOnly);
conf.setCaCertificates(QSslCertificate::fromPath(
"/etc/letsencrypt/live/example.com/fullchain.pem"));
conf.setPrivateKey(QSslKey(privkey));
conf.setProtocol(QSsl::TlsV1_0);
server.setSslConfiguration(conf);
if (server.listen(QHostAddress::Any, 54045)) {
connect(
&server, &QWebSocketServer::newConnection, this,
&Server::onNewConnection);
connect(&server, &QWebSocketServer::closed, this, &Server::closed);
qDebug() << "server started";
}
The client code:
import QtQuick 2.13
import QtWebSockets 1.13
WebSocket {
active: true
url: "wss://example.com:54045"
}
Output of openSSL:
$ openssl s_client -connect example.com:54045
CONNECTED(00000003)
140623606740288:error:14095126:SSL routines:ssl3_read_n:unexpected eof while reading:ssl/record/rec_layer_s3.c:302:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 325 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
docker run --rm --net=host -v $PWD/default.conf:/etc/nginx/conf.d/default.conf nginx
2019/05/12 17:02:49 [emerg] 1#1: host not found in upstream "tickethub.service.consul" in /etc/nginx/conf.d/default.conf:10
nginx: [emerg] host not found in upstream "tickethub.service.consul" in /etc/nginx/conf.d/default.conf:10
While dig shows the DNS record correctly:
dig #127.0.0.1 -p 8600 tickethub.service.consul
; <<>> DiG 9.12.3-P1 <<>> #127.0.0.1 -p 8600 tickethub.service.consul
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57394
;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 4
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;tickethub.service.consul. IN A
;; ANSWER SECTION:
tickethub.service.consul. 0 IN A 172.23.0.6
tickethub.service.consul. 0 IN A 172.23.0.5
tickethub.service.consul. 0 IN A 172.23.0.7
;; ADDITIONAL SECTION:
tickethub.service.consul. 0 IN TXT "consul-network-segment="
tickethub.service.consul. 0 IN TXT "consul-network-segment="
tickethub.service.consul. 0 IN TXT "consul-network-segment="
;; Query time: 0 msec
;; SERVER: 127.0.0.1#8600(127.0.0.1)
;; WHEN: Sun May 12 16:58:54 GMT 2019
;; MSG SIZE rcvd: 209
And my nginx config:
server {
listen 80;
server_name localhost;
location / {
resolver 127.0.0.1:8600;
proxy_pass http://tickethub.service.consul;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
What may be the issue?
This worked when I explicitly set the DNS on the docker container to 127.0.0.1 which means Nginx is probably trying to resolve it WITHOUT using the resolver specified argh...
I think I also had to change the DNS port to 53 instead of the explicit 8600
Or something...
Probably a bunch of nginx bugs...
mic drop
It worked when I set the proxy_pass using a variable:
location / {
resolver consul;
set $endpoint tickethub.service.consul;
proxy_pass http://$endpoint/;
}
I wrote a simple GO program which listens to 0.0.0.0:9999 and 127.0.0.1:9999:
func main() {
go bind("0.0.0.0:9999", "111 ")
go func() {
time.Sleep(2 * time.Second)
bind("127.0.0.1:9999", "222 ")
}()
time.Sleep(time.Hour)
}
func bind(address string, content string) {
fmt.Println("-------------", address, "-----------------")
listener, err := net.Listen("tcp", address)
if err != nil {
panic(err)
return
}
fmt.Println(listener.Addr().String())
conn, _ := listener.Accept()
for {
_, err := conn.Write([]byte(content))
if err != nil {
panic(err)
}
time.Sleep(1 * time.Second)
}
}
The meaning of the code:
It binds two addresses, and gives different responses to the clients of them
binding "0.0.0.0:9999": will send "111 " repeat to client
binding "127.0.0.1:9999": will send "222 " repeat to client
And then I use telnet to try different addresses, and the responses are:
telnet 127.0.0.1 9999: 222 (OK)
telnet localhost 9999: 111 (WHY?!)
telnet 0.0.0.0 9999: 222 (WHY?!)
telnet <my-internal-ip> 9999: 111 (OK)
I'm quite confused about some of them:
telnet localhost 9999: 111 (WHY?!)
localhost should point to 127.0.0.1, so I think it's same to telnet 127.0.0.1 9999 and the response should be 222, but the actual one is 111
telnet 0.0.0.0 9999: 222 (WHY?!)
I think 0.0.0.0 is not same to 127.0.0.1, I expect to get response of 111, but get 222
I also have a demo project: https://github.com/golang-demos/go-bind-0.0.0.0-127.0.0.1-demo
Update: My os is OSX
Both localhost and 0.0.0.0 are resolved to 127.0.0.1 by the OS
$ ping 0.0.0.0
PING 0.0.0.0 (127.0.0.1) 56(84) bytes of data.
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.024 ms
$ping localhost
PING localhost (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.035 ms`
localhost could resolve to something else depending on /etc/hosts file.
An excellent explanation for Linux ping 0.0.0.0 behavior is here.
I'm using phpari with Asterisk 13 and trying to record a bridge (mixing type).
In my code:
$this->phpariObject->bridges()->bridge_start_recording($bridgeID, "debug", "wav");
It returns:
array(4) {
["name"]=>
string(5) "debug"
["format"]=>
string(3) "wav"
["state"]=>
string(6) "queued"
["target_uri"]=>
string(15) "bridge:5:1:503"
}
When and I stop and save with
$this->phpariObject->recordings()->recordings_live_stop_n_store("debug");
It returns FALSE.
I debug with
curl -v -u xxxx:xxxx -X POST "http://localhost:8088/ari/recordings/live/debug/stop"
Result:
* About to connect() to localhost port 8088 (#0)
* Trying ::1... Connection refused
* Trying 127.0.0.1... connected
* Connected to localhost (127.0.0.1) port 8088 (#0)
* Server auth using Basic with user 'xxxxx'
> POST /ari/recordings/live/debug/stop HTTP/1.1
> Authorization: Basic xxxxxxx
> User-Agent: curl/7.19.7 (xxxxx) libcurl/7.19.7 NSS/3.16.2.3 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: localhost:8088
> Accept: */*
>
< HTTP/1.1 404 Not Found
< Server: Asterisk/13.2.0
< Date: Thu, 19 Feb 2015 11:58:18 GMT
< Cache-Control: no-cache, no-store
< Content-type: application/json
< Content-Length: 38
<
{
"message": "Recording not found"
* Connection #0 to host localhost left intact
* Closing connection #0
}
Asterisk CLI verbose 5 trace: http://pastebin.com/QZXnpXVA
So, I've solved the problem.
It was a simple write permission problem.
Asterisk user couldn't write on /var/spool/asterisk/recording because it was owned by root.
Changing the ownership to the asterisk user solved it.
I detected this problem by looking at the Asterisk CLI trace again:
-- x=0, open writing: /var/spool/asterisk/recording/debug format: sln, (nil)
This (nil) indicates that the file could not be written, so I checked the folder and saw where the problem was.