I installed passenger-modded version of nginx following this guide.
Unfortunately the version of nginx in the RPM was built with OpenSSL 1.0.1e which does not provide HTTP/2 ALPN support. Is building nginx from source my only option to enable HTTP/2 in this configuration?
You've a few options:
Install from source with OpenSSL also built from source.
Use Docker or other container technology to run this.
Upgrade to Centos 7.4 (literally just released at time of writing) as this includes OpenSSL 1.0.2 which includes ALPN support.
Use a CDN in front of your server so they provide the HTTP/2 support and you can stay on HTTP/1 for now. Cloudflare offer free plans for this for example.
Similar to above, put another server/load balancer in front of Nginx which supports HTTP/2 and proxies requests to Nginx.
Related
We use a proxy server in our company to reload packages in RStudio. Recently, Internet Explorer was disabled because Microsoft stopped supporting IE. Since then, we have not been able to reload packages. Probably this worked without problems until now, because under
Options > Packages > "Use Internet Explorer library for http proxy"
was activated.
As a workaround we now have the file: ~/.Renviron and configured the proxy there manually. Also the URL cran.rstudio.com had to be made accessible at the proxy without authentication. So far this was not necessary, because the previous option probably used the credentials of Windows to authenticate at the proxy.
Is there a possibility to add a proxy authentication via NTLM / Kerberos in the file '~/.Renviron' without storing the user data and passwords in the configuration?
Or is there an alternative to the option used so far ("Use Internet Explorer library for http proxy"), so that e.g. the Windows proxy settings are used?
We also run an SSL traffic scan on the proxy, replacing the certificates from cran.rstudio.com with the company's own certificates. If the option "Use Secure Download method for http" is enabled, the download fails. Probably because RStudio does not trust the company's own certificates.
Is there a possibility to store own certificates for downloading the packages?
Thanks for any hint.
RStudio: 2022.02.2 Build 485
R: 4.2.0
We have a requirement to use HTTPS and disable HTTP, currently we are using Artifactory OSS version 4.0.0 so redirecting http requests using reverse proxy is not feasible.
Any help would be much appreciated.
Thanks
Naresh.G
There are 2 options to achieve this:
Use an http reverse proxy such as NginX or Apache httpd in front of Artifactory. This can be done with any version of Artifactory including the OSS. Versions 4.3.1 and above includes a functionality which helps generating the reverse proxy configuration (please notice it does not configure the proxy but rather provide the required configuration).
Configure the Artifactory Tomcat with SSL/TLS support. The Tomcat documentation explains how to do that.
One thing to take into consideration is that you will get better performance using the first option
I have the Metadata of IDP and already installed Shibboleth on a server system running on CentOS 7. The steps I followed from this link -
http://accc.uic.edu/answer/how-do-i-install-and-configure-shibboleth
which is very straight forward and good to follow. But it's for Apache web server.
The thing is, as per Shibboleth Website
https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPConfigurationElements
I can't find an official support docs for NGINX webserver. I've checked many repositories on github but kind of hard to understand about the steps of configuration.
https://github.com/nginx-shib/nginx-http-shibboleth
https://github.com/ConsortiumGARR/idem-tutorials/blob/master/idem-community/HOWTO-Shibboleth/Service-Provider/Debian/HOW%20TO%20SETUP%20A%20SHIBBOLETH%20SP%20WITH%20NGINX.md
I'm trying to install the cache server for OpenCPU (I need to enable caching) on an Ubuntu 16.04 EC2 instance. A dependency of opencpu-cache is the latest version of nginx (I can't install the cache server without it).
After I had already installed OpenCPU and verified that it was working, I installed nginx and then opencpu-cache. After installation, however, I can no longer make HTTP or HTTPS requests to the server. Entering both the public IP address and public DNS from the AWS console into my web browser fails to yield a landing page for the server, whereas it was working fine before I installed nginx.
My security rules on AWS are set up correctly (i.e. they're allowing the right ports for HTTP and HTTPS), so what is the issue? All my packages on the server are also up-to-date. SSH sessions work just fine still. I just can't figure out what the issue is.
Nevermind, it turns out that sudo service opencpu-cache restart did the trick lol. Props to Jeroen above.
I manually installed Artifactory(V 2.6) on my centos and am using it with its own standalone jetty container. I use artifactoryctl start to start it and now I can access it using http://myhostname:8081/artifactory.
What is the best and easy way to put this behind https now?
Note: It will be nice if I can have both http and https access.
Any help is appreciated.
Thanks
Please upgrade to the latest Artifactory version.
Starting Artifactory 3, it comes with embedded Tomcat, please refer to the official Tomcat documentation on how to configure SSL on Tomcat.
Another option might be configuring Artifactory behind Apache or Ngnix HTTP servers. In this case, Artifactory user guide provides documentation on how to configure ssl for the former and for the later.