I have a problem with my application.
I use Symfony 2.8.4 and in vendors list I ave besimmple/sso-auth-bundle, in last version.
I have an application on an old centos server with php 5.3.3 which work, but with symfony 2.5, I have to upgrade symfony.
On dev plateform ( winw 10 + wamp 2.4) my application work : besimple can authanticate on my CAS server, no pb. But on my new server, centos 7, php 5.4.16 it doesn't work I got this exception :
Cannot communicate securely with peer: no common encryption algorithm(s).
500 Internal Server Error - RequestException
Stack Trace
in vendor/kriswallsmith/buzz/lib/Buzz/Client/Curl.php at line 31 -
$errorMsg = curl_error($this->lastCurl);
$errorNo = curl_errno($this->lastCurl);
$e = new RequestException($errorMsg, $errorNo);
$e->setRequest($request);
throw $e;
I have an another application, GLPI on this server which use curl to, and it works.
I don't know what to do and I my application he's up to be in production.
I tried to change curl_opt in with CIPHER_LIST like that :
curl_setopt($this->lastCurl , CURLOPT_SSL_CIPHER_LIST, 'ecdhe_rsa_aes_128_gcm_sha_256');
but I've got this error :
Cannot connect: SSL is disabled.
500 Internal Server Error - RequestException
Stack Trace
in vendor/kriswallsmith/buzz/lib/Buzz/Client/Curl.php at line 31 -
$errorMsg = curl_error($this->lastCurl);
$errorNo = curl_errno($this->lastCurl);
$e = new RequestException($errorMsg, $errorNo);
$e->setRequest($request);
throw $e;
Can you help me ?
PS : i'm trying to put the application on an other server, with debien to see if the problem comes with my distribution.
I answer myself.
I was requesting the CAS server through an old pfsense reverse proxy. I updated the pfsesnse to the last version (2.3.2) and all it's ok now.
Don't forget tu use this config for BeSimpleSso :
be_simple.sso_auth.client.option.curlopt_ssl_version.value: 1
be_simple.sso_auth.client.option.curlopt_ssl_verifypeer.value: false
Related
I'm currently trying to configure our WSO2 API Manager 3.2 to use our SSL certificate.
I followed the documentation "Creating a New Keystore" and "Configuring Keystores in API Manager".
I have updated the deployment.toml file:
[server]<br>
hostname = "myserver001.internal.net"
....
[keystore.tls]
file_name = "myKeystore.jks"
type = "JKS"
password = "secretpassword"
alias = "myserver001.internal.net"
key_password = "secretpassword"
[keystore.primary]
file_name = "wso2carbon.jks"
type = "JKS"
password = "wso2carbon"
alias = "wso2carbon"
key_password = "wso2carbon"
The servername is set to myserver001.
The domain name myserver001.internal.net is set in the host file.
After restarting the WSO2 APIM server an exception message is thrown:
SSLException: hostname in certificate didn't match:
<localhost> != <myserver001.internal.net> OR <myserver001.internal.net>
Does anyone knows what I have to change additionally, to come around this error or where I can find additional documentation?
Any help is appreciated
Looks this is due to the missing service_url of TM/Event hub config. So can you add/update the following config?
[apim.throttling]
...
service_url = "https://myserver001.internal.net:9443/services/"
I was in the exact same situation :
Migration from v2.6.0 to v3.2.0
Valid certificate
SSLException: hostname in certificate didn't match
I tried a lot of things, but after a lot of researches, I'd say that there is two possibilities :
It's a bug
It's a documentation problem, and we have to edit more things to make our certificate work
I believe that you changed the Dhttpclient.hostnameVerifier to another value than "AllowAll". See the doc about hostname verification.
It's just a workaround and it's probably not that secure, but you'll have to put back the default value for Dhttpclient.hostnameVerifier to avoid this error :
service wso2am-3.2.0 stop
nano /usr/lib/wso2/wso2am/3.2.0/bin/wso2server.sh
-Dhttpclient.hostnameVerifier=AllowAll \
service wso2am-3.2.0 start
I am trying to set up a mock server using wireMock as a standalone process. I downloaded the jar file and executed the following command:
java -jar wiremock-standalone-2.23.2.jar --port 0
I had to dynamically determine a port because I am already using the default 8080 port for another program running on my machine. It gave me the port number 55142, but when I tried accessing that on the web, it gave me the following error:
HTTP ERROR 403
Problem accessing /__files/. Reason:
Forbidden
Powered by Jetty://
It's probably due to the fact that you just entered http://localhost:55142
and as there are no mappings in ./mappings directory and files in ./files directory (the same where you have your wiremock.jar file is located)
2019-06-04 00:10:58.890 Request was not matched as there were no stubs registered:
{
"url" : "/"
...
}
please try call with __admin endpoint to see if WireMock is working
http://localhost:55142/__admin
please see also docs here for more nice admin commands.
problem :
Running symfony 3.4, I just preemptively took a look at symfony's logs and seen some strange errors :
request.ERROR: Uncaught PHP Exception Symfony\Component\HttpKernel\Exception\BadRequestHttpException: "Untrusted Host "52.47.154.91"
It's strange because I it is not the IP of my server...
question :
How would you investigate this?
=> I think that I need more details in the log, but I don't know how to make monolog be more verbose on this error only
complementary information :
I'm hosted on AWS I know thaht need some special tuning, but I think that my app.php is well configured for running behind an ELB:
Request::setTrustedProxies(
// trust *all* requests
array('127.0.0.1', $request->server->get('REMOTE_ADDR')),
Request::HEADER_X_FORWARDED_AWS_ELB
);
and The IP that is loggued is the IP of the ELB (load balancer)
You probably have something like this in the config
trusted_hosts:
- "%domain%"
either remove it or add the IP
I try use HHVM with nginx in server CentOS 6.5 64bits but it's not working
hhvm --mode server -vServer.Type=fastcgi -vServer.Port=9000 -user nginx
Quote from HHVM's log:
Failed to initialize central HHBC repository: Failed to open /var/log/hhvm/.hhvm.hhbc: 14 - unable to open database file
Failed to open /var/www/.hhvm.hhbc: 14 - unable to open database file
Does someone know what to do in this situation ?
Two things here :
You're mentionning /var/log/hhvm/.hhvm.hhbc and /var/www/hhvm/.hhvm.hhbc .. is this a typo ? Can you give us the content of your server.hdf and config.hdf files ?
The folder /var/log/hhvm must be writeable by the account being used to run the webserver (ie nginx)
(On a side note, I guess it's --userand not -user)
I am using plone.recipe.varnish 1.2.2 in my Plone application.
Below is a section of my buildout:
parts =
...
instance
paster
varnish-build
varnish
plonesite
...
[varnish-build]
recipe = zc.recipe.cmmi
url = http://downloads.sourceforge.net/project/varnish/varnish/2.1.3/varnish-2.1.3.tar.gz
[varnish]
recipe = plone.recipe.varnish
daemon = ${buildout:parts-directory}/varnish-build/sbin/varnishd
bind = 127.0.0.1:8000
backends = 127.0.0.1:9000
cache-size = 1G
I cannot conclusively determine if it works. My Plone application serves on port 9000. So I want to test if varnish really works by going to http://localhost:8000 but I get nothing. The browser says "Firefox can't establish a connection to the server at 127.0.0.1:8000."
Am I doing this wrong? I have followed the instructions provided here but no headway.
How does one really configure plone.recipe.varnish in Plone, and how do you actually test that it works in local development machine?
The recipe does not start your varnish server. It only configures it for you.
Use something like supervisord to manage the process, or start it by hand with bin/varnish.