Kibana - socket hang up error - kibana

I am running Kibana behind IIS reverse proxy server and getting following error
Courier Fetch Error: unhandled courier request error: socket hang up
I am on Version: 4.2.2, Build: 9177.
I get this error only when I use proxy server which I need to restrict access to Kibana. I am not sure what is causing this or how to fix it.
Error: unhandled courier request error: socket hang up
at handleError (http://kibana-server/bundles/kibana.bundle.js:70047:23)
at DocRequest.AbstractReqProvider.AbstractReq.handleFailure (http://kibana-server/bundles/kibana.bundle.js:69967:15)
at http://kibana-server/bundles/kibana.bundle.js:69861:18
at Array.forEach (native)
at http://kibana-server/bundles/kibana.bundle.js:69859:19
at wrappedErrback (http://kibana-server/bundles/commons.bundle.js:39286:79)
at http://kibana-server/bundles/commons.bundle.js:39419:77
at Scope.$eval (http://kibana-server/bundles/commons.bundle.js:40406:29)
at Scope.$digest (http://kibana-server/bundles/commons.bundle.js:40218:32)
at Scope.$apply (http://kibana-server/bundles/commons.bundle.js:40510:25)

If you have enabled Integrated Windows Authentication in your IIS the Kibana server cannot process the request, because the http-Authorization-Header is too large (group memberships are stored in the PAC field of the kerberos tickets).
We had the same Problem with an Apache reverse proxy server in front of Kibana. The solution is to unset the Authorization-Header after Kerberos/NTLM-Authentication is done and before sending the proxy request to Kibana.
Configuration for Apache:
RequestHeader unset Authorization

Try removing http.cors and http.compression as noted in https://github.com/elastic/kibana/issues/6719

Related

Airflow SambaHook authentication issue with SpnegoError and Kerberos?

I am trying to connect to a Samba server in Airflow using the SambaHook class. The Samba server requires Kerberos authentication.
I have already defined a Samba connection in Airflow using the following parameters:
Host,Schema and Extra {"auth": "kerberos"}
airflow connections add "samba_repo" --conn-type "samba" --conn-host "myhost.mywork.com" --conn-schema "fld" --conn-extra '{"auth": "kerberos"}'
I'm trying to use the SambaHook class in Airflow to connect to a Samba server. When I run my code, I get the following error:
Failed to authenticate with server: SpnegoError (1): SpnegoError (16): Operation not supported or available, Context: Retrieving NTLM store without NTLM_USER_FILE set to a filepath, Context: Unable to negotiate common mechanism
However, when I use smbclient to connect to the same server using Kerberos authentication from the Docker terminal, it works fine with the command: smbclient //'myhost'/'fld' -c 'ls "\workpath\*" ' -k
What I tried: I set up a connection to the Samba server in Airflow using the SambaHook class and tried to use the listdirmethod to retrieve a list of files in a specific directory.
What I expected to happen: I expected the listdir method to successfully retrieve a list of files in the specified directory from the Samba server.
What actually resulted: Instead, I encountered the following error message:
Failed to authenticate with server: SpnegoError (1): SpnegoError (16): Operation not supported or available, Context: Retrieving NTLM store without NTLM_USER_FILE set to a filepath, Context: Unable to negotiate common mechanism

web GRPC and Iroha (JS implementation for iroha)

I am trying to run this docker file https://gitlab.com/snippets/1713665
consoles
I have running iroha container as you can see in right console on 50051 port, but on running the above docker file for web GRPC then you can see in left console it is unable to make connection. as i have also tried with enabling and disabling the firewalls and also with opening the 50051 withudo ufw allow 50051 sudo ufw allow 50051 ...But in the end i have the same results
"Err: connection error: desc = "transport: Error while dialing dial tcp 127.0.0.1:50051: connect: connection refused". Reconnecting... system=system"
I have also posted this issue month ago but no once gave me any response, Thats why i am reposting with further elaboration
Try running the grpc web proxy, with the backend address as localhost, instead of whatever is default in the gitlab post.
ex. ./grpcwebproxy-v0.13.0-osx-x86_64 --backend_addr=localhost:50051 --run_tls_server=false
From the console logs, it looks like it is trying to connect to dev.localdomain:50051

404 after upgrading artifactory from 6.20 to 7.6.2

I am getting 404 accesing to https://my-dmain/ui/. If I try to access to https://my-dmain/artifactory it redirects to https://my-dmain/ui/ with 404. No log errors, only one warning:
2020-07-10T08:06:04.535L [35m[tomct][0m [WARNING] [ ]
[org.apache.catalina.startup.HostConfig]
[org.apache.catalina.startup.HostConfig deployDescriptor] - A docBase
[/opt/jfrog/artifactory/app/artifactory/tomcat/webapps/artifactory.war]
inside the host appBase has been specified, and will be ignored
2020-07-10T08:06:04.540L [35m[tomct][0m [WARNING] [ ]
[org.apache.catalina.startup.HostConfig]
[org.apache.catalina.startup.HostConfig deployDescriptor] - A docBase
[/opt/jfrog/artifactory/app/artifactory/tomcat/webapps/access.war]
inside the host appBase has been specified, and will be ignored
Just to confirm it, can you try to access the Artifactory using the server IP and port, like HTTP://1.2.3.4:8082? If you are able to access the Artifactory UI using the server IP and Port, I believe you need to tweak the reverse proxy being used.
Your problem is that with Artifactory 7.x the reverse proxy configuration is different. In this KB article you can find a working NGINX configuration.
One easy way to generate such configuration is to bypass your reverse proxy and go to Artifactory directly, there in the UI you will be able to log in, head to HTTP settings, and generate a new Apache or NGINX config.

Traefik as a simple Http Reverse Proxy not working

I am using Traefik as HTTP reverse proxy. I have two servers created using spring boot. Both servers are working properly on port 8081 and 8082
Traefik web UI is visible in port 8080.
What I wanted is to redirect http://localhost:7070/ to http://localhost:8081/ or http://localhost:8082/
traefik.toml config file
loglevel="INFO"
defaultEntryPoints = ["http"]
[entryPoints]
[entryPoints.http]
address = ":7070"
[file]
[frontends]
[frontends.frontend1]
backend = "backend1"
[frontends.frontend1.routes.test_1]
rule = "Host: localhost"
[backends]
[backends.backend1]
[backends.backend1.LoadBalancer]
method = "drr"
[backends.backend1.healthcheck]
path = "/app/health"
interval = "60s"
[backends.backend1.servers.server1]
url = "http://127.0.0.1:8081"
weight = 1
[backends.backend1.servers.server2]
url = "http://127.0.0.1:8082"
weight = 1
[api]
[ping]
[docker]
console output
INFO[2018-03-20T18:38:58+05:30] Using TOML configuration file
/home/kasun/apps/temp/traefik.toml
INFO[2018-03-20T18:38:58+05:30] Traefik version v1.5.4 built on 2018-
03-15_01:33:52PM
INFO[2018-03-20T18:38:58+05:30]
Stats collection is disabled.
Help us improve Traefik by turning this feature on :)
More details on https://docs.traefik.io/basics/#collected-data
INFO[2018-03-20T18:38:58+05:30] Preparing server http &{Network:
Address::7070 TLS:<nil> Redirect:<nil> Auth:<nil>
WhitelistSourceRange:[] Compress:false ProxyProtocol:<nil>
ForwardedHeaders:0xc4202a4520} with readTimeout=0s writeTimeout=0s
idleTimeout=3m0s
INFO[2018-03-20T18:38:58+05:30] Preparing server traefik &{Network:
Address::8080 TLS:<nil> Redirect:<nil> Auth:<nil>
WhitelistSourceRange:[] Compress:false ProxyProtocol:<nil>
ForwardedHeaders:0xc4202a4540} with readTimeout=0s writeTimeout=0s
idleTimeout=3m0s
INFO[2018-03-20T18:38:58+05:30] Starting server on :7070
INFO[2018-03-20T18:38:58+05:30] Starting provider *docker.Provider
{"Watch":true,"Filename":"","Constraints":null,"Trace":false,
"DebugLogGen
eratedTemplate":false,"Endpoint":
"unix:///var/run/docker.sock","Domain":"","TLS":null,
"ExposedByDefault":true,"UseBindPortIP":false,"SwarmMode":false}
INFO[2018-03-20T18:38:58+05:30] Starting server on :8080
INFO[2018-03-20T18:38:58+05:30] Starting provider *file.Provider
{"Watch":true,"Filename":"/home/kasun/apps/temp/traefik.toml",
"Constraints":null,"Trace":false,"DebugLogGeneratedTemplate":false,
"Directory":""}
INFO[2018-03-20T18:38:58+05:30] Server configuration reloaded on :7070
INFO[2018-03-20T18:38:58+05:30] Server configuration reloaded on :8080
INFO[2018-03-20T18:38:58+05:30] Server configuration reloaded on :7070
INFO[2018-03-20T18:38:58+05:30] Server configuration reloaded on :8080
WARN[2018-03-20T18:38:58+05:30] HealthCheck has failed
[http://127.0.0.1:8081]: Remove from server list
WARN[2018-03-20T18:38:58+05:30] HealthCheck has failed
[http://127.0.0.1:8082]: Remove from server list
WARN[2018-03-20T18:38:58+05:30] HealthCheck has failed
[http://127.0.0.1:8082]: Remove from server list
WARN[2018-03-20T18:38:58+05:30] HealthCheck has failed
[http://127.0.0.1:8081]: Remove from server list
When I load http://localhost:7070/ from the browser it gives
Service Unavailable
when I go to Traefik health dashboard it displays
Can anybody tell me what I am doing wrong here? I went through a few articles but unable to find the correct answer.
I suppose your are running Træfik in a container.
127.0.0.1 -> localhost inside the container, not in your local machine.

http: TLS handshake error from $ip:$port remote error: bad certificate

I am having k8s cluster on centos7.2 with 1 master and 2 slaves. The cluster is working fine as far as it is serving on port 8080 but when I tries to secure Kube-API server by using certificates, I felt into the above error after restarting the kube-apiserver service and it is continuously writing this error in my log file at /var/log/messages.
kube-apiserver is started as-
KUBE_API_ADDRESS="--bind-address=0.0.0.0"
KUBE_API_PORT="--secure-port=6443"
KUBELET_PORT="--kubelet-port=10250"
KUBE_ETCD_SERVERS="--etcd-servers=http://kube-master:2379"
KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16"
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota"
KUBE_ALLOW_PRIV="--allow-privileged=true"
KUBE_API_TLS_CERT_FILE="--tls-cert-file=/home/abc/server.cert"
KUBE_API_TLS_PRIVATE_KEY_FILE="--tls-private-key- file=/home/abc/server.key"
KUBE_API_TOKEN_AUTH_FILE="--token-auth-file=/home/abc/token.csv" </br>
I am accessing API server using kubectl command as
kubectl --v=4 --server="https://$ip:6443" --certificate-authority="./ca.crt" --token="abcdTOKEN1234" get nodes
After that I am getting following error-
2930 helpers.go:153] Connection error: Get https://$ip:6443/api: x509: certificate signed by unknown authority
2930 helpers.go:96] Unable to connect to the server: x509: certificate signed by unknown authority
I performed same steps on ubuntu 14.04 and are working fine. I am not able to figure out where exactly I'm missing. Can anyone knows where I am wrong ? Thanks in advance.

Resources