System:
Maxscale 2.5.9
Ubuntu 20.04
In order to access the Web AdminGUI my maxsclale.cnf file looks like this:
[maxscale]
threads=auto
admin_host=0.0.0.0
admin_secure_gui=1
admin_auth=1
admin_enabled=1
admin_gui=1
admin_ssl_key=/etc/ssl/certs/maxscale-key.pem
admin_ssl_cert=/etc/ssl/certs/maxscale-cert.pem
admin_ssl_ca_cert=/etc/ssl/certs/ca-certificates.crt
[...all other configuration..]
With this configuration I can access the Web-AdminGUI on port 8989 from the internal ip address (not 127.0.0.1) by browser.
The SSL key/certs are self-signed .
BUT
When using the command line like:
maxctrl list servers
I get the following error:
Error: Error: socket hang up
When I remove or comment out the lines with the admin_ssl_XXX parameters and restart maxscale, command line works again, but of course the Web-AdminGUI does not.
I tried with various SSL certificate creations (also the one that is listed on the mariadb.com-Website
https://mariadb.com/docs/security/encryption/in-transit/create-self-signed-certificates-keys-openssl/#create-self-signed-certificates-keys-openssl),
the issue remains.
No errors in the maxscale.log whatsoever.
What is the best way to debug this issue?
Or do you have by any chance the right answer at hand?
YOUR help is greatly appreciated!
BR. Martin
You should use maxctrl --secure to encrypt the connections used by it.
Since you are using self-signed certificates, you have to also specify the CA certificate with --tls-ca-cert=/etc/ssl/certs/ca-certificates.crt if it's not installed in the system certificate store.
In addition, you probably need to use --tls-verify-server-cert=false to disable any warnings about self-signed certificates.
One of the sites I manage started having a problem recently where if you try to access it via chrome (and apperently opera, and new edge) I get the ERR_SSL_PROTOCOL_ERROR error page. And unfortunantly there is not further information I have been able to find about what the underlying error actually is.
All of the suggestions elsewhere list things wrong on the client side except server clock skew - which existed but was fixed with no effect on the error.
running echo | openssl s_client -servername <site_url> -connect <site_url>:443 on mac gives a successful tlsv1.2 response.
running https https://<site_url> gives a successful HTTP response.
The site works in IE11, Firefox, Edge (old) as well as with openssl commandline.
The site is wordpress running on Ubuntu 14.04 (openssl version 1.0.1f) with PHP 5.6 and nginx 1.6.2
As I said above - I have already corrected the ~3 minute clock skew on the server that could cause ssl failure.
Any help is appreciated.
--Update--
I get the following protocol vulnuablities when checking on SSLLab
SSL labs protocol section
I'm attempting to enable SSL on hiveserver2.
I can run in the default binary mode fine. http mode works no problem. As soon as I enable SSL through hive-site.xml, i'm faced with the following error.
ERROR [Thread-28] thrift.ThriftCLIService: Error starting HiveServer2: could not start ThriftHttpCLIService
java.net.BindException: Address already in use
There is nothing using any of the ports, prior to starting hiveserver2. Checked with netstat -tupln
Ports i've configured in hive-site.xml are
hive.server2.webui.port 11002
hive.server2.thrift.http.port 11001
hive.server2.thrift.port 11000
and invoking hiveserver2 via the service /opt/hive/bin/hive --service hiveserver2 &
O/S ubuntu (on kubernetes)
Hive version 3.0.0
Any help greatly appreciate. Google search for problems with ThriftHTTPCliService came up short.
For anyone that come across this post.
I upgraded to Hive 3.1.0, along with the metastore schema.
This fixed the issue, although unsure as to the underlying cause.
My institute recently installed a new proxy server for our network. I am trying to configure my Cygwin environment to be able to run wget and download data from a remote repository.
Browsing the internet I have found two different solutions to my problem, but no one of them seem to work in my case.
The first one I tried was to follow these instructions, so in Cygwin:
cd /cygdrive/c/cygwin64/etc/
nano wgetrc
at the end of the file, I added:
use_proxy = on
http_proxy=http://username:password#my.proxy.ip:my.port/
https_proxy=https://username:password#my.proxy.ip:my.port/
ftp_proxy=http://username:password#my.proxy.ip:my.port/
(of course, using my user and password)
The second approach was what was suggested by this SO post, so in my Cygwin environment:
export http_proxy=http://username:password#my.proxy.ip:my.port/
export https_proxy=https://username:password#my.proxy.ip:my.port/
export ftp_proxy=http://username:password#my.proxy.ip:my.port/
in both cases, if I try to test my wget, I get the following:
$ wget http://www.google.com
--2020-01-30 12:12:22-- http://www.google.com/
Resolving my.proxy.ip (my.proxy.ip)... 10.1XX.XXX.XX
Connecting to my.proxy.ip (my.proxy.ip)|10.1XX.XXX.XX|:8XXX... connected.
Proxy request sent, awaiting response... 407 Proxy Authentication Required
2020-01-30 12:12:22 ERROR 407: Proxy Authentication Required.
It looks like if my user and password are not ok, but I actually checked them on my browsers and my credentials work just fine.
Any idea on what this could be due to?
This problem was solved thanks to the suggestion of a User of the community AskUbuntu.
Basically, instead of editing the global configuration file wgetrc, I should have created a new .wgetrc with my proxy configuration in my Cygwin home directory.
In summary:
Step 1 - Create a .wgetrc file;
nano ~/.wgetrc
Step 2 - record in this file the proxy info:
use_proxy=on
http_proxy=http://my.proxy.ip:my.port
https_proxy=https://my.proxy.ip:my.port
ftp_proxy=http://my.proxy.ip:my.port
proxy_user=username
proxy_password=password
When trying to run the Flex Builder 3 profiler on any I don't get the profiler dialog window and then after a few seconds I get "Socket timeout" in the console window. Any ideas why it can't connect?
I've got the latest debug version of Flash player and have tried shutting off my firewall.
I'm running it on XP from the local drive, ie. not through localhost.
Thanks,
Alex
It looks like the browser (Firefox in my case) has to be shutdown before the profiler is started. Step 1. in the livedocs even says this -- wish I had read it earlier. :)
http://livedocs.adobe.com/flex/3/html/help.html?content=profiler_3.html
Make sure that your firewall does not block port 9999, you can customize the port number too: Open Preferences->Flex->Profiler->Connections.
Check /etc/hosts (C:\Windows\System32\drivers\etc\hosts), and see if it contains a line:
127.0.0.1 localhost
In my case, it was somehow changed to ::1 localhost, and that's why it stopped working.
Thanks to Ziv for the (poorly formatted) answer.
While I try to run my Flex Profiler I got this error message:
In the flash application I got the following exception:
Error #2044: Unhandled securityError:. text=Error #2048: Security sandbox violation:
file:///C|%2Fwork%2Flabsense%2Fbranches%2Frel%5F1%5F2%5F5%5FEA%2Fsources%2Fui%2F.metadata%2F.plugins%2Fcom.adobe.flash.profiler%2FProfilerAgent.swf?host=localhost&port=9999
cannot load data from localhost:9999.
at ProfilerAgent()[C:\SVN\branches\3.2.0\modules\profiler3\as\ProfilerAgent.as:127]
And in the flex Profiler console (at the eclipse) I got : Socket timeout.
I am run on windows vista,
Flex builder: 3.2
Flash debugger: 10,0,22,87
Things that I have done to resolve this issue:
Switch the connection port of the profiler to 9998 (and back)
Remove and reinstall the flash debugger player.
Install flex builder 3.2 (instead of 3.0)
Delete all the enters in the mm.cfg file
Add enter to the mm.cfg:
PreloadSwf=C:\work\labsense\Sources\ui\.metadata\.plugins\com.adobe.flash.profiler\ProfilerAgent.swf?host=localhost&port=9999
or
PreloadSwf=C:\work\labsense\Sources\ui\.metadata\.plugins\com.adobe.flash.profiler\ProfilerAgent.swf?host=localhost&port=9998
or
PreloadSwf=C:/work/labsense/Sources/ui/.metadata/.plugins/com.adobe.flash.profiler/ProfilerAgent.swf?host=localhost&port=9999
or with spaces:
PreloadSwf=C: \ work \ labsense \ Sources \ ui \ .metadata \ .plugins \ com.adobe.flash.profiler \ ProfilerAgent.swf?host=localhost&port=9999
or
C:\work\labsense\Sources\ui\.metadata\.plugins\com.adobe.flash.profiler\ProfilerAgent.swf?
or add all or some of the enters:
TraceOutputFileName=C:\Users\zivo\AppData\Roaming\Macromedia\Flash Player\Logs\flashlog.txt
ErrorReportingEnable=1
MaxWarnings=0
TraceOutputFileEnable=1
ProfilingFileOutputEnable=1
Turn on and off the vista firewall
Add exception for port 9999 in the vista firewall
Try to run the profiler SWF separately
Same result.
Try one last thing:
Because I have expreins problem little bit similar before with the flash debugger, the resolution then was:
Right click on flash player (debugger),
choose “Debugger”,
choose “other machine”
add “127.0.0.1”
click ok
then, it solve the issue (but apparently he connect to the debugger with host 127.0.0.1 instead of localhost (which is a same)
I now add to the mm.cfg file, the follow entry:
PreloadSwf=C:/work/labsense/branches/rel_1_2_5_EA/sources/ui/.metadata/.plugins/com.adobe.flash.profiler/ProfilerAgent.swf?host=127.0.0.1&port=9999
Then, after saving, I run the profiler, and its work!!
And the reasons for all this was:
Some program change the file C:\Windows\System32\drivers\etc\hosts to:
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
::1 localhost
127.0.0.1 iDBO # LMS GENERATED LINE
This means that localhost is not lead to 127.0.0.1!!!
Fixing is easy:
# ::1 localhost
# 127.0.0.1 iDBO # LMS GENERATED LINE
127.0.0.1 localhost
Instead (remark the problem and fix the problem
After trying all the other suggestions here, this post on Adobe's forum clued me in.
Adobe forum
When the Flash debug player launches, it looks for mm.cfg in %HOMEDRIVE%%HOMEPATH%. On this particular computer that path is not my home directory on C: but on the file server mapped to I:. So once I created I:\mm.cfg with the contents
PreloadSwf=C:\Users\ehedstrom\Documents\FLEXBU~1\.metadata\.plugins\com.adobe.flash.profiler\ProfilerAgent.swf?host=localhost&port=9999
everything magically started working!
Browser tabs, make sure you have latest debug as you said you did, also make sure that the port is correct, for some reason the port sometimes changes(1001 or 20957) from the default 9999, be sure that your mm.cfg has ProfilingFileOutputEnable=1 and that bittorrent isn't on.
hth