I enabled 'admin port' on weblogic and configured Two-Way SSL to 'Client Certs Requested And Enforced' and now I can't have access to weblogic console through admin port, I wanna use normal port by 7001 but I can't:
Console/Management requests or requests with specified to 'true' can only be made through an administration channel
How can I disable admin port through WLST or config file?
Easily you should change one property on config file
find config.xml file on DOMAIN-HOME\config directory
find this node and change the value to 'false'
<administration-port-enabled>true</administration-port-enabled>
Enjoy browsing weblogic console!
Related
I am currently running a service with systemctl, and it is running as an http proxy, not normal http. Is this something that Google does? I am using port 8080 and I can't connect to it via http. My daemon is using port 8080, while using the type http-proxy (I am seeing this with the command nmap -sV -sC -p 8080 35.208.25.61 -vvvv -Pn). Instead, I want the daemon I'm running (wings.service) to use http, so it can use that type of connection to connect to my panel.
The panel is part of a piece of software along with the daemon, it's called pterodactyl. Anyways, I have tried everything on what to do, and I think this problem that I am addressing is the problem that causes dysfunction on my panel. I might just have to move to a different service to host my bots for discord.
Let me know if there's anything I can do to fix this.
As per I can understand you are unable to access the panel via web URL.
Pterodactyl web server can be installed using NGINX or Apache web servers, and both web servers by default listed on port 80 based on Pterodactyl web server installation guide, so you must enable HTTP port 80 traffic on your Compute Engine VM instance
The default firewall rules on GCP do not allow HTTP or HTTPS connections to your instances. However, it is fairly simple to add a rule that does allow them following this steps:
1.-Go to the VM instances page.
2.- Click the name of the desired instance.
3.- Click Edit button at the top of the page.
4.- Scroll down to the Firewalls section.
5.- Check the Allow HTTP or Allow HTTPS options under your desired VPC network.
6.- Click Save.
Note: The Pterodactyl panel and Daemon installation are not the same for each operating system, if after checking the VPC firewall rules on the VM settings and also the status of the web server in the instance (NGINX or Apache) you still cannot access your panel, please provide a step by step list with all commands you followed to complete the installation, including the OS version you used.
When I configure API Manager instead of localhost I use the IP address of the server, it does not show text or icons of the admin module, but on the local server it does show.
I modified the value of lcalhost in the depoyment file to the server's ip.
When I access the module https://192.168.1.5:9443/admin from an external client, it shows the following error in the browser debug.
Access extern
Debug browser
When I log in from a browser on the same server where the API manager is installed, I have no problems.
Access in browser from same server of API Manager
I'm currently building a system where users can list Word and Excel files in an ASP.net webapp and click on files to edit which will open them up in Office from an IIS WebDAV server and allow the users to edit the files.
I have all of this working with Windows Authentication enabled and using the server's hostname to address the file on the WebDAV server:
ms-word:ofe|u|http://hostname/webdav/myfile.docx
However the client has a subdomain (resolved by internal dns on their network) and ssl cert they want to use for the site. When I address the file with this domain name:
ms-word:ofe|u|https://portal.domainname.com/webdav/myfile.docx
I get a windows authentication prompt when opening it in Word that will not accept my domain credentials.
If I switch the WebDAV server to Basic Authentication and set the domain Word will prompt for authentication and will accept my domain credentials, but it will prompt on every file I open.
Is there a way to address the file using this internal subdomain name that will open the files without prompting the user for authentication?
This will only be accessible on their internal network so I'm open to considering any authentication scheme that would achieve this goal.
Because of security reasons the client will not send credentials to hosts that are not recognized as local intranet.
When using a (sub)domain instead of a hostname every client has to add the (sub)domain to it's intranet zone:
Internet options > security > Local intranet > Websites > Advanced > Add.
This can also be done by using a Group Policy or setting a registry key.
HKEY_CURRENT_USER\software\microsoft\windows\current version\internet settings\zonemap\domains\[domain]\[subdomain (optional)]
DWORD name: http of https value: 1
Recently, I configured a Nexus repo on a corporate server at https://mycorporateserver.corporation.com/nexus/.
The way "its always been done" is to put our "apps" on the server and use apache httpd to serve the pages and manage access using ldap.
Nexus is configured for anonymous access, https, localhost only (all works fine). Then, we used Apache httpd to serve that Nexus page/URI to others using proxypass and reverseproxypass (per instructions in sonatype's documentation).
The catch is that the httpd configuration requires ldap. So, if I hit the given Nexus URI from a web browser, the browser asks for my corporate login. I log in with my user name and password and can view the repository as an anonymous user just fine.
I did not configure Nexus for ldap, Nexus provided me read-only anonymous access combined with the ability to log in as an admin from the login menu.
Great. The problem (not surprising) is when Eclipse/M2E tries to contact the Nexus repository I get:
"could not transfer artifact 'myartifact' from/to nexus (https://mycorporateserver.corporation.com/nexus/): handshake alert."
In my settings.xml, I included
<servers>
<server>
<id>tried many different versions of the server name including full URI</id>
<username>username</username>
<password>password</password>
<server/>
<servers/>
but that doesn't seem to work - which I think makes sense since I'm not trying to login to Nexus but rather supply my credentials to ldap.(?)
In M2E/Eclipse, is there a way to provide the needed LDAP information?
Is it better to not let httpd manage access but configure Nexus to handle everything LDAP? Is there a better/different way to configure Nexus/httpd/LDAP/Eclipse to solve the problem?
Thanks for all pointers and guidance!
"could not transfer artifact 'myartifact' from/to nexus
(https://mycorporateserver.corporation.com/nexus/): handshake alert."
That's an SSL handshake problem, the Java running Eclipse does not consider the certificate installed on Nexus to be valid. This is almost certainly because either:
The certificate is self signed.
The certificate has been signed by a
private certificate signing authority which is not in the truststore
of the Java running Eclipse.
Either way the workaround is to install the certificate on Nexus into the trust store of the java running Nexus.
See here for more information:
https://support.sonatype.com/hc/en-us/articles/213464948-How-to-trust-the-SSL-certificate-issued-by-the-HTTP-proxy-server-in-Nexus
Ultimately, as I understand it, it was a mismatch between how the VirtualHost and ServerName were defined in the apache httpd configuration.
https://mycorporateserver.corporation.com/nexus/ was the ServerName but the VirtualHost was defined with the ip and port https://mycorporateserver.corporation.com:port.
Original
<VirtualHost ip:port>
ServerName mycorporateserver.corporation.com/nexus/
...ldap and proxy pass configs
</VirtualHost>
Since we have more than one virtual host containing this ip and port combination, the server looked further into the configuration to find the proper page by reading the ServerName. Since no ServerNames matched what the clients sent, the handshake error occurred.
https://httpd.apache.org/docs/current/vhosts/name-based.html
Changing ServerName in the httpd conf to include the port solved the handshake error.
Final
<VirtualHost ip:port>
ServerName mycorporateserver.corporation.com:port/nexus/
...ldap and proxy pass configs
</VirtualHost>
(I'm by no means an apache httpd expert, still want to find out if there is a way to do all this without showing the port in the URL)
Then, when sending a request from Eclipse/M2E to the server, the response was "Unauthorized"
Adding the nexus server plus username and password to settings.xml solved the authorization problem and all worked great!
<servers>
<server>
<id>nexus</id>
<username>username</username>
<password>password</password>
<server>
</servers>
To ensure passwords were not stored in plain text, instructions at this Maven site were used to create encrypted passwords: https://maven.apache.org/guides/mini/guide-encryption.html
In hindsight, the question probably could have been asked better/differently but I didn't yet know what I learned today.
A local website is set up on a server.
The website test.skien.kommune.no is mapped to 127.0.0.1
The site is configured in IIS and I have added a binding.
Everything worked for a week, but today I suddenly got this error message:
The following error was encountered while trying to retrieve the URL: http://test.skien.kommune.no/
Unable to determine IP address from host name "test.skien.kommune.no"
The DNS server returned:
Name Error: The domain name does not exist.
This means that the cache was not able to resolve the hostname presented in the URL. Check if the address is correct.
Your cache administrator is webmaster.
The hosts-file is configured '127.0.0.1 test.skien.kommune.no'
Why doesn't it use the local dns-mapping in the host-file?
I found that the proxy settings were my problem.
In Windows "Control Panel" open "Internet Options" and go to the "Connections" tab. Click the "LAN settings" button.
If "Use a proxy server" is ticked, this may be your problem too. If there are periods in the local host domain, the proxy kicks in and treats the URL as a fully qualified domain name (which it won't be able to find).
To exclude it, click on "Advanced" and add it to the "Do not use proxy..." list.
Check for any VPN. if you have enabled any VPN in chrome then disable it.
Quoting #leo est omnia's answer, it might be possible that your browser would be treating your virtual host as a fully qualified domain when proxy server is ticked.
Adding to the answer,you also have these settings for the browser you are using, like for "Chrome":
settings => advanced settings => network => change proxy settings => connections => lan settings => uncheck use proxy server.
Also, if you have done some changes in your "httpd.conf" file, if you have given "\" backslash for directory path for the default path for your local apache files, use "/" forward slash instead, apache reads it the linux type.
This is the whole story
You should not use a proxy
Your proxy may have occurred through a browser extension, or you may have saved something in the system settings