| ansible-playbook: command not found when running bash with cron Posted: 09 Oct 2021 09:54 PM PDT Running on ubuntu18, have a bash job to collect data from a router using ansible. Here is the bash script #!/bin/bash cd ~/datacollect ansible-playbook -i /home/user/datacollect/hosts /home/user/datacollect/datacollect.yml
If I run the bash job from ubuntu console, there is no issue. Since we need to collect data every 5 minutes, I created a cron job for it. * * * * * /home/user/datacollect/call.sh
The data was not saved to the output file, at the beginning, I thought something stopped the cron job to run, then I found the information from /var/mail/user Subject: Cron <user@host> /home/user/datacollect/call.sh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Cron-Env: <SHELL=/bin/sh> X-Cron-Env: <HOME=/home/user> X-Cron-Env: <PATH=/usr/bin:/bin> X-Cron-Env: <LOGNAME=user> Message-Id: <20211008092301.EB6B8262437@host> Date: Fri, 8 Oct 2021 20:23:01 +1100 (AEDT) /home/user/datacollect/call.sh: line 3: ansible-playbook: command not found
It may be related to path environment setup as below, but I am not sure how to check and modify and not sure if it is the root cause. -bash: ansible-playbook: command not found  |
| iftop - total send rate not matching with sum of individual Posted: 09 Oct 2021 09:53 PM PDT In my iftop output, the total send rate (40s) is shown to the tune of 600KB/s but when I total the send entries only for same 40s for even 500 entries they sum up to merely 100KB.. Any idea why the total may not be correlating.. Any other tool i can use to correlate the network traffic. My objective is to understand the root cause of this high network traffic number. By the way, 600KB/s is matching with what GCP is also showing and billing me for it. So total looks fine but why individual entries are not totaling up to it  |
| Issue with WP Cron does not appear to be working correctly - Wordpress Posted: 09 Oct 2021 09:33 PM PDT The wordpress site has been showing the message "Problem with WP Cron does not appear to be working correctly". We have tried a lot of things, but nothing. This problem appeared from nowhere. We have disabled possible cron jobs that would interfere with wordpress, we have tried erasing 'cron' from the database... but nothing  |
| Custom route protection with Nginx reverse proxy Posted: 09 Oct 2021 09:09 PM PDT I have a few docker containers running behind an nginx reverse proxy with mutual TLS. One of these containers would be something like the postgresql login UI. I was hoping to have some middleware or http interceptor that when hitting mydomain.com/login, I could intercept the headers and verify things like the email on the cert, the subject, etc. before forwarding off to the original request to either terminate the request early or allow it to continue. Traditionally, I could simply just have a proxy_pass point directly to the ip/port of postgres, but how would I want to satisfy this in this case?  |
| Phpmyadmin not loading when using cloudflare argo tunnel Posted: 09 Oct 2021 08:54 PM PDT |
| "cgps -s" is not returning result on Ubuntu 20.04.3 LTS (GNU/Linux 5.4.0-86-generic x86_64) Posted: 09 Oct 2021 08:19 PM PDT |
| Adding backup payment method from second account in GCP Posted: 09 Oct 2021 08:12 PM PDT I can not add backup payment method from another account which has owner privileges. Getting this error I went to Billing->Payment Setting->Payment Users, but could not add another payment user. I saw only organization account can have multiple payment users. I have a card for payment method which is not working and someone else needs to add another card for primary/backup payment method. How can I solve this problem? Another account with owner permission is not able to add backup payment method.  |
| Downgrade Google Identity Platform back to Firebase Authentication Posted: 09 Oct 2021 06:10 PM PDT We used Firebase Authentication and were happy about it. Then I clicked the "migrate to Identity Platform" button — but that was a mistake. We don't use any of the advantages but end up paying the fees. How can I downgrade it back to Firebase Authentication? I found that we can disable Identity Toolkit API — but won't it remove all the user records (which is definitely not an option)? Thanks.  |
| Mutual TLS nginx, restricting certain users/groups? Posted: 09 Oct 2021 05:42 PM PDT I have a route that is restricted using client certs signed by my CA in Nginx. It's working well, but allows anyone with a cert than I sign to enter. Is it possible to restrict based on users/groups/roles instead, maybe from a header or something? Currently, I have something basic: location / { if ($ssl_client_verify != SUCCESS) { return 403; }
 |
| Use the same environment variable for HOSTNAME and identifying the web request server used Posted: 09 Oct 2021 04:08 PM PDT Our environment has servers named like so: prod-app-01prod-app-02test-app-01test-app-02 I've used sudo hostnamectl set-hostname test-app-02 on each server (changing the name appropriately each time) to set the name that appears in the terminal. Now I'd like to use the same name in Apache to identify which server fulfilled the web request by looking in the HTTP headers. Inside the Apache /etc/apache2/sites-enabled/000-default.conf file I've put: Header set X-Server: test-app-02
However, this requires me to make the same change in two places every time. Our machines are cloned, so retain the settings from one to the next. I'd like to be able to only use sudo hostnamectl set-hostname test-app-02 and have that change reflected in Apache too (after a restart probably), however, it seems that Apache has no access to that information. I tried setting HOSTNAME as an environment variable but I was unsuccessful at getting Apache to use it (Header set X-Server: "%{env:HOSTNAME}", Header set X-Server: "%{HOSTNAME}e", etc.), getting either X-Server: or X-Server: (null) in the headers each time. It also seems that other functions such as hostname (which is available on the terminal) are unavailable in Apache .conf files. Is there any way to make this change in only one place and have it reflected in both places?  |
| GCP container registry suddenly isn't allowing access from anywhere Posted: 09 Oct 2021 06:10 PM PDT I have a project on GCP and I use the container registry to host our Docker images. Everything was working find until suddenly all service accounts are getting access denied when trying to push/pull images from the registry. I tried accessing it from the web interface and I'm still getting an error saying that I don't have enough permissions even though I'm the organization owner. Even when I tried to list the images using gcloud I faced the same problem. gcloud container images list ERROR: (gcloud.container.images.list) Access denied: gcr.io/  |
| Web browser can resolve domain name from internal DNS Posted: 09 Oct 2021 03:15 PM PDT Coming here from my post on stackoverflow. I have a webserver hosted on my company's VPN with a domain name, company.domain, registered in a private DNS hosted on the same VPN. When I connect to the VPN and configure the DNS settings on my Windows 10 work pc I am still not able to connect to the webserver because my browser wont use the configured DNS and therefore cant resolve the domain name. When I try to resolve the IP with nslookup I get the following result: nslookup company.domain Server: UnKnown Address: fe80::1 *** UnKnown can't find company.domain: Non-existent domain
However, if I disable IPv6, as SaschaM78 mentioned in his response to a similiar post, nslookup is able to resolve the IP but my browser displays an error message stating "company.domain didn't send any data". Looking at Wireshark, I cant see any DNS requests while IPv6 is enabled but once disabled I can see packets being sent to the configured private DNS including the queries from my browser. Public internet domains are resolved without any issue but not company.domain pointing to the private IP of the webserver. If i check the box "Validate settings upon exit" while configuring the IPv4 DNS settings the Windows troubleshooter is run but prompts that it "could't identify the problem" I have tried different browsers; Brave, Firefox and IE but the issue persists. I have tried reinitializing some network settings mentioned by Tim Penner and I have checked everything mentioned by Mathew1471 in their response to similiar questions. If I configure my other machine running Ubuntu by adding the DNS as an entry in resolv.conf everything works fine so the issue is obviously related to Windows 10. I gave up on trying to resolve this issue and figured it would be easier to simply run a local DNS proxy with a rule that maps the domain name to the IP of the webserver. I have tried both Acrylic and DNSAgent but neither seem to work unless I configure both IPv4 and IPv6 DNS to localhost which, from my previous post, does not seem to be possible to do programmatically. Any help would be highly appreciated!  |
| SMTP authentication issues with Postfix Dovecot Posted: 09 Oct 2021 08:18 PM PDT I had bought a domain example.com and a VPS, and I used iRedMail to set up a mailserver. Not wanting iRedMail to mess up with my Nginx, I decided to install Nginx and Roundcube by myself. However, it says the SMTP server doesn't support auth. SMTP is all right. [02-Oct-2021 23:40:16 +0000]: <5gl20r7b> PHP Error: SMTP server does not support authentication (POST /?_task=mail&_unlock=loading1633218016462&_framed=1&_action=send) [02-Oct-2021 23:40:16 +0000]: <5gl20r7b> SMTP Error: Authentication failure: in /var/www/mail/program/lib/Roundcube/rcube.php on line 1702 (POST /?_task=mail&_unlock=loading1633218016462&_framed=1&_action=send)
And postconf -n output. root@mail:~# postconf -n alias_database = hash:/etc/postfix/aliases alias_maps = hash:/etc/postfix/aliases allow_min_user = no allow_percent_hack = no biff = no body_checks = pcre:/etc/postfix/body_checks.pcre command_directory = /usr/sbin compatibility_level = 2 content_filter = smtp-amavis:[127.0.0.1]:10024 daemon_directory = /usr/lib/postfix/sbin data_directory = /var/lib/postfix debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 disable_vrfy_command = yes dovecot_destination_recipient_limit = 1 enable_long_queue_ids = yes enable_original_recipient = no header_checks = pcre:/etc/postfix/header_checks inet_interfaces = all inet_protocols = all lmtp_tls_mandatory_protocols = !SSLv2 !SSLv3 lmtp_tls_protocols = !SSLv2 !SSLv3 mail_owner = postfix mailq_path = /usr/bin/mailq message_size_limit = 15728640 mlmmj_destination_recipient_limit = 1 mydestination = $myhostname, localhost, localhost.localdomain mydomain = example.com myhostname = example.com mynetworks = 127.0.0.1 [::1] myorigin = example.com newaliases_path = /usr/bin/newaliases postscreen_access_list = permit_mynetworks cidr:/etc/postfix/postscreen_access.cidr postscreen_blacklist_action = drop postscreen_dnsbl_action = drop postscreen_dnsbl_reply_map = texthash:/etc/postfix/postscreen_dnsbl_reply postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.[2..11]*3 b.barracudacentral.org=127.0.0.2*2 postscreen_dnsbl_threshold = 2 postscreen_dnsbl_whitelist_threshold = -2 postscreen_greet_action = drop proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions $sender_dependent_relayhost_maps queue_directory = /var/spool/postfix recipient_bcc_maps = proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_user.cf proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_domain.cf recipient_delimiter = + relay_domains = $mydestination proxy:mysql:/etc/postfix/mysql/relay_domains.cf sender_bcc_maps = proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_user.cf proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_domain.cf sender_dependent_relayhost_maps = proxy:mysql:/etc/postfix/mysql/sender_dependent_relayhost_maps.cf sendmail_path = /usr/sbin/sendmail setgid_group = postdrop show_user_unknown_table_name = no smtp-amavis_destination_recipient_limit = 1 smtp_tls_CAfile = $smtpd_tls_CAfile smtp_tls_CApath = /etc/ssl/certs smtp_tls_loglevel = 1 smtp_tls_mandatory_protocols = !SSLv2 !SSLv3 smtp_tls_note_starttls_offer = yes smtp_tls_protocols = !SSLv2 !SSLv3 smtp_tls_security_level = may smtpd_command_filter = pcre:/etc/postfix/command_filter.pcre smtpd_data_restrictions = reject_unauth_pipelining smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:7777 smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks permit_sasl_authenticated check_helo_access pcre:/etc/postfix/helo_access.pcre reject_non_fqdn_helo_hostname reject_unknown_helo_hostname smtpd_recipient_restrictions = reject_non_fqdn_recipient reject_unlisted_recipient check_policy_service inet:127.0.0.1:7777 permit_mynetworks permit_sasl_authenticated reject_unauth_destination check_policy_service inet:127.0.0.1:12340 smtpd_reject_unlisted_recipient = yes smtpd_reject_unlisted_sender = yes smtpd_sasl_path = private/dovecot-auth smtpd_sasl_type = dovecot smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql/sender_login_maps.cf smtpd_sender_restrictions = reject_non_fqdn_sender reject_unlisted_sender permit_mynetworks permit_sasl_authenticated check_sender_access pcre:/etc/postfix/sender_access.pcre reject_unknown_sender_domain smtpd_tls_CAfile = /etc/ssl/certs/iRedMail.crt smtpd_tls_CApath = /etc/ssl/certs smtpd_tls_cert_file = /etc/ssl/certs/iRedMail.crt smtpd_tls_dh1024_param_file = /etc/ssl/dh2048_param.pem smtpd_tls_dh512_param_file = /etc/ssl/dh512_param.pem smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA smtpd_tls_key_file = /etc/ssl/private/iRedMail.key smtpd_tls_loglevel = 1 smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3 smtpd_tls_protocols = !SSLv2 !SSLv3 smtpd_tls_security_level = may swap_bangpath = no tls_random_source = dev:/dev/urandom transport_maps = proxy:mysql:/etc/postfix/mysql/transport_maps_user.cf proxy:mysql:/etc/postfix/mysql/transport_maps_maillist.cf proxy:mysql:/etc/postfix/mysql/transport_maps_domain.cf unknown_local_recipient_reject_code = 550 virtual_alias_domains = virtual_alias_maps = proxy:mysql:/etc/postfix/mysql/virtual_alias_maps.cf proxy:mysql:/etc/postfix/mysql/domain_alias_maps.cf proxy:mysql:/etc/postfix/mysql/catchall_maps.cf proxy:mysql:/etc/postfix/mysql/domain_alias_catchall_maps.cf virtual_gid_maps = static:2000 virtual_mailbox_base = /var/vmail virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_domains.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf virtual_minimum_uid = 2000 virtual_transport = dovecot virtual_uid_maps = static:2000
EDIT: Following some questions, I enabled: postconf | grep smtp_sasl_auth_enable smtp_sasl_auth_enable = yes
But using openssl s_client, I got: 503 5.5.1 Error: authentication not enabled
UPDATE: After setting smtpd_sasl_auth_enable = yes I had a chance to input my password, but it says password is wrong. I am using a password manager so the password should be correct. Besides, I can use the credentials to login via imap. 535 5.7.8 Error: authentication failed: UGFzc3dvcmQ6
EDIT: On /var/log/maillog, I saw this fatal: specify a password table via the `smtp_sasl_password_maps' configuration parameter So I used postconf | grep smtp_sasl_password_maps smtp_sasl_password_maps = Maybe that's what's wrong. But it shouldn't be empty, as I used iredmail, so what should it be?  |
| IPv6 Networking with a Linux Router [closed] Posted: 09 Oct 2021 08:07 PM PDT I currently have a small office router running Voice Linux. IPv4 routing is currently working, and I appear to be getting an IPv6 address from my ISP. I have Radvd running on the router, but my other Linux and Windows machines don't appear to be getting globally scoped IPv6 addresses. My networking setup is in /etc/rc.local. I've used udev rules to name my external adapter wan0 and the internal adapter lan0. I've bridged my wired and wireless networks using brlan. # Default rc.local for void; add your custom commands here. # # This is run by runit in stage 2 before the services are executed # (see /etc/runit/2). # # US Region Wi-Fi modprobe -r iwlmvm modprobe cfg80211 ieee80211_regdom=US modprobe iwlmvm ip link set dev lan0 up brctl addbr brlan brctl addif brlan lan0 ip link set dev wlp2s0 up brctl addif brlan wlp2s0 ip addr add 10.10.10.1/24 dev brlan ip link set dev brlan up
My dhcpcd-wan service just runs dhcpcd -B wan0 and I'm getting an IPv6 from my ISP. ping6 and other IPv6 specific commands work from the router: ip -br -c a lo UNKNOWN 127.0.0.1/8 ::1/128 lan0 UP fe80::127b:44ff:fe52:7188/64 wan0 UP 73.212.<redacted>/23 fe80::33fc:53ef:5beb:4420/64 wlp2s0 UP fe80::9eb6:d0ff:fe1c:e383/64 brlan UP 10.10.10.1/24 2601:341:<redacted>::1/68 fe80::127b:44ff:fe52:7188/64 wg0 UNKNOWN 10.10.90.2/24
I was a little confused over Radvd. Most of the examples I have found use fixed/static IPv6 ranges. I've attempted to use the following: interface brlan { AdvSendAdvert on; MaxRtrAdvInterval 300; prefix ::/64 { AdvOnLink on; AdvAutonomous on; AdvRouterAddr on; }; };
Radvd is running, but nothing appears to be getting an IPv6 address. I also use dhcpd for assigning IPv4 addresses, statically configure some of them using host rules. I'm not opposed to using dhcpd for IPv6 without Radvd, but am just not sure how to configure it. ddns-update-style none; option domain-name "penguin.farm"; option domain-name-servers 10.10.10.1; default-lease-time 600; max-lease-time 7200; authoritative; log-facility local7; subnet 10.10.10.0 netmask 255.255.255.0 { range 10.10.10.50 10.10.10.100; option routers 10.10.10.1; } host linux1 { hardware ethernet 4c:ed:fb:<redacted>; fixed-address 10.10.10.22; }
I also think my ip6tables rules are setup correctly to allow/forward the necessary *filter :INPUT DROP [83:26048] :FORWARD DROP [0:0] :OUTPUT ACCEPT [23:2954] -A INPUT -j ACCEPT -m state --state RELATED,ESTABLISHED -A INPUT -j ACCEPT -p icmpv6 -A INPUT -j REJECT --reject-with icmp6-adm-prohibited -A FORWARD -j REJECT --reject-with icmp6-adm-prohibited -A FORWARD -p ipv6-icmp -j ACCEPT -A OUTPUT -p ipv6-icmp -j ACCEPT COMMIT
What do I need to do so my Windows and Linux boxes (Linux is using NetworkManager) to get IPv6 addresses? Edit: My solution Since this is marked as off-topic, I can't post an answer. But I have a solution, so I didn't want to leave anyone hanging who finds this in the future. The short answer (untested) is to add the following ip6tables rule: -A INPUT -m conntrack --ctstate NEW -m udp -p udp --dport 546 -d fe80::/64 -j ACCEPT
For my solution, I actually dropped Radvd in favour of dnsmasq. The above firewall rule should fix the problem I was having, but for a more robust IPv6 setup, I wrote the following post: https://battlepenguin.com/tech/setting-up-ipv6-on-a-linux-router/  |
| sublime text 3 certificate verification failed Posted: 09 Oct 2021 10:07 PM PDT I was following the official instruction to install Sublime text 3 but get errors shown as below when I do sudo apt-get update: Ign:10 https://download.sublimetext.com apt/stable/ InRelease Hit:12 https://packagecloud.io/github/git-lfs/ubuntu xenial InRelease Ign:13 https://download.sublimetext.com apt/stable/ Release Ign:14 https://download.sublimetext.com apt/stable/ Packages Ign:15 https://download.sublimetext.com apt/stable/ Translation-en_US Ign:16 https://download.sublimetext.com apt/stable/ Translation-en Ign:14 https://download.sublimetext.com apt/stable/ Packages Ign:15 https://download.sublimetext.com apt/stable/ Translation-en_US Ign:16 https://download.sublimetext.com apt/stable/ Translation-en Ign:14 https://download.sublimetext.com apt/stable/ Packages Ign:15 https://download.sublimetext.com apt/stable/ Translation-en_US Ign:16 https://download.sublimetext.com apt/stable/ Translation-en Ign:14 https://download.sublimetext.com apt/stable/ Packages Ign:15 https://download.sublimetext.com apt/stable/ Translation-en_US Ign:16 https://download.sublimetext.com apt/stable/ Translation-en Ign:14 https://download.sublimetext.com apt/stable/ Packages Ign:15 https://download.sublimetext.com apt/stable/ Translation-en_US Ign:16 https://download.sublimetext.com apt/stable/ Translation-en Err:14 https://download.sublimetext.com apt/stable/ Packages server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none Ign:15 https://download.sublimetext.com apt/stable/ Translation-en_US Ign:16 https://download.sublimetext.com apt/stable/ Translation-en Reading package lists... Done W: The repository 'https://download.sublimetext.com apt/stable/ Release' does not have a Release file. N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use. N: See apt-secure(8) manpage for repository creation and user configuration details. E: Failed to fetch https://download.sublimetext.com/apt/stable/Packages server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none E: Some index files failed to download. They have been ignored, or old ones used instead.
I googled for a while but couldn't find the right solution for me. Any help is appreciated!
My environment is Ubuntu 16.04 x86_64, KDE plasma My /etc/apt/sources.list.d/sublime-text.list file: deb https://download.sublimetext.com/ apt/stable/
- My
apt-transport-https and ca-certificates are: apt-transport-https is already the newest version (1.2.32). ca-certificates is already the newest version (20170717~16.04.2).
- The output of
apt-key list: ... pub 4096R/8A8F901A 2017-05-08 uid Sublime HQ Pty Ltd <support@sublimetext.com> sub 4096R/BD3DF454 2017-05-08
 |
| DNS Forward only/proxy server responds with SERVFAIL Posted: 09 Oct 2021 09:02 PM PDT We have an internal DNS server 64.104.128.236 which is accessible only within a particular subnet (10.106.x.x/16). I am building a private network (192.168.x.x/16) from which I would want to resolve the DNS queries with 64.104.128.236 So, now I have setup a Proxy server (CentOS 7.5) with interfaces - - 10.106.179.30 which can access the DNS server
- 192.168.180.100 to communicate within private network
I have installed bind-utils on the Proxy server with following config in /etc/named.conf: options { listen-on port 53 { 127.0.0.1; any; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; allow-query { localhost; any; }; recursion yes; forwarders { 64.104.128.236; }; forward only; dnssec-enable yes; dnssec-validation yes; };
From my Client (192.168.180.81), when I try nslookup, I always get SERVFAIL > facebook.com Server: 192.168.180.100 Address: 192.168.180.100#53 ------------ QUESTIONS: facebook.com, type = A, class = IN ANSWERS: AUTHORITY RECORDS: ADDITIONAL RECORDS: ------------ ** server can't find facebook.com: SERVFAIL
I can see the it getting successfully resolved in my Proxy server, but this is not passed on. [root@warmachine ~]# nslookup facebook.com Server: 64.104.128.236 Address: 64.104.128.236#53 Non-authoritative answer: Name: facebook.com Address: 157.240.7.35
The tcpdump on Proxy server looks thus ( Client --> Proxy --> DNS): [root@warmachine ~]# tcpdump -n -i any host 192.168.180.81 or host 64.104.128.236 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes 00:15:51.643536 IP 192.168.180.81.44537 > 192.168.180.100.domain: 49291+ A? facebook.com. (30) 00:15:51.646761 IP 10.106.179.30.rbr-discovery > 64.104.128.236.domain: 33001+% [1au] A? facebook.com. (41) 00:15:51.651612 IP 64.104.128.236.domain > 10.106.179.30.rbr-discovery: 33001- 1/2/4 A 157.240.7.35 (152) 00:15:51.652572 IP 192.168.180.100.domain > 192.168.180.81.44537: 49291 ServFail 0/0/0 (30) 00:15:51.653823 IP 192.168.180.81.43489 > 192.168.180.100.domain: 11362+ A? facebook.com. (30) 00:15:51.654216 IP 10.106.179.30.56534 > 64.104.128.236.domain: 14438+% [1au] A? facebook.com. (41) 00:15:51.659101 IP 64.104.128.236.domain > 10.106.179.30.56534: 14438- 1/2/4 A 157.240.7.35 (152) 00:15:51.659686 IP 192.168.180.100.domain > 192.168.180.81.43489: 11362 ServFail 0/0/0 (30)
Am I approaching this the wrong way?  |
| NGINX authenticaion with reverse proxy does not work Posted: 09 Oct 2021 08:06 PM PDT I am trying to setup basic authentication on an nginx reverse proxy server. I have an app that runs on port 9000 and use the nginx to reverse the proxy server to 80. That far everything works perfect. If I try to add a basic authentication I get a 403: Forbbiden error from nginx even if the user and password are correct. The nginx config is below, I changed the server_name but everything else is the same server { listen 80 default_server; listen [::]:80 default_server; root /var/www/html; index index.html index.htm index.nginx-debian.html; server_name www.example.com example.com; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-NginX-Proxy true; proxy_pass http://localhost:9000; proxy_set_header Host $http_host; proxy_cache_bypass $http_upgrade; proxy_redirect off; auth_basic "Restricted Content"; auth_basic_user_file /etc/nginx/.htpasswd; } }
If I remove the following part everything works perfect but I have no auth auth_basic "Restricted Content"; auth_basic_user_file /etc/nginx/.htpasswd;
The password file was created following the tutorial from NGINX Documentation here Can someone please help me on this  |
| Very High CPU load Low to Medium RAM usage on VPS (mysql over 100% CPU) Posted: 09 Oct 2021 05:06 PM PDT I'm on a VPS Virtuozzo server with:
8GB RAM
6 CPU
SSD Hard Drive
Debian 8.8
PHP 5.6.30
MySQL 5.5.55
There only one website that is served.
Its a wordpress with SSL enabled website with around 22000 articles.
It gets medium traffic, around 8k users, 18k pageviews per day.
Because of the nature of the website we get a lot of bad robots requests and hack attempts. fail2ban is configured and reporting well. top -i reporting sometimes mysql CPU% as 200.
Virtuozzo reports
CPU Usage 99.9%
CPU Load Average 7.13, 7.42, 6.97
Memory 42% As a result at some point apache halts and restarts. my.cnf: [client] port = 3306 socket = /var/run/mysqld/mysqld.sock [mysqld_safe] socket = /var/run/mysqld/mysqld.sock nice = 0 [mysqld] user = mysql pid-file = /var/run/mysqld/mysqld.pid socket = /var/run/mysqld/mysqld.sock port = 3306 basedir = /usr datadir = /var/lib/mysql tmpdir = /tmp lc-messages-dir = /usr/share/mysql skip-external-locking #bind-address = 127.0.0.1 key_buffer = 16M max_allowed_packet = 16M thread_stack = 192K thread_cache_size = 8 myisam-recover = BACKUP max_connections = 100 #table_cache = 64 #thread_concurrency = 10 query_cache_limit = 1M query_cache_size = 128M tmp_table_size = 256M max_heap_table_size = 256M table_open_cache = 3200 #general_log_file = /var/log/mysql/mysql.log #general_log = 1 log_error = /var/log/mysql/error.log slow_query_log_file = /var/log/mysql/mysql-slow.log slow_query_log = 1 #long_query_time = 2 #log_queries_not_using_indexes #server-id = 1 #log_bin = /var/log/mysql/mysql-bin.log expire_logs_days = 10 max_binlog_size = 100M #binlog_do_db = include_database_name #binlog_ignore_db = include_database_name innodb_buffer_pool_size = 5G [mysqldump] quick quote-names max_allowed_packet = 16M [mysql] #no-auto-rehash # faster start of mysql but no tab completition [isamchk] key_buffer = 16M !includedir /etc/mysql/conf.d/
The slow query log is not reporting any slow queries. (my.cnf file configured by an server admin expert that I hired, because I am not one) Is MySQL misconfigured? UPDATE: I have tried to disable all plugins and applied the basic theme. There isn't a particular plugin that causing this. I goes without saying that the CPU usage was lower but the RAM load was lower as well. By the way if there are no plugins and we have the basic theme applied there is not so much engagement from users. We can't hit 200 users per minute with basic setup in order to debug properly...  |
| How to use klist to show kerberos principal instance URL? Posted: 09 Oct 2021 03:05 PM PDT When I type klist, it only shows the primary username and realm: > klist -a Ticket cache: FILE:... Default principal: primary@REALM.NAME.COM Valid starting Expires Service principal 04/30/2017 21:03:00 05/01/2017 07:03:00 primary/REALM.NAME.COM@REALM.NAME.COM renew until 05/07/2017 21:02:56 Addresses: (none)
The default principal doesn't have instance name included. How to show it in klist? Or is it missing in my system? Thanks a lot!  |
| Dealing with CONFIG FAILURE on fresh drive (3ware / LSI RAID) Posted: 09 Oct 2021 04:04 PM PDT This is not about DRIVE failure. It's about drive CONFIG failure. I bought 3 brand new drives for my server, because existing ones have worked for over 4 years and one of them is failing (shows ECC ERROR or DEGRADE). I'm always able to rebuild array with existing drives, but replacing them all is my immediate goal. I checked specs of these old drives, they are WD2003FYYS, 512 bytes per sector. I thought it would be proper to also acquire 2TB drives with 512n format, so I now have Seagate ST2000NM0055. THE PROBLEM As seen on the following picture, all three new drives behave exactly the same - 3ware /LSI 9750-8i does not want to detect these properly. Just for kicks I inserted one desktop drive, WD10EZEX with Advanced Format (4K sectors) and it showed status of OK. All 8 drives are in hot-swap bays, so I did a lot of swapping, also tried different bays - no change. Controller's event log does not even show "drive connected" event, as it did for WD10EZEX  All Seagates are brand new and have no partition on them (WD10EZEX had one). They work properly in my workstation, connected to eSATA port. CrystalDiskInfo says they're all OK. (lang  QUESTION Has anybody encountered this type of behavior? How do I deal with this? I've read docs of 9750-8i but didn't find anything about drive config failure, let alone what to do in this case. It's not like I'm a newbie when it comes to various RAIDs and I had 5 different 3ware controllers to this day, but in the case at hand I'm stumped. Please help.  |
| 403 forbidden on Apache after trying to install nginx reverse proxy Posted: 09 Oct 2021 03:05 PM PDT My setup: Digital Ocean droplet running Debian 8 2 websites with each their domain running on Apache2 Tried installing nginx and configure it as a reverse proxy following these instructions: https://www.digitalocean.com/community/tutorials/how-to-configure-nginx-as-a-web-server-and-reverse-proxy-for-apache-on-one-ubuntu-14-04-droplet It instantly broke my sites, giving Forbidden 403 error when trying to access them. I spent so many hours trying to make it work and now decided to leave it and just use Apache2 like i did before. But now the sites are still showing Forbidden 403 even after nginx is stopped. Briefly installed lighttpd + lighttpd php5-cgi and then i could access the sites, however, it was showing just 1 site on both domains. I have chown -R www-data:www-data /var/www Also did a chmod -R 755 /var/www Please, if anyone could provide some input, I would be so happy. I am going crazy trying to fix this mess. :( Apache ports.conf: Listen 80 <IfModule ssl_module> Listen 443 </IfModule> <IfModule mod_gnutls.c> Listen 443 </IfModule>
Sample from Apache error log: [Thu Mar 03 13:56:36.965194 2016] [authz_core:error] [pid 31517] [client 185.106.92.253:55470] AH01630: client denied by server configuration: /var/www/html/xmlrpc.php [Thu Mar 03 13:56:43.316074 2016] [authz_core:error] [pid 31518] [client 185.106.92.253:52484] AH01630: client denied by server configuration: /var/www/html/xmlrpc.php [Thu Mar 03 13:56:47.635774 2016] [authz_core:error] [pid 31496] [client 185.106.92.253:53967] AH01630: client denied by server configuration: /var/www/html/xmlrpc.php [Thu Mar 03 13:57:00.853631 2016] [authz_core:error] [pid 31670] [client 185.106.92.253:50494] AH01630: client denied by server configuration: /var/www/html/xmlrpc.php [Thu Mar 03 13:57:08.455024 2016] [authz_core:error] [pid 31668] [client 185.106.92.253:45464] AH01630: client denied by server configuration: /var/www/html/xmlrpc.php [Thu Mar 03 13:57:21.641599 2016] [authz_core:error] [pid 31517] [client 185.106.92.253:38106] AH01630: client denied by server configuration: /var/www/html/xmlrpc.php [Thu Mar 03 13:57:28.132631 2016] [authz_core:error] [pid 31518] [client 185.106.92.253:48468] AH01630: client denied by server configuration: /var/www/html/xmlrpc.php
apache2.conf: Mutex file:${APACHE_LOCK_DIR} default PidFile ${APACHE_PID_FILE} Timeout 300 KeepAlive On MaxKeepAliveRequests 100 KeepAliveTimeout 100 User ${APACHE_RUN_USER} Group ${APACHE_RUN_GROUP} HostnameLookups Off ErrorLog ${APACHE_LOG_DIR}/error.log LogLevel warn IncludeOptional mods-enabled/*.load IncludeOptional mods-enabled/*.conf Include ports.conf <Directory /> Options FollowSymLinks AllowOverride None Require all denied </Directory> <Directory /usr/share> AllowOverride None Require all granted </Directory> <Directory /var/www/site1> Options Indexes FollowSymLinks AllowOverride All Require all granted </Directory> <Directory /var/www/site2> Options Indexes FollowSymLinks AllowOverride All Require all granted </Directory> <Directory /srv/> Options Indexes FollowSymLinks AllowOverride None Require all granted </Directory> AccessFileName .htaccess <FilesMatch "^\.ht"> Require all denied </FilesMatch> LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %O" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent
site1.conf: <VirtualHost *:80> ServerName www.site1.com ServerAlias site1.com ServerAdmin webmaster@localhost DocumentRoot /var/www/site1 ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined <Directory /var/www/site1/> Options FollowSymlinks AllowOverride none Require all granted </Directory> <IfModule mod_fastcgi.c> AddHandler php5-fcgi .php Action php5-fcgi /php5-fcgi Alias /php5-fcgi /usr/lib/cgi-bin/php5-fcgi FastCgiExternalServer /usr/lib/cgi-bin/php5-fcgi -socket /tmp/php5-fpm.sock -pass-header Authorization </IfModule> </VirtualHost> SetOutputFilter DEFLATE SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|ico|png)$ \ no-gzip dont-vary SetEnvIfNoCase Request_URI \.(?:exe|t?gz|zip|bz2|sit|rar)$ \no-gzip dont-vary SetEnvIfNoCase Request_URI \.pdf$ no-gzip dont-vary BrowserMatch ^Mozilla/4 gzip-only-text/html BrowserMatch ^Mozilla/4\.0[678] no-gzip BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
site2.conf: <VirtualHost *:80> ServerName www.site2.com ServerAlias site2.com ServerAdmin webmaster@localhost DocumentRoot /var/www/site2 ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined <Directory /var/www/site2/> Options FollowSymlinks AllowOverride none Require all granted </Directory> <IfModule mod_fastcgi.c> AddHandler php5-fcgi .php Action php5-fcgi /php5-fcgi Alias /php5-fcgi /usr/lib/cgi-bin/php5-fcgi FastCgiExternalServer /usr/lib/cgi-bin/php5-fcgi -socket /tmp/php5-fpm.sock -pass-header Authorization </IfModule> </VirtualHost> SetOutputFilter DEFLATE SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|ico|png)$ \ no-gzip dont-vary SetEnvIfNoCase Request_URI \.(?:exe|t?gz|zip|bz2|sit|rar)$ \no-gzip dont-vary SetEnvIfNoCase Request_URI \.pdf$ no-gzip dont-vary BrowserMatch ^Mozilla/4 gzip-only-text/html BrowserMatch ^Mozilla/4\.0[678] no-gzip BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
 |
| Docker 1.6.0 on RHEL 6.5 with SELinux, can't run containers without root Posted: 09 Oct 2021 08:06 PM PDT I'm trying to run a container on a RHEL 6.5 but I keep hitting this problem: sudo docker run -u postgres -it registry/postgres /bin/bash /bin/bash: error while loading shared libraries: libtinfo.so.5: cannot open shared object file: Permission denied
When run as user 'root', the container starts fine but the problem appears again when trying to switch to another user: $ sudo docker run -u root -it registry/database /bin/bash [root@8a20410eaa5e /]# su postgres su: /bin/bash: Permission denied
This is a specific container built by us, based on CentOS 6.5 an that runs Postgres. The Dockerfile to build it has "USER postgres" in it, and it works fine elsewhere except these servers. I can reproduce the same behaviour with a busybox container: $ sudo docker run -u nobody -it 10.188.13.136:8080/busybox / $ ls /bin/sh: ls: Permission denied
The RHEL 6.5 host has SELinux enabled. We have other other hosts where SELinux and this container works fine there. The audit log for this host looks clean, no error messages that I can see when trying to run the container. This is what we've tried so far: - update the SELinux policies in RHEL ("sudo yum upgrade selinux-policy"), as they were not the latest versions
- get SELinux into permissive mode (setenforce 0); not tried to switch it off completely and reboot
- start the Docker daemon with "--selinux-enabled=true"
- start the container with --privileged
- start the container with --security-opt=:label:disable
- we're running the latest RHEL 6.5 kernel: 2.6.32-504.16.2.el6.x86_64
Also run a strace session for the 'su ' command within the container but could not see much beyond these: 17 setgid(10000) = 0 17 setuid(10000) = 0 17 munmap(0x7f07a3540000, 2101304) = 0 17 munmap(0x7f07a311c000, 2113776) = 0 17 munmap(0x7f07a2f03000, 2196352) = 0 17 munmap(0x7f07a2cea000, 2198192) = 0 17 munmap(0x7f07a2ae8000, 2101272) = 0 17 munmap(0x7f07a28e4000, 2109624) = 0 17 munmap(0x7f07a26e0000, 2109672) = 0 17 munmap(0x7f07a24d3000, 2148896) = 0 17 munmap(0x7f07a22d0000, 2105488) = 0 17 munmap(0x7f07a20cb000, 2113848) = 0 17 munmap(0x7f07a1ec5000, 2118168) = 0 17 munmap(0x7f07a3321000, 2221912) = 0 17 execve("/bin/bash", ["bash"], [/* 15 vars */]) = -1 EACCES (Permission denied) 17 write(2, "su: ", 4) = 4 17 write(2, "/bin/bash", 9) = 9
The full strace dump is here in case it's needed: http://pastebin.com/42C2B8LP. We're not sure what to look for next, any ideas?  |
| unable to login remotely in MYSQL Posted: 09 Oct 2021 10:07 PM PDT I am very new to mysql and I want to use remote login I followed this stack process but the command gives me nothing on the screen as listed on that link $ lsof -i -P | grep :3306 $
this is the output. What I did so far: I edited the file /etc/mysql/my.cnf to make change and looks like this skip-external-locking # # Instead of skip-networking the default is now to listen only on # localhost which is more compatible and is not less secure. bind-address = 0.0.0.0
What I want basically that I want remote login.But I am unable to that. I run following command on my terminal $ mysql -h 127.6.110.2 -u adminTwz5PWn -p $ enter password: ERROR 1045 (28000): Access denied for user 'adminTwz5PWn'@'localhost' (using password: YES)
For sake of information needed I got this username and password from Openshift My concern is that how @'localhost' comes into the picture If I am providing the host ip in the command I have user log in to mysql as follows +------------------+---------------+ | user | host | +------------------+---------------+ | root | % | | root | 127.0.0.1 | | adminvKbP1kf | 127.3.138.130 | | adminTwz5PWn | 127.6.110.2 | | root | ::1 | | user | hostname | | debian-sys-maint | localhost | | phpmyadmin | localhost | | phpmyadmin_suraj | localhost | | root | localhost | | suraj | localhost | +------------------+---------------+
Please correct me if I am wrong anywhere. And what steps are needed to make this successfull  |
| How do I set locale when building an Ubuntu Docker image with Packer? Posted: 09 Oct 2021 06:06 PM PDT I'm using Packer to build a Docker image based on Ubuntu 14.04, i.e., in my Packer template I have: "builders": [{ "type": "docker", "image": "ubuntu", "commit": true }],
and I build it using: $ packer build my.json
What do I need to put in the template to get a specific locale (say en_GB) to be set when I subsequently run the following? $ sudo docker run %IMAGE_ID% locale
Additional info As it stands, I get: LANG= LANGUAGE= LC_CTYPE="POSIX" LC_NUMERIC="POSIX" LC_TIME="POSIX" ... LC_IDENTIFICATION="POSIX" LC_ALL=
which causes a few problems for things I want to do next, like installing certain Python packages. I've tried adding: { "type": "shell", "inline": [ "locale-gen en_GB.UTF-8", "update-locale LANG=en_GB.UTF-8 LANGUAGE=en_GB.UTF-8 LC_ALL=en_GB.UTF-8" ] }
but while that does set up the locale config it doesn't affect the env used by docker run. Even if I add extra export lines like: { "type": "shell", "inline": [ ... "export LANG=en_GB.UTF-8" ] }
they have no effect, presumably because when using docker run, it's not a child process of the command packer build uses when running these commands initially. As a workaround I can pass env vars to docker run, but don't want to have to do that each time, e.g.: sudo docker run -e LANG=en_GB.UTF-8 -e LANGUAGE=en_GB.UTF-8 -e LC_ALL=en_GB.UTF-8 %IMAGE_ID% locale
 |
| SSHD on Cygwin: can't connect as "root" from a Linux box Posted: 09 Oct 2021 06:06 PM PDT I'm trying to connect a Linux (CentOS 6.5 x64) server and another server, a Windows Server 2008 R2 running Cygwin, and transfer files daily via SSHD from Linux to Windows, and I will use public keys for authentication. The Windows server is recognized and is a know host in Linux SSH, but when I try to copy the Linux public key to Windows server via scp command, it returns: Connection closed by <host IP> lost connection`
In sshd_config file, there's a line allowing connections as root (commented as default), I uncommented and remained the same. I tried turn off Windows Firewall, but not worked. Is something wrong with my Cygwin/SSHD settings, or Linux SSHD? ssh -v output:
ssh -v <Windows server user>@<Host IP> OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to 192.168.1.23 [192.168.1.23] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: identity file /root/.ssh/identity type -1 debug1: identity file /root/.ssh/identity-cert type -1 debug1: identity file /root/.ssh/id_rsa type 1 debug1: identity file /root/.ssh/id_rsa-cert type -1 debug1: identity file /root/.ssh/id_dsa type -1 debug1: identity file /root/.ssh/id_dsa-cert type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1 debug1: match: OpenSSH_6.6.1 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.3 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host '192.168.1.23' is known and matches the RSA host key. debug1: Found key in /root/.ssh/known_hosts:1 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Next authentication method: publickey debug1: Trying private key: /root/.ssh/identity debug1: Offering public key: /root/.ssh/id_rsa Connection closed by <Host IP>
 |
| GPO Redirected My Documents not displayed in Libraries (Server 2012 & Win 7) Posted: 09 Oct 2021 09:02 PM PDT New build Server 2012 & windows 7 desktops. Windows 7 library's are not reflecting the folder redirection set by the GPO, although the redirection is working. We use GPO's to redirect the users "My Documents" to their Home folder on the network When I do this by GPO, the Documents entry under Libraries, still points to the (now) empty one on the local disk in the user's profile. C:\users\default\Documents However the 'My Documents' folder shows up in the users networked Home folder. Eventvwr shows that folder redirection is working successfully. The folder is indeed being redirected, but not visible under Libraries. When I open the personal folder for the user we see two My Document folders, one is the redirected one and one is the default my documents folder (the one showing in libraries) I must be doing something wrong. Any Ideas?  |
| Ubuntu server failing to perform SSL handshake (ssl handshake failure:s23_lib.c) Posted: 09 Oct 2021 07:01 PM PDT This is started as a Java issue (there's a stackoverflow question) and it turns out it's not really Java-related as I can reproduce it with wget. This happens in 3 different Ubuntu boxes. $ wget https://producao.ginfes.com.br --certificate reck.pem --no-check-certificate --debug DEBUG output created by Wget 1.12 on linux-gnu. --2014-02-27 17:35:57-- https://producao.ginfes.com.br/ Resolvendo producao.ginfes.com.br... 201.77.231.18 Caching producao.ginfes.com.br => 201.77.231.18 Conectando-se a producao.ginfes.com.br|201.77.231.18|:443... conectado. Created socket 3. Releasing 0x09b827f0 (new refcount 1). Initiating SSL handshake. SSL handshake failed. Closed fd 3 Não foi possível estabelecer conexão segura (SSL).
Now if I create a ssh tunnel to my dev box from this same machine and try to connect to the same website using the tunnel, the connection works (404 error is expected): $ ssh user@192.168.0.29 -L4443:producao.ginfes.com.br:443 ... $ wget https://localhost:4443 --certificate reck.pem --no-check-certificate --debug DEBUG output created by Wget 1.12 on linux-gnu. --2014-02-27 17:38:35-- https://localhost:4443/ Resolvendo localhost... ::1, 127.0.0.1 Caching localhost => ::1 127.0.0.1 Conectando-se a localhost|::1|:4443... conectado. Created socket 3. Releasing 0x086a88f0 (new refcount 1). Initiating SSL handshake. Handshake successful; connected socket 3 to SSL handle 0x086a6ba0 certificate: subject: /C=BR/ST=SP/L=S\\xC3\\xA3o Paulo/O=Eicon Controles Inteligentes de Negocios LTDA/CN=*.ginfes.com.br issuer: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3 AVISO: não foi possível verificar o certificado de localhost, emitido por "/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3": Foi encontrado um certificado auto-assinado. AVISO: o nome comum no certificado "*.ginfes.com.br" não coincide com o nome de máquina solicitado "localhost". ---request begin--- GET / HTTP/1.0 User-Agent: Wget/1.12 (linux-gnu) Accept: */* Host: localhost:4443 Connection: Keep-Alive ---request end--- A requisição HTTP foi enviada, aguardando resposta... ---response begin--- HTTP/1.1 404 Not Found Server: Apache-Coyote/1.1 Content-Length: 0 Date: Thu, 27 Feb 2014 21:38:37 GMT Connection: keep-alive ---response end--- 404 Not Found Registered socket 3 for persistent reuse. Skipping 0 bytes of body: [] done. 2014-02-27 17:38:37 ERRO 404: Not Found.
Wget doesn't give me enough info so I try to establish the connection with openssl and this is what it gives me: openssl s_client -connect producao.ginfes.com.br:443 -cert reck.pem -key reck.pem -showcerts -CApath /etc/ssl/certs CONNECTED(00000003) depth=3 O = Entrust.net, OU = www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU = (c) 1999 Entrust.net Limited, CN = Entrust.net Certification Authority (2048) verify return:1 depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance EV Root CA verify return:1 depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance CA-3 verify return:1 depth=0 C = BR, ST = SP, L = S\C3\A3o Paulo, O = Eicon Controles Inteligentes de Negocios LTDA, CN = *.ginfes.com.br verify return:1 3078990568:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177: --- Certificate chain 0 s:/C=BR/ST=SP/L=S\xC3\xA3o Paulo/O=Eicon Controles Inteligentes de Negocios LTDA/CN=*.ginfes.com.br i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3 -----BEGIN CERTIFICATE----- MIIGyDCCBbCgAwIBAgIQAQ5FJfholOCaPaQynj06FzANBgkqhkiG9w0BAQUFADBm MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMSUwIwYDVQQDExxEaWdpQ2VydCBIaWdoIEFzc3VyYW5j ZSBDQS0zMB4XDTEyMDgzMDAwMDAwMFoXDTE1MTEyMjEyMDAwMFowgYExCzAJBgNV BAYTAkJSMQswCQYDVQQIEwJTUDETMBEGA1UEBwwKU8OjbyBQYXVsbzE2MDQGA1UE ChMtRWljb24gQ29udHJvbGVzIEludGVsaWdlbnRlcyBkZSBOZWdvY2lvcyBMVERB MRgwFgYDVQQDDA8qLmdpbmZlcy5jb20uYnIwggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQCTC53/d3F+u4U6kn8k0aJbTXE7ijsZ6Rr8tUhzOhdIiIIhfQR6 ZO9H0GjynuLqrAZNkb8e9u4J0GcA2Igjm+PSVaf55u9zwBIf0ffOspmEGt1e17fs xS0AAJpUx+jQ41+7bWLKZnnfnV/RVFaHFkH2YQd0aHVW/s4fRBwqXpnCFJSb2bkz 38ARNAXamCCBi6FyjWi6jBonsekwAE9lDfwGvVbWV7X42oZlacOeTF2Zw0fzPNaD 5AifnuoOmS7wkCXG+7xkj63sS582VLpEtxCZC0qCpwIgyV0dZ+5wo1UhWkWHl2y9 4uPjdSKUmEAY/xkdFZOxlhQ3eMKmJCpfZ6VxAgMBAAGjggNUMIIDUDAfBgNVHSME GDAWgBRQ6nOJ2yn7EI+e5QEg1N55mUiD9zAdBgNVHQ4EFgQUoVPPF0WN4bUT/qM1 rizlMG3p/dUwKQYDVR0RBCIwIIIPKi5naW5mZXMuY29tLmJygg1naW5mZXMuY29t LmJyMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH AwIwYQYDVR0fBFowWDAqoCigJoYkaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL2Nh My1nMTQuY3JsMCqgKKAmhiRodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vY2EzLWcx NC5jcmwwggHEBgNVHSAEggG7MIIBtzCCAbMGCWCGSAGG/WwBATCCAaQwOgYIKwYB BQUHAgEWLmh0dHA6Ly93d3cuZGlnaWNlcnQuY29tL3NzbC1jcHMtcmVwb3NpdG9y eS5odG0wggFkBggrBgEFBQcCAjCCAVYeggFSAEEAbgB5ACAAdQBzAGUAIABvAGYA IAB0AGgAaQBzACAAQwBlAHIAdABpAGYAaQBjAGEAdABlACAAYwBvAG4AcwB0AGkA dAB1AHQAZQBzACAAYQBjAGMAZQBwAHQAYQBuAGMAZQAgAG8AZgAgAHQAaABlACAA RABpAGcAaQBDAGUAcgB0ACAAQwBQAC8AQwBQAFMAIABhAG4AZAAgAHQAaABlACAA UgBlAGwAeQBpAG4AZwAgAFAAYQByAHQAeQAgAEEAZwByAGUAZQBtAGUAbgB0ACAA dwBoAGkAYwBoACAAbABpAG0AaQB0ACAAbABpAGEAYgBpAGwAaQB0AHkAIABhAG4A ZAAgAGEAcgBlACAAaQBuAGMAbwByAHAAbwByAGEAdABlAGQAIABoAGUAcgBlAGkA bgAgAGIAeQAgAHIAZQBmAGUAcgBlAG4AYwBlAC4wewYIKwYBBQUHAQEEbzBtMCQG CCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wRQYIKwYBBQUHMAKG OWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEhpZ2hBc3N1cmFu Y2VDQS0zLmNydDAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBQUAA4IBAQAmvkbx 0DrGmi0YduBVze0zFgRb2pgn0xLAVtqEv8fg4jm3IbYRe0wTTuVf3I06JbHcJu5y IYMH65ajMgiDmzrK6nVvY6wdzRTcXX7Iu7tSSJvsOzyPVNxbMyvzqeAD3HAJYq6h OHURlFVQ88NdRnkXb4oNBI3hJWfIoAe6mcHPGQXzKvnu3mmOPmNmKW0T5VY+CPRK QYOxpD+JdEzZ7jHZsLhbC1bH9VNrBIXvCdpHyvmK+q5Oef+pChqEbXouaD9H93Ss FtjW16OZHTEliToBsLBYQF4BoYkfVpuYvAf2lnDZo5C0EIkNCUov+vchr3sWJ5e8 CKUuSAvA6/lyBsPj -----END CERTIFICATE----- 1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3 i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA -----BEGIN CERTIFICATE----- MIIGWDCCBUCgAwIBAgIQCl8RTQNbF5EX0u/UA4w/OzANBgkqhkiG9w0BAQUFADBs MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j ZSBFViBSb290IENBMB4XDTA4MDQwMjEyMDAwMFoXDTIyMDQwMzAwMDAwMFowZjEL MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3 LmRpZ2ljZXJ0LmNvbTElMCMGA1UEAxMcRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug Q0EtMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL9hCikQH17+NDdR CPge+yLtYb4LDXBMUGMmdRW5QYiXtvCgFbsIYOBC6AUpEIc2iihlqO8xB3RtNpcv KEZmBMcqeSZ6mdWOw21PoF6tvD2Rwll7XjZswFPPAAgyPhBkWBATaccM7pxCUQD5 BUTuJM56H+2MEb0SqPMV9Bx6MWkBG6fmXcCabH4JnudSREoQOiPkm7YDr6ictFuf 1EutkozOtREqqjcYjbTCuNhcBoz4/yO9NV7UfD5+gw6RlgWYw7If48hl66l7XaAs zPw82W3tzPpLQ4zJ1LilYRyyQLYoEt+5+F/+07LJ7z20Hkt8HEyZNp496+ynaF4d 32duXvsCAwEAAaOCAvowggL2MA4GA1UdDwEB/wQEAwIBhjCCAcYGA1UdIASCAb0w ggG5MIIBtQYLYIZIAYb9bAEDAAIwggGkMDoGCCsGAQUFBwIBFi5odHRwOi8vd3d3 LmRpZ2ljZXJ0LmNvbS9zc2wtY3BzLXJlcG9zaXRvcnkuaHRtMIIBZAYIKwYBBQUH AgIwggFWHoIBUgBBAG4AeQAgAHUAcwBlACAAbwBmACAAdABoAGkAcwAgAEMAZQBy AHQAaQBmAGkAYwBhAHQAZQAgAGMAbwBuAHMAdABpAHQAdQB0AGUAcwAgAGEAYwBj AGUAcAB0AGEAbgBjAGUAIABvAGYAIAB0AGgAZQAgAEQAaQBnAGkAQwBlAHIAdAAg AEMAUAAvAEMAUABTACAAYQBuAGQAIAB0AGgAZQAgAFIAZQBsAHkAaQBuAGcAIABQ AGEAcgB0AHkAIABBAGcAcgBlAGUAbQBlAG4AdAAgAHcAaABpAGMAaAAgAGwAaQBt AGkAdAAgAGwAaQBhAGIAaQBsAGkAdAB5ACAAYQBuAGQAIABhAHIAZQAgAGkAbgBj AG8AcgBwAG8AcgBhAHQAZQBkACAAaABlAHIAZQBpAG4AIABiAHkAIAByAGUAZgBl AHIAZQBuAGMAZQAuMBIGA1UdEwEB/wQIMAYBAf8CAQAwNAYIKwYBBQUHAQEEKDAm MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wgY8GA1UdHwSB hzCBhDBAoD6gPIY6aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGln aEFzc3VyYW5jZUVWUm9vdENBLmNybDBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNl cnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDAfBgNVHSME GDAWgBSxPsNpA/i/RwHUmCYaCALvY2QrwzAdBgNVHQ4EFgQUUOpzidsp+xCPnuUB INTeeZlIg/cwDQYJKoZIhvcNAQEFBQADggEBAB7ipUiebNtTOA/vphoqrOIDQ+2a vD6OdRvw/S4iWawTwGHi5/rpmc2HCXVUKL9GYNy+USyS8xuRfDEIcOI3ucFbqL2j CwD7GhX9A61YasXHJJlIR0YxHpLvtF9ONMeQvzHB+LGEhtCcAarfilYGzjrpDq6X dF3XcZpCdF/ejUN83ulV7WkAywXgemFhM9EZTfkI7qA5xSU1tyvED7Ld8aW3DiTE JiiNeXf1L/BXunwH1OH8zVowV36GEEfdMR/X/KLCvzB8XSSq6PmuX2p0ws5rs0bY Ib4p1I5eFdZCSucyb6Sxa1GDWL4/bcf72gMhy2oWGU4K8K2Eyl2Us1p292E= -----END CERTIFICATE----- 2 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA i:/O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification Authority (2048) -----BEGIN CERTIFICATE----- MIIFBzCCA++gAwIBAgIETA6m2zANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChML RW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBp bmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5 IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENlcnRp ZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTAeFw0wNjEwMDExOTQyMjRaFw0xNjEx MDQwMzM4NDRaMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMx GTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhp Z2ggQXNzdXJhbmNlIEVWIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw ggEKAoIBAQDGzOVz5vvUu+UtLTKm3+WBP8nNJUm2cSrD1ZQ0Z6IKHLBfaaZAscS3 so/QmKSpQVk609yU1jzbdDikSsxNJYL3SqVTEjju80ltcZF+Y7arpl/DpIT4T2JR vvjF7Ns4kuMG5QiRDMQoQVX7y1qJFX5x6DW/TXIJPb46OFBbdzEbjbPHJEWap6xt ABRaBLe6E+tRCphBQSJOZWGHgUFQpnlcid4ZSlfVLuZdHFMsfpjNGgYWpGhz0DQE E1yhcdNafFXbXmThN4cwVgTlEbQpgBLxeTmIogIRfCdmt4i3ePLKCqg4qwpkwr9m XZWEwaElHoddGlALIBLMQbtuC1E4uEvLAgMBAAGjggFmMIIBYjAOBgNVHQ8BAf8E BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBATAnBgNVHSUEIDAeBggrBgEFBQcDAQYI KwYBBQUHAwIGCCsGAQUFBwMEMDMGCCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAYYX aHR0cDovL29jc3AuZW50cnVzdC5uZXQwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDov L2NybC5lbnRydXN0Lm5ldC8yMDQ4Y2EuY3JsME8GA1UdIARIMEYwRAYEVR0gADA8 MDoGCCsGAQUFBwIBFi5odHRwOi8vd3d3LmRpZ2ljZXJ0LmNvbS9zc2wtY3BzLXJl cG9zaXRvcnkuaHRtMB0GA1UdDgQWBBSxPsNpA/i/RwHUmCYaCALvY2QrwzAfBgNV HSMEGDAWgBRV5IHREYC+2Im5CKMx+aEkCRa5cDAZBgkqhkiG9n0HQQAEDDAKGwRW OC4xAwIAgTANBgkqhkiG9w0BAQUFAAOCAQEAWeGUFInGcjzna3VLJXotPqPbrDxy T5swsKJe1mJdjzZr590jWcGALKDtfhGgyaO79pa4NMn+xtdYtLsnf+VrIwRoYUsW V9/hfsDFNo8MBN7vd2hog218BftF3c4WVpE50liRUZWHnk20CtcFY4NDJt4Iphl3 nf5Zol/bMjNKZRDER++6VwcfTJ+vaGXvZ22a3h5eToeF7p0Nez3SA6ndtwUEnpUN wbIR/Vp3xB+Yny6g0Ml80zRi9S+WN0hItCH7L61TZTTCe0p8/JBJn/P3NwieQQCy YxtLufbBfVlmq9HzijAFGHpBR6vHZxQ6fGCxCE7QzsfhraZN7q4yrKzGWg== -----END CERTIFICATE----- 3 s:/O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification Authority (2048) i:/O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification Authority (2048) -----BEGIN CERTIFICATE----- MIIEKjCCAxKgAwIBAgIEOGPe+DANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChML RW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBp bmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5 IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENlcnRp ZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTAeFw05OTEyMjQxNzUwNTFaFw0yOTA3 MjQxNDE1MTJaMIG0MRQwEgYDVQQKEwtFbnRydXN0Lm5ldDFAMD4GA1UECxQ3d3d3 LmVudHJ1c3QubmV0L0NQU18yMDQ4IGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxp YWIuKTElMCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEG A1UEAxMqRW50cnVzdC5uZXQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgKDIwNDgp MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArU1LqRKGsuqjIAcVFmQq K0vRvwtKTY7tgHalZ7d4QMBzQshowNtTK91euHaYNZOLGp18EzoOH1u3Hs/lJBQe sYGpjX24zGtLA/ECDNyrpUAkAH90lKGdCCmziAv1h3edVc3kw37XamSrhRSGlVuX MlBvPci6Zgzj/L24ScF2iUkZ/cCovYmjZy/Gn7xxGWC4LeksyZB2ZnuU4q941mVT XTzWnLLPKQP5L6RQstRIzgUyVYr9smRMDuSYB3Xbf9+5CFVghTAp+XtIpGmG4zU/ HoZdenoVve8AjhUiVBcAkCaTvA5JaJG/+EfTnZVCwQ5N328mz8MYIWJmQ3DW1cAH 4QIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV HQ4EFgQUVeSB0RGAvtiJuQijMfmhJAkWuXAwDQYJKoZIhvcNAQEFBQADggEBADub j1abMOdTmXx6eadNl9cZlZD7Bh/KM3xGY4+WZiT6QBshJ8rmcnPyT/4xmf3IDExo U8aAghOY+rat2l098c5u9hURlIIM7j+VrxGrD9cv3h8Dj1csHsm7mhpElesYT6Yf zX1XEC+bBAlahLVu2B064dae0Wx5XnkcFMXj0EyTO2U87d89vqbllRrDtRnDvV5b u/8j72gZyxKTJ1wDLW8w0B62GqzeWvfRqqgnpv55gcR5mTNXuhKwqeBCbJPKVt7+ bYQLCIt+jerXmCHG8+c8eS9enNFMFY3h7CI3zJpDC5fcgJCNs2ebb0gIFVbPv/Er fF6adulZkMV8gzURZVE= -----END CERTIFICATE----- --- Server certificate subject=/C=BR/ST=SP/L=S\xC3\xA3o Paulo/O=Eicon Controles Inteligentes de Negocios LTDA/CN=*.ginfes.com.br issuer=/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3 --- Acceptable client certificate CA names /C=BR/O=ICP-Brasil/OU=Secretaria da Receita Federal do Brasil - RFB/CN=AC SINCOR RFB G2 /C=BR/O=ICP-Brasil/OU=Caixa Economica Federal/CN=AC CAIXA PF v1 /C=BR/O=ICP-Brasil/OU=Secretaria da Receita Federal do Brasil - RFB/CN=AC VALID RFB /C=BR/O=ICP-Brasil/OU=Instituto Nacional de Tecnologia da Informacao - ITI/CN=AC Certisign G3 /C=BR/O=ICP-Brasil/OU=Autoridade Certificadora Raiz Brasileira v2/CN=AC SOLUTI /C=BR/O=ICP-Brasil/CN=SERASA Certificadora Digital v1 /C=BR/O=ICP-Brasil/OU=Certisign Certificadora Digital S.A./CN=AC Certisign Multipla G5 /C=BR/O=ICP-Brasil/CN=AC Secretaria da Receita Federal do Brasil /C=BR/O=ICP-Brasil/OU=Secretaria da Receita Federal do Brasil - RFB/CN=AC Instituto Fenacon RFB /C=BR/O=ICP-Brasil/OU=Secretaria da Receita Federal do Brasil - RFB/CN=AC BR RFB G2 /C=BR/O=ICP-Brasil/OU=Caixa Economica Federal/CN=AC CAIXA PJ-1 v1 /C=BR/O=ICP-Brasil/CN=Autoridade Certificadora da Presidencia da Republica v2 /C=BR/O=ICP-Brasil/OU=Autoridade Certificadora Raiz Brasileira v2/OU=AC SOLUTI/CN=AC SOLUTI Multipla /C=BR/O=ICP-Brasil/OU=Secretaria da Receita Federal do Brasil - RFB/CN=AC PRODEST RFB v2 /C=BR/O=ICP-Brasil/OU=Autoridade Certificadora da Justica - AC-JUS/CN=AC Certisign-JUS G3 /C=BR/O=ICP-Brasil/OU=Secretaria da Receita Federal do Brasil - RFB/CN=AC SINCOR RFB G4 /C=BR/O=ICP-Brasil/OU=Autoridade Certificadora Raiz Brasileira v2/CN=SERASA Autoridade Certificadora Principal v2 /C=BR/O=ICP-Brasil/OU=ORDEM DOS ADVOGADOS DO BRASIL CONSELHO FEDERAL/CN=AC OAB /C=BR/O=ICP-Brasil/OU=Imprensa Oficial do Estado S A IMESP/CN=AC Imprensa Oficial G3 /C=BR/O=ICP-Brasil/CN=SERASA Certificadora Digital v2 /C=BR/O=ICP-Brasil/OU=Companhia de Tecnologia da Informacao do Estado de MG - PRODEMGE/CN=AC PRODEMGE G2 /C=BR/O=ICP-Brasil/OU=Secretaria da Receita Federal do Brasil - RFB/CN=AC PRODEMGE RFB G3 /C=BR/O=ICP-Brasil/OU=Secretaria da Receita Federal do Brasil - RFB/CN=AC PRODEST RFB V1 /C=BR/O=ICP-Brasil/OU=Certisign Certificadora Digital S.A./CN=AC Certisign Multipla G3 /C=BR/O=ICP-Brasil/OU=Instituto Nacional de Tecnologia da Informacao - ITI/CN=SERASA Autoridade Certificadora Principal v1 /C=BR/O=ICP-Brasil/OU=Secretaria da Receita Federal do Brasil - RFB/CN=AC Notarial RFB G3 /C=BR/O=ICP-Brasil/OU=Secretaria da Receita Federal do Brasil - RFB/CN=AC SERASA RFB v1 /C=BR/O=ICP-Brasil/OU=Certisign Certificadora Digital S.A./CN=AC Instituto Fenacon /C=BR/O=ICP-Brasil/OU=Autoridade Certificadora Raiz Brasileira v2/CN=AC VALID /C=BR/O=ICP-Brasil/OU=Servico Federal de Processamento de Dados - SERPRO/CN=Autoridade Certificadora do PRODERJ v2 /C=BR/O=ICP-Brasil/OU=Autoridade Certificadora da Justica - AC-JUS/CN=AC CAIXA-JUS v1 /C=BR/O=ICP-Brasil/OU=Autoridade Certificadora Raiz Brasileira v1/CN=AC CAIXA v1 /C=BR/O=ICP-Brasil/OU=SINCOR-SP - Sindicato dos Corretores de Seguros no Estado de SP/CN=AC SINCOR G3 /C=BR/O=ICP-Brasil/CN=Autoridade Certificadora da Casa da Moeda do Brasil /C=BR/O=ICP-Brasil/OU=Autoridade Certificadora Raiz Brasileira v2/CN=AC Secretaria da Receita Federal do Brasil v3 /C=BR/O=ICP-Brasil/OU=Certisign Certificadora Digital S.A./OU=CSPB-2/CN=AC Certisign SPB G5 /C=BR/O=ICP-Brasil/OU=Imprensa Oficial do Estado S A IMESP/CN=AC Imprensa Oficial G2 /C=BR/O=ICP-Brasil/OU=Secretaria da Receita Federal do Brasil - RFB/CN=AC PRODEMGE RFB G2 /C=BR/O=ICP-Brasil/OU=Secretaria da Receita Federal do Brasil - RFB/CN=AC FENACON Certisign RFB G3 /C=BR/O=ICP-Brasil/OU=Secretaria da Receita Federal do Brasil - RFB/CN=AC Notarial RFB G2 /C=BR/O=ICP-Brasil/OU=Autoridade Certificadora Raiz Brasileira v2/CN=AC Certisign G5 /C=BR/O=ICP-Brasil/OU=ORDEM DOS ADVOGADOS DO BRASIL CONSELHO FEDERAL/CN=AC OAB G2 /C=BR/O=ICP-Brasil/OU=Instituto Nacional de Tecnologia da Informacao - ITI/CN=Autoridade Certificadora Raiz Brasileira v1 /C=BR/O=ICP-Brasil/OU=Secretaria da Receita Federal do Brasil - RFB/CN=AC BR RFB G3 /C=BR/O=ICP-Brasil/OU=Secretaria da Receita Federal do Brasil - RFB/CN=AC FENACON Certisign RFB G2 /C=BR/O=ICP-Brasil/OU=SINCOR-SP - Sindicato dos Corretores de Seguros no Estado de SP/CN=AC SINCOR G2 /C=BR/O=ICP-Brasil/OU=Caixa Economica Federal/CN=AC CAIXA PF v2 /C=BR/O=ICP-Brasil/OU=Servico Federal de Processamento de Dados - SERPRO/OU=CSPB-1/CN=Autoridade Certificadora do SERPRO Final v2 /C=BR/O=ICP-Brasil/CN=Autoridade Certificadora SERPRO v2 /C=BR/O=ICP-Brasil/OU=Autoridade Certificadora da Justica - AC-JUS/CN=AC SERASA-JUS v2 /C=BR/O=ICP-Brasil/OU=Autoridade Certificadora Raiz Brasileira v2/CN=Autoridade Certificadora da Casa da Moeda do Brasil v2 /C=BR/O=ICP-Brasil/OU=Secretaria da Receita Federal do Brasil - RFB/CN=AC Certisign RFB G3 /C=BR/O=ICP-Brasil/OU=Autoridade Certificadora Raiz Brasileira v2/CN=Autoridade Certificadora SERPRO v3 /C=BR/O=ICP-Brasil/OU=Autoridade Certificadora Raiz Brasileira v2/CN=Autoridade Certificadora da Presidencia da Republica v3 /C=BR/O=ICP-Brasil/OU=Secretaria da Receita Federal do Brasil - RFB/CN=AC Imprensa Oficial SP RFB G3 /C=BR/O=ICP-Brasil/OU=Secretaria da Receita Federal do Brasil - RFB/CN=AC Imprensa Oficial SP RFB G2 /C=BR/O=ICP-Brasil/OU=Autoridade Certificadora da Justica - AC-JUS/CN=AC SERPRO-JUS v4 /C=BR/O=ICP-Brasil/OU=Secretaria da Receita Federal do Brasil - RFB/CN=Autoridade Certificadora do SERPRORFB /C=BR/O=ICP-Brasil/OU=PETROLEO BRASILEIRO S A PETROBRAS/CN=AC PETROBRAS G3 /C=BR/O=ICP-Brasil/OU=Instituto Nacional de Tecnologia da Informacao - ITI/CN=Autoridade Certificadora da Justica v3 /C=BR/O=ICP-Brasil/OU=Caixa Economica Federal/CN=AC CAIXA PJ v2 /C=BR/O=ICP-Brasil/OU=CSPB-4/CN=SERASA Autoridade Certificadora v2 /C=BR/O=ICP-Brasil/OU=Caixa Economica Federal/CN=AC CAIXA PJ v1 /C=BR/O=ICP-Brasil/CN=AC FENACOR v1 /C=BR/O=ICP-Brasil/OU=Instituto Nacional de Tecnologia da Informacao - ITI/CN=Autoridade Certificadora Raiz Brasileira v2 /C=BR/O=ICP-Brasil/OU=Autoridade Certificadora VALID - AC VALID/CN=AC VALID BRASIL /C=BR/O=ICP-Brasil/OU=Certisign Certificadora Digital S.A./CN=AC Instituto Fenacon G2 /C=BR/O=ICP-Brasil/OU=Autoridade Certificadora da Justica - AC-JUS/CN=AC CAIXA-JUS v2 /C=BR/O=ICP-Brasil/OU=Secretaria da Receita Federal do Brasil - RFB/CN=AC SERASA RFB v2 /C=BR/O=ICP-Brasil/OU=Autoridade Certificadora Raiz Brasileira v2/CN=AC CAIXA v2 /C=BR/O=ICP-Brasil/OU=Secretaria da Receita Federal do Brasil - RFB/CN=AC SINCOR RFB G3 /C=BR/O=ICP-Brasil/OU=Autoridade Certificadora Raiz Brasileira v2/CN=AC Certisign G6 /C=BR/O=ICP-Brasil/OU=Certisign Certificadora Digital S.A./OU=CSPB-2/CN=AC Certisign SPB G3 /C=BR/O=ICP-Brasil/OU=Secretaria da Receita Federal do Brasil - RFB/CN=AC Instituto Fenacon RFB G2 /C=BR/O=ICP-Brasil/OU=Companhia de Tecnologia da Informacao do Estado de MG - PRODEMGE/CN=AC PRODEMGE G3 /C=BR/O=ICP-Brasil/OU=Autoridade Certificadora Raiz Brasileira v2/CN=AC Imprensa Oficial SP G3 /C=BR/O=ICP-Brasil/OU=Secretaria da Receita Federal do Brasil - RFB/CN=Autoridade Certificadora SERPRORFB v3 /C=BR/O=ICP-Brasil/OU=Caixa Economica Federal/CN=AC CAIXA PF-1 v1 /C=BR/O=ICP-Brasil/OU=Autoridade Certificadora Raiz Brasileira v2/CN=Autoridade Certificadora da Justica v4 /C=BR/O=ICP-Brasil/OU=Secretaria da Receita Federal do Brasil - RFB/CN=AC Certisign RFB G4 /C=BR/O=ICP-Brasil/OU=Servico Federal de Processamento de Dados - SERPRO/OU=CSPB-1/CN=Autoridade Certificadora do SERPRO Final v3 /C=BR/O=ICP-Brasil/OU=CSPB-4/CN=SERASA Autoridade Certificadora v1 /C=BR/O=ICP-Brasil/OU=PETROLEO BRASILEIRO S A PETROBRAS/CN=AC PETROBRAS G2 --- SSL handshake has read 16601 bytes and written 2595 bytes --- New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : EDH-RSA-DES-CBC3-SHA Session-ID: 530FB1A9BD310D77D5E436BC4CA14127A423B86C9A7E92AF468C6F8DC3758DE6 Session-ID-ctx: Master-Key: 0E2E35C604253C847156C0DF36B108E3CEAA25BE601EC4FDE2FC9F87138537C71791A469C93D14318B2CED12B671A72D Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1393537449 Timeout : 300 (sec) Verify return code: 0 (ok) ---
Although it looks like it worked, openssl spits this error during the handshake: 3078990568:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:. That message doesn't show up if I use the tunnel as I did with wget. I'm thinking this is related to wget failing on the SSL handshake. Any ideas?  |
| TFS2012 - Reporting Services Permissions? Posted: 09 Oct 2021 07:01 PM PDT I'm currently working through an upgrade of TFS2010 to TFS2012. In our old configuration, TFS, Sharepoint, and Reporting Services were on the same server, with the rest of the DBs on a separate SQL server. During the upgrade, we put Reporting Services on the SQL Server and put Sharepoint on it's own server. We also created an additional TFSReports service account. What permissions are required on the Reporting Services side? Since this migration occurred, the existing permissions were carried over. The admins (Granted System Administrator and Content Managers) are no longer in the BUILTIN\Administrators group, so we'll have to go in and manually add those permissions to each of the folders in TfsReports. My question is, which of the TFS Service Accounts need access to each of the Team Project folders inside of the collection? Does TFSService (which is what the app server runs as) need Team Foundation Content Manager for creation of content in the folders? And TFSReports just need Browser role? I noticed NT AUTHORITY\Authenticated Users is currently a Browser and don't know if that is supposed to be there or just remnants of a previous misconfiguration. Any thoughts are appreciated. Thanks!  |
| Tortoise SVN / Subversion push updates to Windows 2008 Server Posted: 09 Oct 2021 04:04 PM PDT I am googling like crazy trying to find a solution for this - but not having much luck! I have TortoiseSVN and Subversion running on my local Windows XP machine. I make changes to my website and commit these locally. I then want to push these changes to the live website. This is hosted on our dedicated server (Windows 2008 Server). I've spoken to the hosting company who confirmed they do not support SVN and as it's a windows box will not have SSH - so that's not an option. Is there any software or a method I could use to push just the changes I commit back to my remote server? Or do I have to manually upload the changes using FTP (which I do at the moment which is a pain!) Thanks for any info!  |
| PHP+AJAX with MySQL - Query every 2 seconds, too many in TIME_WAIT Posted: 09 Oct 2021 05:06 PM PDT I have a basic HTML file, using jQuery's ajax, that is connecting to my polling.php script every 2 seconds. The polling.php simply connections to mysql, checks for ID's newer than my hidden, stored current ID, and then echo's if there is anything new. Since the javascript is connecting every 2 seconds, I am getting thousands of connections in TIME_WAIT, just for my client. This is because my script is re-connecting to MySQL over and over again. I have tried mysql_pconnect but it didn't help any. Is there any way I can get PHP to open 1 connection, and continue to query using it? Instead of reconnecting every single time and making all these TIME_WAIT connections. Unsure what to do here to make this work properly.  |
No comments:
Post a Comment