I am working with a client, we have introduced certificates for SSL, and they also want a Base URL change. (This is on Jira Server running on Windows server)
Sounds simple... but...
Current Base url is :8080
We have implemented the SSL and changed the base url to just :8443 - that worked.
I have now changed the base url to just (no port) and that is working (however I had to use 443 rather than 8443. The client does not use, and does not want to use, a reverse proxy. hence 443 rather than 8443 to get the portless url to work
The outstanding issue I have is that the redirect from :8080 to new does not work.
I have the following in the server.xml
<Connector port="8080" redirectPort="443" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^\`"<>"
maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false"
maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true"
acceptCount="100" disableUploadTimeout="true" bindOnInit="false"/>
<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxHttpHeaderSize="8192" SSLEnabled="true" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^\`"<>"
maxThreads="150" minSpareThreads="25"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2,TLSv1.3"
clientAuth="false" useBodyEncodingForURI="true"
keyAlias="lse-jira-uat.numiscorp.com" keystoreFile="C:\\Program Files\\Atlassian\\Application Data\\JIRA\\lse-jira-uat.jks" keystorePass="REMOVED" keystoreType="JKS"/>
I also have atlassians recommended settings in the web.xml.
so if I am on the server and go to localhost:8080 the redirect to the new URL works.
However if I use :8080 from anywhere else the redirect fails and I get a deadlink rather than a redirect.
Am I missing a setting anywhere to get the redirect to work?
As a side note, I have done the same on Confluence and the redirect works. So not sure why Jira does not.
Any help appreciated.
Related
I've just refreshed an app written in .net 2.1 to .net 6.0. I worked through the errors and the site appears to compile cleanly. After I published to the server had many errors. Working through them, and standing up a full IIS install on my own machine, I now have it down to a 404 error.
When running the exe straight from the console it runs without errors.
Z:\ReportGroups>FleetLogix.ReportGroups.exe
warn: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[35]
No XML encryptor configured. Key {snip} may be persisted to storage in unencrypted form.
c:\inetpub\wwwroot\ReportGroups>FleetLogix.ReportGroups.exe
Hosting environment: Production
Content root path: c:\inetpub\wwwroot\ReportGroups
Now listening on: http://localhost:5000
Now listening on: https://localhost:5001
Application started. Press Ctrl+C to shut down.
Application is shutting down...
Web.config is
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<location path="." inheritInChildApplications="false">
<system.webServer>
<handlers>
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" />
</handlers>
<aspNetCore processPath="dotnet" arguments=".\FleetLogix.ReportGroups.dll" forwardWindowsAuthToken="false" startupTimeLimit="3600" requestTimeout="23:00:00" stdoutLogEnabled="false" hostingModel="inprocess" stdoutLogFile=".\logs\stdout" />
</system.webServer>
</location>
</configuration>
Looking through Event Viewer, there's nothing of note. System nothing for IIS, IIS-Configuration and IIS-Admin are empty.
Edit 2021-11-22
It took a morning, but I have Request Tracing installed. For those on windows 10, just go to Add Features > IIS > Health > Tracing. Don't believe the server 2012 pages. Below is a screenshot:
The actual xml and xslt were quite verbose.
I have reinstalled the Hosting package as administrator, just in case. The version installed was dotnet-hosting-6.0.0-win.exe. That didn't fix it. IIS was stopped/started at server level as well.
At the moment it looks like the handlerv2 is missing?
If any other logs or config are required please let me know
"At the moment it looks like the handlerv2 is missing?" is incorrect.
The correct interpretation of the FRT log is that ASP.NET Core module (handler configured in your web.config) runs fine, and decides that no routing rule yields a result for the incoming URL http://localhost/ReportGroups. Thus, it returns 404 as designed.
It is your responsibility to review IIS configuration (site/app) as well as your source code on routing to see what should be the right URL to use to access the target pages. And unless you share those parts, discussion on this question cannot move forward.
Jenkins - 2.263.1(LTS) deployed through tomcat on CentOS-8.2and have Nginx reverse proxy running in-front of Jenkins.
Under Manage Jenkins > Configure Systems - Apply and Save not working, Due to this error, i cannot Apply (or) Save any of my configurations, It always shows below error on browser (Firefox & Chrome).
HTTP Status 403 – Forbidden
Type Status Report
Message No valid crumb was included in the request
Description The server understood the request but refuses to authorize
it. Apache Tomcat/9.0.30
Also Jenkins > Manage Jenkins > Configure Global Security - Apply works. But Save not working this too results same above given error.
Systems log error message.
Feb 19, 2021 10:56:05 AM WARNING hudson.security.csrf.CrumbFilter
doFilter No valid crumb was included in request for
/jenkins/configSubmit by ankit.sahu. Returning 403.
Workaround tried:-
1) Under Configure Global security > CSRF Protection > Enable proxy compatibility( Tick marked Enabled). - Didn't work so disabled with below command.
2) hudson.security.csrf.GlobalCrumbIssuerConfiguration.DISABLE_CSRF_PROTECTION = true - Even this didn't solve the problem.
3) Installed the Strict Crumb Issuer plugin.
Enabled this plugin and unchecked Check the session ID from its configuration (Under Jenkins Configure Global Security).
4) Restated the Jenkins.
Even tried by adding below in /apache-tomcat-9.0.30/conf/tomcat-users.xml file.
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="manager-gui"/>
<role rolename="manager-script"/>
<role rolename="manager-jmx"/>
<role rolename="manager-status"/>
<role rolename="admin-gui"/>
<role rolename="admin-script"/>
<user username="user" password="password" roles="manager-gui,manager-script,manager-jmx,manager-status,admin-gui,admin-script"/>
</tomcat-users>
However still experiencing same problem. I don't know how to fix it, Can someone help me?
You can (temporarily) disable CSRF with below groovy script. Go to Manage Jenkins >> Script Console, then execute the below groovy script.
import jenkins.model.Jenkins
def instance = Jenkins.instance
instance.setCrumbIssuer(null)
The nonces embedded into web output from Jenkins with CSRF protection are based (at least in part as I've read) on values from the requesting client. In addition to making sure your reverse proxy is correctly configured to pass X-Forwarded-For and X-Forwarded-Proto, make sure that Tomcat valve is in place to expose those header values in the servlet request API so Jenkins has access to them.
Add the following to $CATALINA_BASE/conf/server.xml, subordinate to the <Host> element:
<Valve className="org.apache.catalina.valves.RemoteIpValve" remoteIpHeader="x-forwarded-for" protocolHeader="x-forwarded-proto" />
ref: https://www.jenkins.io/doc/book/system-administration/reverse-proxy-configuration-troubleshooting/
ref: https://www.jenkins.io/doc/book/system-administration/reverse-proxy-configuration-with-jenkins/
ref: https://tomcat.apache.org/tomcat-9.0-doc/config/valve.html#Remote_IP_Valve
If you're using jenkinsapi, I resolved this error by specifying useCrumb=True in the constructor:
j = Jenkins(base_url, username=username, password=password, useCrumb=True)
I am developing a Self-hosted .Net Core Rest API to be hosted in Docker Container in Service Fabric. I am unable to configure to SSL/Https in Service Fabric. Http seems to work. I am using HttpSys as web server, not Kestrel since I read it is not recommended option for services without reverse proxy(like IIS).
Here is the web server code snippet.
return WebHost.CreateDefaultBuilder(args)
.UseApplicationInsights()
.UseStartup<Startup>()
.UseHttpSys(
options =>
{
options.Authentication.Schemes = AspNetCore.Server.HttpSys.AuthenticationSchemes.None;
options.Authentication.AllowAnonymous = true;
}
)
.Build();
Here is ServiceManifest.xml Endpoints snippet.
<Endpoints>
<Endpoint Name="ServiceEndpoint" Protocol="http" Port="80" />
<Endpoint Name="ServiceEndpointHttps" Protocol="https" Port="443" Type="Input" CertificateRef="SSLCertificate" />
</Endpoints>
Here is ApplicationManifest EnvironmentVariable snippet.
<EnvironmentVariable Name="ASPNETCORE_URLS" Value="https://*:443/;http://*:80/"/>
Here is ApplicationManifest.xml Policies snippet.
<Policies>
<ContainerHostPolicies CodePackageRef="Code">
<RepositoryCredentials AccountName="accountname" Password="password" PasswordEncrypted="false" />
<PortBinding ContainerPort="80" EndpointRef="ServiceEndpoint"/>
<PortBinding ContainerPort="443" EndpointRef="ServiceEndpointHttps"/>
</ContainerHostPolicies>
<EndpointBindingPolicy CertificateRef="SSLCertificate" EndpointRef="ServiceEndpointHttps" />
</Policies>
Here is ApplicationManifest.xml Certificates snippet.
<Certificates>
<EndpointCertificate Name="SSLCertificate" X509FindValue="cert thumbprint"/>
</Certificates>
Initially, I had issues with Certificate deployment when I had SSL certificate only in CurrentUser\My Certificate Store. I resolved it after deploying the certificate in LocalMachine\My Certificate Store. With this fix, Service seems to be working only with HTTP protocol in Port 80, not with HTTPS protocol in Port 443.
Service Fabric Explorer doesn't show any error and no errors in Events Log also. I am facing this issue in both Local Service Fabric and in Azure Service Fabric instances.
Any thoughts/pointers on this would be appreciated.
Using Service Fabric for container and https could follow this doc.
It will inject the certificate into the container as environment variables.
But for linux clusters, there is a problem. The Certificates_ServicePackageName_CodePackageName_CertName_PEM and Certificates_ServicePackageName_CodePackageName_CertName_PrivateKey represented files are having the exact same content.
I'm waiting for the Azure China supporter for further clarification on this, not sure if it's a China specific problem.
I recently created a Powershell script that deploys my Web Application (ASP.NET MVC) to Azure. It works like it should, but I figured out that it would improve the script a lot by being able to change the endpoint in the Web.config file during deployment, i.e. the script prompts the user for the address. The Web.config section looks like this:
<system.serviceModel>
<client>
<endpoint address="http://localhost:10421/MyService" binding="binding" bindingConfiguration="foo" contract="bar" name="id" />
</client>
</system.serviceModel>
I would like to change the endpoint address with my script.
Use the Get-Content cmdlet to load your configuration file, access the property and change it and finally write it back using the Set-Content cmdlet:
[xml]$content = (Get-Content 'your_file')
$content.configuration.'system.serviceModel'.client.endpoint.address = 'YourNewAdress'
$content | Set-Content 'your_file'
Note: I asume that the system.serviceModel is within the configuration node. If not, omit that.
I have an Ubuntu server with Elasticsearch, MongoDB, and Graylog2 running in Azure, and I have an asp.net mvc4 application I am trying to send logs from. (I am using Gelf4Net / Log4Net as the logging component). To cut to the chase, nothing is being logged.
(skip to the update to see what is wrong)
The setup
1 Xsmall Ubuntu VM running the needed software for graylog2
everything is running as a daemon
1 Xsmall cloud service with the MVC4 app (2 instnaces)
A virtual network setup so they can talk.
So what have I tried?
From the linux box the follow command will cause a message to be logged echo "<86>Dec 24 17:05:01 foo-bar CRON[10049]: pam_unix(cron:session):" |
nc -w 1 -u 127.0.0.1 514
I can change the IP address to use the public IP and it works fine as well.
using this powershell script I can log the same message from my dev machine as well as the production web server
Windows firewall turned off and it still doesn't work.
I can log to a FileAppender Log4Net, so I know Log4Net is working.
tailing the graylog2.log shows nothing of interest. Just a few warning about my plugin directory
So I know everything is working, but I can't get the Gelf4Net appender to work. I'm a loss here. Where can I look? Is there something I am missing
GRAYLOG2.CONF
#only showing the connection stuff here. If you need something else let me know
syslog_listen_port = 514
syslog_listen_address = 0.0.0.0
syslog_enable_udp = true
syslog_enable_tcp = false
web.config/Log4Net
//application_start() has log4net.Config.XmlConfigurator.Configure();
<log4net >
<root>
<level value="ALL" />
<appender-ref ref="GelfUdpAppender" />
</root>
<appender name="GelfUdpAppender" type="Gelf4net.Appender.GelfUdpAppender, Gelf4net">
<remoteAddress value="public.ip.of.server"/>
<remotePort value="514" />
<layout type="Gelf4net.Layout.GelfLayout, Gelf4net">
<param name="Facility" value="RandomPhrases" />
</layout>
</appender>
</log4net>
update
for some reason it didn't occur to me to run graylog in debug mode :) Doing so shows this message.
2013-04-09 03:00:56,202 INFO : org.graylog2.inputs.syslog.SyslogProcessor - Date could not be parsed. Was set to NOW because allow_override_syslog_date is true.
2013-04-09 03:00:56,202 DEBUG: org.graylog2.inputs.syslog.SyslogProcessor - Skipping incomplete message.
So it is sending an incomplete message. How can I see what is wrong with it?
I was using the wrong port (DOH!)
I should have been using the port specified in graylog2.config / gelf_listen_port = 12201
so my web.config/log4net/gelf appender should have had
<appender name="GelfUdpAppender" type="Gelf4net.Appender.GelfUdpAppender, Gelf4net">
...
<remotePort value="12201" />
...
</appender>
For anyone who may have the same problem, make sure Log4Net reloads the configuration after you change it. I don't have it set to watch the config file for changes, so it took me a few minutes to realize that I was using the wrong port. When I changed it from 514 to 12201 the first time, messages still weren't getting though. I had to restart the server for Log4Net to pick up the new config, and then it started to work.