In a microservices architecture, I have three containers, front(angular), gateway(spring cloud gateway) and security provider(keycloak) among others
For security configurations in the gateway
If I set
spring:
security:
oauth2:
client:
provider:
keycloak:
issuer-uri: http://keycloak-container:8080
I can start gateway container and reach the security container
But
spring:
security:
oauth2:
client:
provider:
keycloak:
issuer-uri: https://public-dns-of-keycloak-container.mydomain.com
Throws me this error
... 61 common frames omitted
Caused by: org.springframework.web.client.ResourceAccessException: I/O error on GET request for "https://public-dns-of-keycloak-container.mydomain.com/auth/realms/boromoi_app/.well-known/openid-configuration":
Connection timed out (Connection timed out); nested exception is java.net.ConnectException: Connection timed out (Connection timed out)
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:751) ~[spring-web-5.2.1.RELEASE.jar!/:5.2.1.RELEASE]
at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:654) ~[spring-web-5.2.1.RELEASE.jar!/:5.2.1.RELEASE]
at org.springframework.security.oauth2.jwt.JwtDecoderProviderConfigurationUtils.getConfiguration(JwtDecoderProviderConfigurationUtils.java:71)
~[spring-security-oauth2-jose-5.2.1.RELEASE.jar!/:5.2.1.RELEASE]
... 69 common frames omitted
Caused by: java.net.ConnectException: Connection timed out (Connection timed out)
https://public-dns-of-keycloak-container.mydomain.com is the URL used by front to reach security container
Related
I am trying to install eclipse inside a docker container (Ubuntu 22.04, JDK 17)
I am trying to use the oomph installer to install the eclipse. Seems like some of the eclipse download sites cant be accessed.
Errors like:
!MESSAGE Connection to https://download.eclipse.org/releases/2023-03/202301131000/p2.index failed on Connect to https://download.eclipse.org:443 [download.eclipse.org/198.41.30.199] failed: Connection refused
!MESSAGE Connection to https://download.eclipse.org/oomph/updates/milestone/latest/compositeContent.jar failed on Connect to https://download.eclipse.org:443 [download.eclipse.org/198.41.30.199] failed: Connection refused. Retry attempt 0 started
!MESSAGE Connection to https://download.eclipse.org/oomph/updates/milestone/latest/compositeArtifacts.jar failed on Connect to https://download.eclipse.org:443 [download.eclipse.org/198.41.30.199] failed: Connection refused. Retry attempt 0 started
!MESSAGE Connection to https://download.eclipse.org/technology/epp/packages/2023-03/202301121200/features/org.eclipse.epp.package.common.feature_4.27.0.20230112-0751.jar failed on Connect to https://download.eclipse.org:443 [download.eclipse.org/198.41.30.199] failed: Connection refused. Retry attempt 0 started
!MESSAGE Connection to https://download.eclipse.org/technology/epp/packages/2023-03/202301121200/features/org.eclipse.epp.package.java.feature_4.27.0.20230112-0751.jar failed on Connect to https://download.eclipse.org:443 [download.eclipse.org/198.41.30.199] failed: Connection refused. Retry attempt 0 started
!MESSAGE Failure reporting download statistics to URL: https://download.eclipse.org/stats/technology/epp/packages/2023-03-M1/org.eclipse.epp.package.common/4.27.0.20230112-0751
!MESSAGE Unable to connect to repository https://download.eclipse.org/stats/technology/epp/packages/2023-03-M1/org.eclipse.epp.package.common/4.27.0.20230112-0751
!MESSAGE Connection to https://eclipse.mirror.rafal.ca/releases/2023-03/202301131000/plugins/org.eclipse.mylyn.wikitext.asciidoc.ui_3.0.42.202201072301.jar failed on Connect to https://eclipse.mirror.rafal.ca:443 [eclipse.mirror.rafal.ca/207.210.46.249] failed: Connection refused. Retry attempt 0 started
But these URLs I can access on the host machine. Inside docker container I cannot access them. Furthermore, I can access and download many other files from inside docker container like jdk from oracle, oomph installer file, eclipse tar file etc.
Why this error?
During the deployment GAE health checks are failing because of connection refused error. Container is exposing same port as GAE expects - 8080. After connecting with SSH to the container and doing curl 127.0.0.1/liveness_check, it works, however trying to manually query from gae instance itself is resulting with connection refused error.
Disabling health checks allows the deployment to finish but when accessing the service URL we receive nginx 502 bad gateway error.
Looks like nginx cannot access container port, or something else, I did try to deploy the image on GCE and it works.
app.yaml is pretty standard, it's using a custom VPC.
From GAE service logs:
[error] 33#33: *407 connect() failed (111: Connection refused) while connecting to upstream, client: 172.217.20.180, server: , request: "GET / HTTP/1.1", upstream: "http://172.17.0.1:8080/", host: "XXXXXXXXX"
on OS X i started kafka docker image successfully,but it seems that i can't access it on localhost
➜ ~ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1f931da3d661 wurstmeister/zookeeper:3.4.6 "/bin/sh -c '/usr/..." About an hour ago Up About an hour 22/tcp, 2888/tcp, 3888/tcp, 0.0.0.0:2181->2181/tcp docker_zookeeper_1
8bc36bcf8fdf wurstmeister/kafka:0.10.1.1 "start-kafka.sh" About an hour ago Up About an hour 0.0.0.0:9092->9092/tcp docker_kafka_1
➜ ~ telnet 0.0.0.0:2181
0.0.0.0:2181: nodename nor servname provided, or not known
➜ ~ telnet 0.0.0.0 2181
Trying 0.0.0.0...
telnet: connect to address 0.0.0.0: Connection refused
telnet: Unable to connect to remote host
➜ ~ telnet 192.168.43.193 2181
Trying 192.168.43.193...
telnet: connect to address 192.168.43.193: Connection refused
telnet: Unable to connect to remote host
➜ ~ telnet 127.0.0.1 2181
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused
telnet: Unable to connect to remote host
my docker file is here kafka.yml and use this command to up:
docker-compose -f src/main/docker/kafka.yml up -d
when i use
./mvnw
the console is:
2017-09-15 17:05:46.433 WARN 15871 --- [localhost:2181)] org.apache.zookeeper.ClientCnxn : Session 0x0 for server null, unexpected error, closing socket connection and attempting reconnect
java.net.ConnectException: Connection refused
at sun.nio.ch.SocketChannelImpl.checkConnect(Native Method)
at sun.nio.ch.SocketChannelImpl.finishConnect(SocketChannelImpl.java:717)
at org.apache.zookeeper.ClientCnxnSocketNIO.doTransport(ClientCnxnSocketNIO.java:361)
at org.apache.zookeeper.ClientCnxn$SendThread.run(ClientCnxn.java:1141)
how can i access the 2181 port
EDIT
docker logs 8bc36bcf8fdf
[2017-09-15 08:14:13,386] FATAL Fatal error during KafkaServerStartable startup. Prepare to shutdown (kafka.server.KafkaServerStartable)
java.lang.RuntimeException: A broker is already registered on the path /brokers/ids/1001. This probably indicates that you either have configured a brokerid that is already in use, or else you have shutdown this broker and restarted it faster than the zookeeper timeout so it appears to be re-registering.
at kafka.utils.ZkUtils.registerBrokerInZk(ZkUtils.scala:393)
at kafka.utils.ZkUtils.registerBrokerInZk(ZkUtils.scala:379)
at kafka.server.KafkaHealthcheck.register(KafkaHealthcheck.scala:70)
at kafka.server.KafkaHealthcheck.startup(KafkaHealthcheck.scala:51)
at kafka.server.KafkaServer.startup(KafkaServer.scala:270)
at kafka.server.KafkaServerStartable.startup(KafkaServerStartable.scala:39)
at kafka.Kafka$.main(Kafka.scala:67)
at kafka.Kafka.main(Kafka.scala)
[2017-09-15 08:14:13,393] INFO [Kafka Server 1001], shutting down (kafka.server.KafkaServer)
docker logs 1f931da3d661
2017-09-14 08:53:05,878 [myid:] - WARN [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:NIOServerCnxn#357] - caught end of stream exception
EndOfStreamException: Unable to read additional data from client sessionid 0x15e7ea74c8e0000, likely client has closed socket
at org.apache.zookeeper.server.NIOServerCnxn.doIO(NIOServerCnxn.java:228)
at org.apache.zookeeper.server.NIOServerCnxnFactory.run(NIOServerCnxnFactory.java:208)
at java.lang.Thread.run(Thread.java:745)
2017-09-14 08:53:05,887 [myid:] - INFO [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:NIOServerCnxn#1007] - Closed socket connection for client /172.18.0.2:54222 which had sessionid 0x15e7ea74c8e0000
Have you tried using host networking as in this example? https://docs.confluent.io/current/cp-docker-images/docs/quickstart.html#zookeeper
That looks like it will simplify and solve this. I'd also recommend checking out these images instead of the custom ones it looks like you are using because these are being run in production for people so they are known to work well.
My Neo4j database server is hosted in AWS.
I am using from my Mac this command:
$ ./bin/neo4j-shell -host xx.xxx.xxx.xxx -port 1337 -name shell
The port 1337 is enabled in the AWS Neo4j database server.
I have these lines uncommented in the file neo4j.properties:
remote_shell_enabled=true
remote_shell_host=127.0.0.1
remote_shell_port=1337
I am getting the error: Connection refused
Having the details:
java.rmi.ConnectException: Connection refused to host: xx.xxx.xxx.xxx; nested exception is:
java.net.ConnectException: Connection refused
at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:619)
at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:216)
at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:202)
at sun.rmi.server.UnicastRef.newCall(UnicastRef.java:341)
at sun.rmi.registry.RegistryImpl_Stub.lookup(Unknown Source)
at java.rmi.Naming.lookup(Naming.java:101)
at org.neo4j.shell.impl.RmiLocation.getBoundObject(RmiLocation.java:261)
at org.neo4j.shell.impl.RemoteClient.findRemoteServer(RemoteClient.java:69)
at org.neo4j.shell.impl.RemoteClient.<init>(RemoteClient.java:62)
at org.neo4j.shell.impl.RemoteClient.<init>(RemoteClient.java:45)
at org.neo4j.shell.ShellLobby.newClient(ShellLobby.java:178)
at org.neo4j.shell.StartClient.startRemote(StartClient.java:302)
at org.neo4j.shell.StartClient.start(StartClient.java:179)
at org.neo4j.shell.StartClient.main(StartClient.java:124)
Caused by: java.net.ConnectException: Connection refused
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339)
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200)
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:579)
at java.net.Socket.connect(Socket.java:528)
at java.net.Socket.<init>(Socket.java:425)
at java.net.Socket.<init>(Socket.java:208)
at sun.rmi.transport.proxy.RMIDirectSocketFactory.createSocket(RMIDirectSocketFactory.java:40)
at sun.rmi.transport.proxy.RMIMasterSocketFactory.createSocket(RMIMasterSocketFactory.java:147)
at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:613)
... 13 more
Don't know how to fix it.
I think you have to open quite a few ports on your server, besides 1337 and 1099 also a port range for RMI ports.
e.g. What port is used by Java RMI connection?
you can also use neo4j over http (e.g. in the browser with /webadmin) or via this script: https://gist.github.com/jexp/a9bf4cd3a16eb6c5997b
This key remote_shell_host=127.0.0.1 that enables you to just connect via loopback. You have to specify by which network adapter you will receive the connection. You can also specify 0.0.0.0 for any your network interfaces.
I have tried to install gitlab on archlinux following https://wiki.archlinux.org/index.php/gitlab
As 8080 is a well current port, I have switched to 8033.
When I try to connect to the website, it prints me 402 error.
If I have a look to nginx/gitlab_errors.log I have :
2015/03/23 21:16:00 [error] 29748#0: *1081 connect() failed (111: Connection refused) while connecting to upstream, client: 5.51.59.153, server: gitlab.floth.fr, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:8033/", host: "gitlab.floth.fr"
If I open /var/lib/gitlab/gitlab-shell.log I get
# Logfile created on 2015-03-23 21:09:06 +0100 by logger.rb/47272
W, [2015-03-23T21:09:06.321779 #30833] WARN -- : Failed to connect to internal API <GET http://localhost:8033/api/v3/internal/check>: #<Errno::ECONNREFUSED: Connection refused - connect(2) for "localhost" port 8033>
W, [2015-03-23T21:17:48.059769 #31230] WARN -- : Failed to connect to internal API <GET http://localhost:8033//api/v3/internal/check>: #<Errno::ECONNREFUSED: Connection refused - connect(2) for "localhost" port 8033>
W, [2015-03-23T21:22:01.846281 #31548] WARN -- : Failed to connect to internal API <GET http://localhost:8033//api/v3/internal/check>: #<Errno::ECONNREFUSED: Connection refused - connect(2) for "localhost" port 8033>
And if I run sudo -u gitlab bundle exec rake gitlab:check RAILS_ENV=production I get :
hooks directories in repos are links: ... can't check, you have no projects
Running /usr/share/webapps/gitlab-shell/bin/check
Check GitLab API access: FAILED: Failed to connect to internal API
gitlab-shell self-check failed
Try fixing it:
Make sure GitLab is running;
Check the gitlab-shell configuration file:
sudo -u gitlab -H editor /usr/share/webapps/gitlab-shell/config.yml
Please fix the error above and rerun the checks.
Checking GitLab Shell ... Finished
If I do netstat -a | grep 8033, nothing listening on that port...
Does anyone have an idea where to look for ? What service is not running because not started or failed?
Thank you for your help.
Edit
Content of gitlab-shell/config.yml
user: gitlab
gitlab_url: "http://localhost:8033/"
repos_path: "/srv/git/gitlab"
auth_file: "/var/lib/gitlab/.ssh/authorized_keys"
redis:
bin: /usr/bin/redis-cli
host: 127.0.0.1
port: 6379
database: 0
namespace: resque:gitlab
log_file: "/var/log/gitlab/gitlab-shell.log"
log_level: INFO
audit_usernames: false
git_annex_enabled: false
TADA !
I found where my configuration was bad.
All comes from the fact I have chosen an other port than 8080.
In such a case, it is important not only to modify gitlab-shell configuration (that is only the client) but the server part gitlab/config/unicorn.rb:
# Listen on both a Unix domain socket and a TCP port.
# If you are load-balancing multiple Unicorn masters, lower the backlog
# setting to e.g. 64 for faster failover.
listen "/run/gitlab/gitlab.socket", :backlog => 1024
listen "127.0.0.1:8033", :tcp_nopush => true