Develop Reference

How to properly set up HTTPS for OnlyOffice

Following OnlyOffice's help center's instructions leads to the creation of security certificate declared as invalid by browsers, as it is self-signed.
The intention is to use OnlyOffice's server on Docker for NextCloud, which runs properly already on another server.
Currently, the certificates have been created in the directory suggested by the instructions:
/app/onlyoffice/DocumentServer/data/certs# ls
dhparam.pem onlyoffice.crt onlyoffice.csr onlyoffice.key
I have followed all the given steps, and it does not work.
Is there a way to use LetsEncrypt instead of self-signed certificates?
I am not an IT management person, I am a simple developer trying to use OSS to not use Google Docs etc. Take this into consideration when providing guidance, as what you may take for granted, I may not.

The problem that you are having is that a self-signed certificate is not trusted by anyone (anything).
You can create your own certificate using Let's Encrypt. You will either need to create a special file on your server or create a TXT record on your domain's DNS server.
Certbot Download
The following is for Linux. If you are running on Windows, try using ManuaLE (more info below)
Go to let's encrypt and download certbot. Then from the command line:
certbot certonly --manual --preferred-challenges dns -d mydomain.com
This command will prompt you to create a TXT record on your DNS server. After creating the record wait a few minutes before pressing ENTER to continue.
After your SSL certificate is created, copy and rename them to your desired location listed in your question.
Instructions for ManuaLE for Windows.
ManuaLE Download
manuale authorize mydomain.com
manuale issue mydomain.com
After your SSL certificate is created, copy and rename them to your desired location listed in your question.

Please restart the container, the DocumentServer will switch to https config.
Open the address of the DocumentServer in your browser. If that is available, it can be connected to your NextCloud instance.

Jenkins Update Center broken -- java.io.IOException: Downloaded file /var/lib/jenkins/plugins/*.jpi.tmp does not match expected SHA-1 [duplicate]

I have installed Jenkins by deploying its WAR file to Tomcat. On typing
http://localhost:8080/jenkins
In browser, jenkins home page is opening which means jenkins is successfully installed. I configured system settings, gave jdk and maven path and save them. Then to install plugins, I clicked on Jenkins->Manage plugins and clicked on Available tab but could not find any plugins. I tried three solutions:
Configured proxy for Jenkins by going to Jenkins->Manage Plugins->Advanced(did not find plugins)
Restarted server, refreshed browser and went to Jenkins->Manage plugins->Available (still did not find any plugins). So, I read somewhere that we have update plugins forcefully if they are not updated automatically. So, went to Jenkins->Manage Plugins->Advanced and clicked the tab 'Check now' (Still did not find any plugins on clicking on Available tab).
Finally I read somewhere that if we add the pluginGroup 'org.jvnet.hudson.tools' to settings.xml file of maven, problem may be resolved. So, added the corresponding code to settings.xml:
Then I tried again but still could not find any plugins in
Jenkins->Manage plugins->Available
If any other solution is there which can resolve this problem please let me know.

Go to: Manage Jenkins → Manage Plugins → Advanced, then click Check now in the bottom right-hand corner. When you go back to Available tab all plugins should be listed.

At the plugins section of Jenkins open the "Advanced Settings" tab and paste the following URL into the Update Server URL field (at the bottom): https://updates.jenkins.io/update-center.json

For me the following worked:
Go to Manage Jenkins->Configure Global Security
Click the checkbox for "Use browser for metadata download"
I also have security disabled and prevent cross site forgery unchecked.

You can force update the plugin list by hand.
This worked for me:
wget -O default.js http://updates.jenkins-ci.org/update-center.json
sed '1d;$d' default.js > default.json
curl -X POST -H "Accept: application/json" -d #default.json http://localhost:8080/updateCenter/byId/default/postBack --verbose
(I created this in order to be able to deploy Jenkins and install plugins in batch)

The problem may be that your browser proxy settings are not configured properly.
Jenkins doesn't retrieve the plugin list directly from the update center, it tells your browser to retrieve it and post it back to Jenkins. So the HTTP proxy settings within Jenkins are ignored for this step.
So if you are using a browser that is configured to only work within your network, to connect to local servers such as a Jenkins instance, then you won't be able to update the plugin list.
(This just happened to me and took a frustrating hour to work out.)

This was so frustrating... Not because of difficulty but lack of clarity and good documentation, at least for the issues I encountered. I ended up having to set up the Manage Plugins -> Advanced -> HTTP Proxy Configuration in a very specific, picky way. If I didn't do exactly this, minus the last noted thing on the bottom, I could not get this working. Maybe it's my work's firewall, maybe it's jenkins, either way give this a shot if you haven't been able to successfully update your proxy settings. I used the Validate Proxy tool in the menu. I'll very briefly describe the infographic basics below
Don't add http:// or https:// to your Server field
Use your jenkins credentials for Username and Password, not your proxy credentials (if that's even applicable)
Add http:// to your Test URL if you're checking something like Google or Yahoo
Submit your changes
Then run check-now
(Optional?) Change Update site from HTTP to HTTPS
You should be able to now update your plugins fingers-crossed

Change the update site from
https://updates.jenkins.io/update-center.json
to
http://updates.jenkins-ci.org/update-center.json

I had this issue when using nginx as a secure reverse proxy. I needed to update the url from which to download the updates list, as suggested above, only with https to prevent mixed content errors in chrome.

The reason why I could not find a plugin that i searched for in Jenkins->Manage plugins->Available:
It had already been installed and it was in Jenkins->Manage plugins->Installed.

I came across this SO answer while I was experiencing the same issue. When I would click "Check Now" to force Jenkins to download the latest list, my browser would just hang. It wasn't until I tailed the Jenkins log that I found this here:
Mar 10, 2014 1:15:54 PM hudson.security.csrf.CrumbFilter doFilter
WARNING: No valid crumb was included in request for /administrativeMonitor/hudson.diagnosis.ReverseProxySetupMonitor/test. Returning 403.
Looks like the issue has to do with how I've put Jenkins behind a reverse proxy and enabled the option to prevent Cross Site Request Forgery. Once I disabled that, the "Check Now" completed within 30 seconds.

For me, the following works out. I experience this empty available list issue after a fresh install jenkins 1.638 on Ubuntu 1404 in virtual box. We're under an ISA proxy server.
Go to Jenkins->Manage Plugins->Advanced and setup the proxy as below:
Host: 192.168.x.x (your Proxy IP)
Port: 80 (Your proxy port)
Note that I find the format matters. I tried adding http:// it doesn't work. It has to be exactly like above.
Then hit the check now button in the bottom right as everyone else suggested. Then you get the list.

My solution is here
If you type in "http://updates.jenkins-ci.org/update-center.json" directory to brower's address bar, (in my case) it actually redirected to "http://ftp.tsukuba.wide.ad.jp/software/jenkins/updates/current/update-center.json."
It worked when I set "http://ftp.tsukuba.wide.ad.jp/software/jenkins/updates/current/update-center.json" to Jenkins' update site, and click "Save" & "Update."
Hope this helps.

Or your plugin can be already installed. Once it's installed it's not in the list of available plugins.

If you're using Chrome
Go to: Manage Jenkins → Manage Plugins → Advanced, then click Check now in the bottom right-hand corner. Then click a shield icon in the address bar, click Load anyway and Jenkins will start to update plugins. In Firefox this icon is situated on the left side of address bar, near back button.

You can install plugins manually, to this this, go to advanced tab in manage plugins, after downloading plugins you need, submit these

I had an issue with NginX proxy requests to Jenkins. I had error:
Nginx 413 Request Entity Too Large
I was able to fix that by adding
client_max_body_size 2M;
to the /etc/nginx/nginx.conf file. After that I went to Jenkins - Plugin Manager - Advanced tab and press Check Now button

I had the same issue and was able to resolve it by enabling the browser metadata download. Please follow the steps below the enable this configuration in Jenkins
Step 01: Select Manage Jenkins and click on Configure Global Security
Step 02: Under the Plugin Manager section tick the "Use browser for metadata download"
Step 03: View Available tab under the Plugin Manager section in Manage Jenkins

If its a fresh installation not behind proxy please follow instruction under available "Use the search field above to search for available plugins".

After trying many things (including all the solutions posted here) and hours of searching... I've ended up with the upgrade of jenkins to version 1.638.
This helps to solve the frustrated problem with empty available plugins in older version of jenkins!

This answer is specific to Windows 10. If you use the installer that Jenkins now comes bundled as, Jenkins will get installed as a service. By default, the service runs under the Local System account. You have to change it to run under the Network Service account in order for Jenkins to be able to connect with the plugin update service. If you have Administrator privileges on the system then these steps should help:
Open Command Prompt.
Type in Services.msc and hit enter.
The Services window should be open now.
Locate the Jenkins instance in the list.
Right click on it and click Properties.
Go to the Log On tab (should be the second one).
There should be 2 radio buttons.
Local System Account (selected)
This Account (unselected)
Select This Account.
Type in Network Service in the text box.
Provide your windows password.
Hit Apply and OK.
Restart the Jenkins service.
Reload Jenkins in browser.
For added measures, you could also add a rule in Windows Firewall (or any other Firewall that you may be using) to allow outbound requests from Jenkins. Point to the jenkins.exe application that should be located in the installation directory of Jenkins for this rule.

For those like me who use Jenkins with Docker with a JDK8u60+ version, you need to remove the MD5 hash in JDK_HOME/jre/lib/security/java.security to make it works:
jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
To
jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024
This should be a temporary workaround

You don't have internet connection on Jenkins Machine.please configure Internet or installed plugin in offline mode.
Go to Jenkins -Plugin Manager-Upload Plugin

My Environment
Windows 7 Enterprise
Jenkins 2.89.2
Direct access to Internet
I tried most of the suggestions provided here but nothing worked until I tried following
First: I needed to run as 'Administrator'
Second: It was using default user home dir at C:\users\yourusername\.jenkins.
What Worked:
I changed default dir above to a different folder by defining JENKINS_HOME environment variable and I was able to get new plugins.

I faced the same issue with the latest Jenkins version, and all solutions didn't work with me so I followed the command line approach to install any plugin
sudo java -jar jenkins-cli.jar -s http://localhost:8080/ -auth USERNAME:PASSWORD -webSocket install-plugin PLUGIN_NAME
You can download the Jenkins-cli.jar from the installed Jenkins page http://localhost:8080/cli
You can search for the plugin name from the Jenkins site
https://plugins.jenkins.io/
If you have the Jenkins CLI installed uou can run this command
directly via terminal
jenkins-plugin-cli --plugins PLUGIN_NAME
I hope this solution helps if others didn't work with you.

I too tried all above,but this worked wonders
steps:
Go to https://plugins.jenkins.io (official page to get all jenkins plugins you are looking to install on jenkins)
Search "github" ( as we need github plugin to install)
You will see the github plugin,check the plugin id...it displays as id:github....so "github" is the exact plugin id
Download the jenkins-cli.jar from http://localhost:8080/cli and copy under /opt/jenkins-cli.jar in jenkins server
On jenkins server ,run the command to install github plugin
java -jar jenkins-cli.jar -s "http://localhost:8080" -auth jenkins-username:jenkins-password install-plugin github
Restart server
Now u will see the github plugin installed under installed section

For those who used Docker with MacOS. When you use Docker, there is no need to configure proxy settings for Jenkins inside Jenkins application, but you can and should do it already when running the container. For the context, I use MacOS and I was working within enterprise domain that had proxy configured.
SOLUTION
Configure proxy settings for Docker. You can do that if you open Preferences in Docker Desktop. The left menu, "Resources"->"Proxies". There you need to add correct proxy settings and then click "Apply & restart"
Add proxy settings to container when running it by giving and env variables HTTP_PROXY and HTTPS_PROXY. Add following flags with correct values to your command:-e HTTP_PROXY=<your_http_proxy:port> -e HTTPS_PROXY=<your_http_proxy:port>. An example with my own proxy configuration:
docker run \
-p 8080:8080 \
-p 50000:50000 \
-e HTTP_PROXY=http://10.65.100.13:8080 \
-e HTTPS_PROXY=http://10.65.100.13:8080 \
-v jenkins_home:/var/jenkins_home \
jenkins/jenkins:lts-jdk11
UNDERLYING ISSUE
The issue was SSL certificates. Jenkins, when downloading plugins, was unable to reach the CA certificates while working inside the container that was no configured to work using proxy. This caused the download to fail. Even if I configured Jenkins proxy settings as suggested in previous answers, it was no good, because the container itself failed to communicate over proxy.
Reading the Docker documentation, I found out that Docker should access CA certs itself from keychain, but it does not add proxy settings automatically to containers. Configuration to the container has to be added manually. Doing so configures the whole container properly in terms of proxy and container is able to reach for CA certs. Once the container works via proxy as expected, Jenkins does not need additional configuration itself.

Bot integration with local repository

I am trying to create bot with my local repository created on mac. But integration fails always. I am using simulator for testing. I have also selected simulators from device settings.
But getting following error always-
SSH Known Hosts file path is located at /Library/Server/Xcode/Config/ssh_known_hosts
SSH strict host checking is enabled (you can disable this by editing the SSHStrictHostKeyChecking key in /Library/Server/Xcode/Config/xcsbuildd.plist
Untrusted HTTPS certificates is disabled (you can enable this by editing the TrustSelfSignedSSLCertificates key in /Library/Server/Xcode/Config/xcsbuildd.plist
ab59d95ce4458b340114a7aefb9f16479f05982b refs/heads/master
SSH Known Hosts file path is located at /Library/Server/Xcode/Config/ssh_known_hosts
SSH strict host checking is enabled (you can disable this by editing the SSHStrictHostKeyChecking key in /Library/Server/Xcode/Config/xcsbuildd.plist
Untrusted HTTPS certificates is disabled (you can enable this by editing the TrustSelfSignedSSLCertificates key in
/Library/Server/Xcode/Config/xcsbuildd.plist
Do I need to generate ssh key?
I have generated ssh key also but how can I add it for local repository on my mac
Plz help if u have any idea.
Thanks

Actually, this article might have the answer to your problem:
Missing xcsbuildd.plist file on OS X 10.9 Server

Actually, if you pointing bot to a git via https, so these messages are not errors, they are warnings. I have two bots now and they goes to our internal git server by https, and successfully fetching sources and displays this message anyway.
As you said, your integration fails. If bot can't get sources, it will write that checkout sources failed.
To understand what actually goes wrong you should look through the Build Failure Log under the Logs tab in the your integration in the Xcode or in the safari. (I would recommend you to look in the safari because if your log is huge, safari will load it much faster than Xcode). Yeah, it's not very comfortable, but it's not very hard. At some point you'll see the git command arguments and, perhaps, error reason a few lines below.

After configuring everything as it should be in Xcode Server, I get two different results.
When I create a bot in Xcode: internal-checkout-error.
When I create a bot in Safari: Works like a charm.
Both with the exact same project, the exact same Xcode Server host. Apple did more than their usual level of obfuscation, here...

Internal Server Error Xcode Continuous Integration

I've successfully created a Bot and run an integration test for an iOS application hosted on a remote SVN server over HTTP. When trying to run the same test over HTTPS the test fails and I receive the error: Integration failed. Unexpected internal server error. See the integration's logs for more details. The certificate used for the SVN server is self signed and I ensured I am able to still update/commit to the server over HTTPS. After looking through the logs I can't seem to find out what the error is or how to fix it. (I would post the logs but it's like 100 pages to read through...)
Steps taken so far:
Deleted the bot and project, checked out the project over HTTPS, re-made the bot.
Ensure the correct HTTPS repository is listed both in OS X Server --> Xcode --> Repositories, and in Xcode's repository preferences. (Deleted the old repository as well)
Place the self signed certificate into the keychain's System Store and ensure it is set to Trust All.
Modified the Xcode config file xcsbuildd.plist and changed TrustSelfSignedSSLCertificates to true.
Nothing has seemed to fix it so far. If anyone can think of a fix for this issue please let me know.

I finally was able to fix this by adding to the System keychain our company's Root certificate authority and Intermediate certificate authority certs.
I used Charles (web debugging proxy) to intercept requests and responses and see what was wrong. It gave me a clue that OS X Server was struggling with certs.

HTTPS request can't verify certificate on iOS Safari

I didn't configure the HTTPS on my domain so I'm not really sure where to start with this warning prompt that I only get on iOS Safari on my iPhone and iPad. I've never gotten this on a desktop with Mac Safari, Chrome, FF, or IE.
Can someone point me to a file on my ubuntu/apache EC2 server or somewhere on the site of my domain provider, GoDaddy, that deals with verifying certificates.

For those on Nginx you need to append the gd_bundle.crt file to your other .crt cert. Just cat gd_bundle.crt >> yourwebsite.crt and restart Nginx.

Tim,
If browsers on desktops are showing the SSL without warning, and the warning you are getting is on a mobile device, the issue is most likely with the intermediate certificate of the Certificate Authority that issued the SSL not being installed properly. I suggest that you contact the issuer of the certificate for help with this and not the host or the domain registrar.

I found the link which solved my problem.
I needed to put BOTH .crt files from GoDaddy into my /etc/apache2/ssl folder on my apache EC2 server and add the following to my /etc/apache2/httpd.conf file:
SSLCertificateFile /etc/apache2/ssl/mysite.com.crt
SSLCertificateChainFile /etc/apache2/ssl/gd_bundle.crt