I've just completed the installation of Sonatype Nexus 3.2.1-01 and I'm trying to publish some artifacts using a Jenkins job and the Nexus Artifact Uploader 2.9 plugin.
The upload starts fine:
100 % completed (572 kB / 572 kB).
But then it throws the the error:
Return code is: 502, ReasonPhrase:Bad Gateway.
Both the Jenkins and Nexus servers run behind a reverse proxy which I believe are the source of the issue.
The Apache log seems to suggest that the request was not replied by Nexus:
[Thu Apr 06 18:50:46.128569 2017] [proxy:error] [pid 10327] (32)Broken pipe:
[client some_ip:57928] AH01084: pass request body failed to 0.0.0.0:8081 (0.0.0.0)
[Thu Apr 06 18:50:46.128649 2017] [proxy_http:error] [pid 10327] [client some_ip:57928] AH01097: pass request body failed to 0.0.0.0:8081 (0.0.0.0) from some_ip ()
This is my VirtualHost config in Apache for the Sonar server:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin some#email.com
ServerName some.website.com
ServerAlias nsome.website.com
DocumentRoot /srv/www/nexus/public_html/
ErrorLog /srv/www/nexus/logs/error.log
CustomLog /srv/www/nexus/logs/access.log combined
ProxyPreserveHost On
ProxyPass / http://0.0.0.0:8081/
ProxyPassReverse / http://0.0.0.0:8081/
ProxyPassReverse / https://some.website.com/
SSLCertificateFile /etc/letsencrypt/live/some.website.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/some.website.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/some.website.com/chain.pem
</VirtualHost>
</IfModule>
I've tried to add the following, as explained in other answers, but did not help:
1) Disabling the check on the SSL certificates (although these are valid):
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
2) Forcing the requests headers:
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"
3) Settting the timeouts and keepalive options in the ProxyPass line:
ProxyPass / http://0.0.0.0:8081/ retry=1 acquire=3000 timeout=600 Keepalive=On
At the end the error 502 (bad gateway) had nothing to do with the root cause of the problem. The version listed on the artifact to be published for the snapshot version did not comply with the Nexus policy and this was triggering the error.
In my case it was an upgrade issue from Nexus2 to Nexus3: here the component URL changed from https://nexus.yourcompany.com/content/repositories/releases
to https://nexus.yourcompany.com/repository/releases.
I was having the same issue because my python script skip basic authentication. When forced, the problem was resolved.
It was weird because uploading a 'tar.gz' works fine but a 'zip' give me the 502 error.
Add this to your pom file
<distributionManagement>
<snapshotRepository>
<id>ossrh</id>
<url>https://oss.sonatype.org/content/repositories/snapshots</url>
</snapshotRepository>
<repository>
<id>ossrh</id>
<url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
</repository>
</distributionManagement>
Related
I'm working on Ubuntu 16.04 with Apache. I try to start my rails application with Phusion Passeger. But the application is not started at all, I get HTML 403 "You don't have permission to access /kainji/ on this server" if I enter the URL: http://poyry.wo.local/kainji and the only log in other_vhosts_access.log:
poyry.wo.local:80 127.0.0.1 - - [13/Dec/2018:15:19:28 +0100] "GET /kainji/ HTTP/1.1" 403 513 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.84 Safari/537.36" 2265
I have the following file in sites-available directory linked into sites-enabled directory:
<VirtualHost *:80>
ServerName poyry.wo.local
DocumentRoot /var/www/html/dev/rails
<Directory /var/www/html/dev/rails>
Options -Indexes
Allow from all
</Directory>
PassengerBaseURI /kainji
<Directory /var/www/html/dev/rails/v2p0-kanji/public>
RailsEnv development
Options -MultiViews
</Directory>
</VirtualHost>
If I remove the link I get HTML 404: "The requested URL /kainji was not found on this server." what is correct.
In Apache error log I see, that Passenger was started:
[ 2018-12-12 14:17:41.8778 4321/7efdbb745780 age/Wat/WatchdogMain.cpp:1291 ]: Starting Passenger watchdog...
[ 2018-12-12 14:17:41.8885 4324/7f0b49b28780 age/Cor/CoreMain.cpp:982 ]: Starting Passenger core...
[ 2018-12-12 14:17:41.8886 4324/7f0b49b28780 age/Cor/CoreMain.cpp:235 ]: Passenger core running in multi-application mode.
[ 2018-12-12 14:17:41.8908 4324/7f0b49b28780 age/Cor/CoreMain.cpp:732 ]: Passenger core online, PID 4324
[ 2018-12-12 14:17:41.9045 4356/7fd543c3b780 age/Ust/UstRouterMain.cpp:529 ]: Starting Passenger UstRouter...
[ 2018-12-12 14:17:41.9051 4356/7fd543c3b780 age/Ust/UstRouterMain.cpp:342 ]: Passenger UstRouter online, PID 4356
[Wed Dec 12 14:17:42.201857 2018] [ssl:warn] [pid 4318] AH01909: centos1.tibi1959.hu:443:0 server certificate does NOT include an ID which matches the server name
[Wed Dec 12 14:17:42.209447 2018] [mpm_prefork:notice] [pid 4318] AH00163: Apache/2.4.18 (Ubuntu) Phusion_Passenger/5.0.29 OpenSSL/1.0.2g configured -- resuming normal operations
[Wed Dec 12 14:17:42.209484 2018] [core:notice] [pid 4318] AH00094: Command line: '/usr/sbin/apache2'
Also the validating of the passenger installation is OK:
$ /usr/bin/passenger-config validate-install
What would you like to validate?
Use <space> to select.
If the menu doesn't display correctly, press '!'
⬢ Passenger itself
‣ ⬢ Apache
-------------------------------------------------------------------------
Checking whether there are multiple Apache installations...
Only a single installation detected. This is good.
-------------------------------------------------------------------------
* Checking whether this Passenger install is in PATH... ✓
* Checking whether there are no other Passenger installations... ✓
* Checking whether Apache is installed... ✓
* Checking whether the Passenger module is correctly configured in Apache... ✓
Everything looks good. :-)
What is wrong?
From a first look, I would guess that the issue is caused by the static file service overriding the application.
The 403 error is due to the fact that directory listings are disabled and there's no index.html file to display.
You might want to change the way you set up the static file service, so the url requires the "public" folder name. This way, you could set the application server to route to the /kainji path.
Maybe something like:
```
ServerName poyry.wo.local
DocumentRoot /var/www/html/dev/rails/kainji/public
PassengerBaseURI /kainji
RailsEnv development
Options -MultiViews
```
Here's my situation:
I'm using Elastic Beanstalk to spin up a single EC2 instance without an ELB. I want to have the instance only accessible through the API Gateway. So, I went the route of using client-side certificates for authentication, like what's described here.
My EC2 instance has Nginx serving a Rails application. I generated a self-signed certificate on my machine and configured Nginx to use that to serve stuff over https.
Everything seems fine, but when I try to invoke my proxy endpoint from the API Gateway console, I get a 500 error like below:
...
Thu Sep 14 02:27:05 UTC 2017 : Endpoint request URI: https://xxxxxxxxx.xxxxxxxxx.us-east-1.elasticbeanstalk.com/health
Thu Sep 14 02:27:05 UTC 2017 : Endpoint request headers: {x-amzn-apigateway-api-id=xxxxxxxxx, User-Agent=AmazonAPIGateway_xxxxxxxx, Accept-Encoding=identity}
Thu Sep 14 02:27:05 UTC 2017 : Endpoint request body after transformations:
Thu Sep 14 02:27:05 UTC 2017 : Sending request to https://xxxxxxxxx.xxxxxxxx.us-east-1.elasticbeanstalk.com/health
Thu Sep 14 02:27:05 UTC 2017 : Execution failed due to configuration error: General SSLEngine problem
Thu Sep 14 02:27:05 UTC 2017 : Method completed with status: 500
I'm thinking that it has something to do with the fact that I'm using a self-signed certificate on the backend. But do I really have to purchase a legitimate certificate in order to complete my setup? Are there any other solutions that would allow me to only accept requests to my EC2 instance only through the API Gateway?
I looked at the Lambda method that is described here, but I didn't want to add any more complexity or latency to the requests.
Here's my Nginx configuration for completeness:
server {
listen 443;
server_name localhost;
ssl on;
ssl_certificate /etc/pki/tls/certs/server.crt;
ssl_certificate_key /etc/pki/tls/certs/server.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_prefer_server_ciphers on;
ssl_client_certificate /etc/pki/tls/certs/api_gateway.cer;
ssl_verify_client on;
if ($ssl_protocol = "") {
return 444;
}
}
see my answer here AWS API Gateway - Use Client-Side SSL Certificates. Sot sure what incompatibility is with NGINX - i managed to create PoC and validate Authenticate with Client-SSL behavior
It appears at the time of this writing that API Gateway has a known incompatibility with NGINX around Client Certificates.
I have a Rails 4.2.6 application with Passenger 5.0.28 on Ubuntu 14.04 x64.
After successful deployment using Capistrano, I can't open website. And I even can't find log files that will indicate the problem. After some research, I have found out that the most common problem is missing secret_key_base env var.
So here is my pretty simple apache config file:
<VirtualHost *:80>
ServerAdmin webmaster#localhost
ServerName my.server.com
DocumentRoot /var/www/my_server/current/public
PassengerRuby /home/deployer/.rvm/gems/ruby-2.2.2/wrappers/ruby
<Directory />
Options FollowSymLinks
AllowOverride None
RailsEnv staging_v4
</Directory>
<Directory /var/www/my_server/current/public/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
Allow from all
Require all granted
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error-v4.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access-v4.log combined
</VirtualHost>
When I try to open my app In see the error:
Incomplete response received from application
Logs tail -f /var/log/apache2/*
==> /var/log/apache2/access-v4.log <==
10.0.14.224 - - [09/Jun/2016:18:47:22 +0600] "GET / HTTP/1.1" 502 343 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.63 Safari/537.36"
10.0.14.224 - - [09/Jun/2016:18:47:23 +0600] "GET /favicon.ico HTTP/1.1" 200 1449 "http:/my.server.com/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.63 Safari/537.36"
Error log is empty.
My application logs in /var/www/my_server/current/log also empty
So what I did so far:
I put actual string inside /var/www/my_server/current/config/secrets.yml
I added export SECRET_KET_BASE=<string> inside /etc/profile, /home/deployer/.bash_profile, /etc/apache2/envvars
Any thoughts? Where should I gather more information from server?
I have similar issue on Rails 5.2, apache, passenger
The solution was to put this line in the configuration files (conifg/initializers)
Rack::Utils.multipart_part_limit = 0
I have problem with deploying RoR-app with apache2+passenger.
OS is debian-like Astra Linux.
Kerberos auth with GSSAPI is enabled.
passenger-status shows:
Version : 5.0.21
Date : 2016-04-22 12:29:13 +0300
Instance: Dt5dmAVr (Apache/2.2.22 (Debian) mod_auth_kerb/5.4 Phusion_Passenger/5.0.21)
Phusion Passenger is currently not serving any applications.
With attempt to access app page from browser I get error message in /var/log/apache2/error.log :
[ 2016-04-22 12:23:58.4672 21392/7f741705c780 age/Cor/CoreMain.cpp:234 ]: Passenger core running in multi-application mode.
[ 2016-04-22 12:23:58.4685 21392/7f741705c780 age/Cor/CoreMain.cpp:707 ]: Passenger core online, PID 21392
[ 2016-04-22 12:23:58.4897 21407/7f4819471780 age/Ust/UstRouterMain.cpp:504 ]: Starting Passenger UstRouter...
[ 2016-04-22 12:23:58.4912 21407/7f4819471780 age/Ust/UstRouterMain.cpp:317 ]: Passenger UstRouter online, PID 21407
[Fri Apr 22 12:23:58 2016] [notice] Apache/2.2.22 (Debian) mod_auth_kerb/5.4 Phusion_Passenger/5.0.21 configured -- resuming normal operations
[ 2016-04-22 12:24:18.0666 21428/7f3a64646780 apa/Hooks.cpp:703 ]: Unexpected error in mod_passenger: Cannot connect to the Passenger core at unix:/tmp/passenger.N6n3OMb/agents.s/core
Backtrace:
in 'Passenger::FileDescriptor Hooks::connectToCore()' (Hooks.cpp:305)
in 'int Hooks::handleRequest(request_rec*)' (Hooks.cpp:573)
With passenger-5.0.27 everything looks same.
Passenger was installed as gem.
/etc/apache2/mods-enabled/passenger.load:
LoadModule passenger_module /usr/local/lib/ruby/gems/2.2.0/gems/passenger-5.0.21/buildout/apache2/mod_passenger.so
/etc/apache2/mods-enabled/passenger.conf:
<IfModule mod_passenger.c>
PassengerRoot /usr/local/lib/ruby/gems/2.2.0/gems/passenger-5.0.21
PassengerDefaultRuby /usr/local/bin/ruby
</IfModule>
/etc/apache2/sites-enabled/myapp:
<VirtualHost *:80>
ServerName myapp.ru
ServerAlias www.myapp.ru
ServerAdmin webmaster#localhost
DocumentRoot /var/www/myapp/public
RailsEnv production
<Directory /var/www/myapp/public/>
AuthType Kerberos
KrbAuthRealms EXAMPLE.RU
KrbServiceName HTTP/astra-server.example.ru
Krb5Keytab /etc/apache2/keytab
KrbMethodNegotiate on
KrbMethodK5Passwd off
require valid-user
Options Indexes FollowSymLinks MultiViews
AllowOverride None
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
LogLevel warn
</VirtualHost>
Any help?
PassengerInstanceRegistryDir option helped me.
UPDATE
Whole solution for Apache+Passenger sockets processing on Astra Linux SE:
Apache user - www-data (/etc/apache2/envvars)
Passenger user switching is on (by default)
Passenger instance dir is moved to /var/passenger (PassengerInstanceRegistryDir option in /etc/apache2/mods-available/passenger.conf)
Astra Linux specific - www-data user has Linux (CAP_SETGID, CAP_SETUID) and PARSEC (PARSEC_CAP_PRIV_SOCK, PARSEC_CAP_SETMAC) priviledges. This priviledges can be set via usercaps command.
Directories /var/www, /var/passenger are owned by www-data
It could be that your /tmp dir is being cleaned by something. Check if the /tmp dir from the log actually exists or not if you see the error. You can fix that by stopping the cleaning or changing the PassengerInstanceRegistryDir to another place than /tmp.
Another possibility is that your shell is exiting somehow (Passenger uses the shell to execute commands, which will fail if the shell exits prematurely).
Either way setting the PassengerLogLevel to 7 should provide more information.
I have a rails app that I just deployed to Digital Ocean and it's running on Puma and Nginx.
Eventually all it returns is a bad gateway and this is what is in the error.log
2014/09/09 22:23:06 [error] 5729#0: *3059 connect() to unix:///var/www/mysite/mysite_app.sock failed (111: Connection refused) while connecting to upstream, client: 67.5.19.192, server: mysite.com, request: "GET / HTTP/1.1", upstream: "http://unix:///var/www/mysite/mysite_app.sock:/", host: "mysite.com"
To fix it, I just restart puma and it seems to work.
How can I debug this to figure out why it keeps dying?
Here's my nginx config:
upstream mysite {
server unix:///var/www/mysite/mysite_app.sock;
}
server {
listen 80;
server_name mysite.com;
root /var/www/mysite/current/public;
client_max_body_size 20M;
location / {
proxy_pass http://mysite; # match the name of upstream directive which is defined above
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ~* ^/assets/ {
# Per RFC2616 - 1 year maximum expiry
expires 1y;
add_header Cache-Control public;
# Some browsers still send conditional-GET requests if there's a
# Last-Modified header or an ETag header even if they haven't
# reached the expiry date sent in the Expires header.
add_header Last-Modified "";
add_header ETag "";
break;
}
}
EDIT
Could this be caused from running out of memory?
Here's my current state of memory, but as I keep running this command every so often, the amount of free memory goes down and once i restart puma it jumps back up to like 150.
$ free -m
total used free shared buffers cached
Mem: 490 440 50 0 17 84
-/+ buffers/cache: 338 151
Swap: 0 0 0
It seems this is actually an issue with ruby 2.1 (specifically i'm using 2.1.2) and its garbage collection.
A google search like this seems to have lots of various threads on it http://bit.ly/1s2vBC0
Here's a ruby bug ticket on the issue: https://bugs.ruby-lang.org/issues/9607
Lack of memory can be issue, but you better look into puma and rails logs, not nginx only. In the application folder:
tail -f log/puma*
tail -f log/production.log
I've had similar issues but I note that 2.1.3 has now been released and specifically discusses memory issues:
https://www.ruby-lang.org/en/news/2014/09/19/ruby-2-1-3-is-released/
I'm going to try it now!