I use IIS to run CGI scripts written on python (hgweb.cgi).
But if something goes wrong IIS doesn't provide detailed information. It just writes in log:
2018-10-20 10:14:52 W3SVC1 ::1 POST /hgweb.cgi/ cmd=unbundle 9000 - ::1 mercurial/proto-1.0+(Mercurial+4.1.3) - localhost:9000 502 2 1 295
Error 502. But why it was happened it doesn't write.
I belive this error is detailed in stderr output of python script, but where to see it?
Make sure that iis logging is enable.
If it's not enabled, you can see below link to find out:
How to enable logging in Internet Information Services (IIS)
My solution is: https://docs.python.org/2.0/lib/node246.html
I redirected stderr to stdout and made try catch in script.
This looks like a hack, but it works...
Related
I've been trying to send a https request using ssl.https library in Lua, however no matter what url I give, I alway get permission denied and no other values like headers, etc. The linux I am using is CentOS Linux version 7.
Here is the example code:
local httpsocket = require("socket.http")
local httpssocket = require ("ssl.https")
local ltn12 = require("ltn12")
local res, code, response_headers, status = httpssocket.request("https://www.google.com")
module:log("info","%s %s",code.."",response_headers);
The code itself is part of a prosody plugin and the last line in this example prints this out:
permission denied <nil>
My question is how do I fix this issue so that I can access the page?
EDIT: It seem that the problem might be the user that the service is run under and needs root privilages otherwise it throws ACCES error for ports lower than 1024. Does anyone know what to do in this case?
So... after attempting fix this issue again, I finally found the solution. If you are having trouble with services not being able to send http/https request on centOS, there is a single command that has to be run to fix this issue:
setsebool -P nis_enabled 1
For those who might have similar issues but not quite the same as me, look into the /var/log/audit/audit.log for anything related to your program, process, service, etc. then use this command:
grep <pattern_to_match_specific_log> /var/log/audit/audit.log | audit2why
This will give you a reason why it failed and how to fix it
I'm trying to connect uWSGI Flask application on CentOS 7 with nginx, nginx error log at /var/log/nginx/error.log gives:
2017/10/04 22:35:29 [crit] 24381#0: *54 connect() to unix:/var/www/html/CON29Application1/socket.sock failed
(13: Permission denied) while connecting to upstream, client: 80.44.138.51,
server: 188.226.174.121, request: "GET /favicon.ico HTTP/1.1", upstream: "uwsgi://unix:/var/www/html/CON29Application1/socket.sock:",
host: "188.226.174.121", referrer: "http://188.226.174.121/"
uWSGI error log shows I think that uWSGI running correctly:
WSGI app 0 (mountpoint='') ready in 1 seconds on interpreter 0x1a1ebd0 pid: 26364 (default app)
This is my first deployment on Linux, but read another SO answer here: Nginx can't access a uWSGI unix socket on CentOS 7
This guy answered his own question, and referred to blog post on SE Linux http://axilleas.me/en/blog/2013/selinux-policy-for-nginx-and-gitlab-unix-socket-in-fedora-19/, saying SE Linux was the problem. I don't really understand what is running where on SE Linux, and solution seems to involve altering "AVC" messages in nginx audit.log, I'm getting in over my head!
As the blog post referred, I do get AVC messages mentioning denied write and nginx at /var/log/audit/audit.log:
type=AVC msg=audit(1507153878.777:559609): avc: denied { write } for pid=24381
comm="nginx" name="socket.sock" dev="vda1" ino=715975
scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=sock_file
But being a newbie, is there perhaps something simpler perhaps I did wrong and can fix with chmod permissions or chown? Thanks any ideas.
Socket permissions:
ls -l socket.sock
srwxrwxrwx. 1 will nginx 0 Oct 4 17:02 socket.sock
Well, my SELinux settings did make a difference in the end, and changing this has got my web application actually working! I looked at another tutorial: https://www.digitalocean.com/community/tutorials/an-introduction-to-selinux-on-centos-7-part-1-basic-concepts
I must say from a Linux newbie's point of view, I have seen a few other posts mentioning how good Digital Ocean's tutorials are (I certainly don't have any affiliation with them whatsoever..).
For other newbies reading this, SELinux stands for Security Enhanced Linux, and is something included with many distributions of Linux now apparently, including CentOS 7. It's there for added security of some kind. I ran the simplest command they list on this page: getenforce
which output
enforcing
As the Digital Ocean tutorial states, "SELinux should currently be disabled", mine wasn't - no idea why, I hadn't touched anything on SELinux as had no idea what it was until 2 days ago.
Anyway, trying for simplest fix, as their advice did:
vi /etc/sysconfig/selinux
Or actually I think I didnt have permission to do this as my user, had to do it as root:
sudo vi /etc/sysconfig/selinux
There's only actually 2 settings in this file. So reset:
SELINUX=permissive
Then tried reboot as their advice to restart server, so apparently then SE Linux will start logging some security mumbo jumbo stuff, ie I think this means it records security booboos and people hacking into the system rather than stopping them. Reboot then asked me for Cloud something password, which I thought must be my sudo password, it wasn't, then crashed after trying this couple times anyway, so restarted it I think this is reboot yes? And my website now works.
As the other post I mentioned here, I think this means SELinux doing something to stop nginx running when it is set to enforcing. But the other post here seemed bit more complex for a newbie than to just change one setting as I have done here, more potential to create further problems. If I can ever develop this or another app further, i think need to find someone with more Linux experience.
I can't seem to get an asp site to run with ISPCONFIG3 at all. I am getting errors in the apache error.log like this:
Not running mod-mono-server.exe because no MonoApplications, MonoApplicationsConfigFile or MonoApplicationConfigDir specified.
Failed to connect to mod-mono-server after several attempts to spawn the process.
I think it has to do with my configuration somehow but I can't seem to figure out where. Thoughts?
Encountered this error today after installing apache2, mod-mono, etc in Ubuntu 19.04 on my laptop. Having just done it successfully on an AWS instance running Ubuntu 18.04, I was surprised that it didn't work here. By trial and error tweaking the mono-server config, apache2 config, the ASP.NET web app folder (with a simple index.aspx in it), and looking at the apache2 error logs after each change (after stopping/restarting apache2 each time!), I discovered that, in my case at least, this error was caused by the absence of a web.config file in the web app root folder; as soon as I created a simple skeleton web.config file, this error message went away.
Worth noting in passing is that the error message contains a typo: there should be an "s" for "Applications" in the keyword MonoApplicationConfigDir, like the other two keywords have. One of the things I tried was to alter the MonoApplicationsConfigDir statement that was present by default in my mono-server4-hosts.conf file by removing the "s" to match the error message, but that generated a different, fatal error that prevented apache2 from starting: systemctl status apache2.service showed "Invalid command 'MonoApplicationConfigDir'".
I'm having some issues with SELINUX.
When trying to visit my website I get 403 forbidden from nginx and the server pops up with an error and says to use grep NGINX /var/log/audit/audit.log | audit2allow -M mypol which i did however,
when trying to load the page it now says Access Denied and asks to use the command grep PHP-FPM /var/log/audit/audit.log | audit2allow -M mypol and when I do this it then reverts back to 403 forbidden access and asks me to use the first command again.
It's as if grep NGINX overwrites php-fpm and vice verse. How would solve this without disabling selinux?
I have access to the gnome desktop on my server and the SELinux security alert tells me to use the commands to solve the issue and the first command does solve it but then throws up another issue and when using the second command it overwrites the first and back to square one. I know that if i disable selinux it will work but it's unsafe and put's the server at risk.
Thanks.
Figured it out, for anyone else with the same issue, 403 forbidden access and selinux security error use this command on your servers root
restorecon -r /srv/www/domain.com
Fixed it for me and now everything is running as it should.
I have installed nagios successfully on fedora 17. but when I am trying to connect to nagios like http://mylocalhost.com/nagios. It asks for username and password. After putting these information I am found out forbidden 403 error with message , You dont have permission to access /nagios/ on this server.
I am bit confused how to resolve this issue. I read some post. they were saying to create empty index.html inside http root directory. i tried but same error is there.
http://www.unixmen.com/nagios-http-warning-http11-403-forbidden-solved/
If I am not wrong http root directory is /var/www/html?
oops ... sorry it was problem with my httpd service which was running actually but not accessible for publicly.
simply I flushed out iptables. then Checked out httpd service whether it is running properly or not.
Now its working great.
I think you create file index.html in /var/www/html.
After you can restart service nagios and httpd