Configuring jhipster-registry v3.0.3 with Git repo - jhipster

I am trying to use the pre-packaged v3.0.3 war file for the jhipster-registry. I am launching it with these command-line properties in an attempt to point it to my Git repo for configuration info:
jhipster-registry-3.0.3.war --spring.profiles.active=prod,cust1 \
--spring.cloud.config.server.git.uri=http://myserver/url/MyConfig \
--spring.cloud.config.server.git.username=user \
--spring.cloud.config.server.git.password=pass
It starts, but I always get this error:
Your JWT secret key is not set up, you will not be able to log into the JHipster
I've tried many combinations of how to setup the Git repo. I'm using the sample application.yml file from https://github.com/jhipster/jhipster-registry-sample-config
Does the jhipster-registry itself not read any configuration files from Git?
If I want to configure the jhipster-registry properties, should I keep overriding things on the command-line, or put a yml file somewhere? It isn't clear to me the proper way to configure it when it is a pre-built war file and has embedded bootstrap/application yml files.
Is there a way to turn on debug logging so I can see what is going on?

This is because your JWT token isn't configured in your Git repository.
Have a look at our sample Git repository.
The Registry will send this token to all configured applications, and thus will be able to connect to them.
Otherwise, it shows a warning as it knows this will be an issue later.
Please note that this is a difference from the "classical" Eureka and Spring Cloud Config servers, which are not secured by default.

Related

How to import publicly available jelastic manifests from gitlab repositories in the jelastic dashboard?

I am currently transitioning from github to gitlab. Today, my code is present at both those locations. I have a jps manifest on github:
https://github.com/shopozor/services/blob/master/manifest.jps
and the very same manifest on gitlab:
https://gitlab.hidora.com/softozor/services/blob/master/manifest.jps
In the Jelastic dashboard, I am able to load my github manifest. However, I am not able to load my manifest versioned on gitlab:
What is the problem? Do I have to configure something special somewhere? Both manifests are publicly available. Why can't I import the gitlab manifest?
I also tried to use the raw manifest:
https://gitlab.hidora.com/softozor/services/raw/master/manifest.jps
and I've also tried to get the manifest file by means of the gitlab API, without success.
EDIT
I've tried to load this manifest. There we see that I am running a command
wget "${baseUrl}/jelastic/postgres/execCmdScript.sh" -O /var/lib/pgsql/script.sh 2>&1
In the jelastic console, that command raises the error
[07:56:54 Shopozor.cluster:2]: ERROR: cmd [sqldb: 62900].response: {" result": 4109," source": “JEL”," error": “The operation could not be performed. ”," errOut": ""," nodeid": 62900," exitStatus": 4," out": “--2020-03-27 07:56:53-- https://gitlab.hidora.com/softozor/services/raw/install-postgres-in-dedicated-env/jelastic/postgres/execCmdScript.sh\nResolving gitlab.hidora.com (gitlab.hidora.com)... 10.102.1.82\nConnecting to gitlab.hidora.com (gitlab.hidora.com)|10.102.1.82|:443... failed: Connection refused.”}
If I now take a computer which I never authenticated with on gitlab through ssh, and run that very same command, then it works. This is a bit strange, isn't it? What authentication does Jelastic need??? it's all public and available to anyone, except Jelastic?
After some more research, I was finally able to load my manifests from gitlab into jelastic. The problem is probably due to the gitlab configuration. Loading the jps from the gitlab repo doesn't work over https in the settings I have (which I haven't made myself, it's a CI / CD as a service). It works, however, over http.

Log4j-Audit Getting Started fails for Catalog Editor

Was doing the Log4J-Audit getting started at https://logging.apache.org/log4j-audit/latest/gettingStarted.html
In the Catalog Editor section found some problems:
Download jar url was incorrect, missing "log4j-audit" folder
wget url was incorrect, had an extra 1.0.1 folder
git remote -v was set to ${remoteRepoUrl} instead of actual http://github.com/etc address. And the repo was not pulled. The .git folder was found but the git pull never happened. I think this might be related to proxy server but not sure if git supports a Variable.
Am I doing it wrong or are the instructions incorrect?
Where can I report such a problem?
In the end, I manually changed the
git remote set-url origin http://github.com/etc
did a manual git pull, and then the UI finally came up.
So, #1 and #2 are still a problem.
Because I have a corporate proxy server which also requires a user/password
3 was solved with adding system env vars like this
java -Dhttps.proxyHost=myProxyServer -Dhttps.proxyPort=8080 -jar log4j-catalog-editor-1.0.1.jar
It does seem that the sun.net.HTTPSClient class which is called, does not mention using Basic Auth so not convinced why it works.
A new thing I found in the Getting Started tutorial is that it's important to change the branch=master in the application.properties.

Setting up SSH keys for github private repo access on Elastic Beanstalk

My Node.JS project contains references to private NPM repos hosted on github. This works fine locally, but I'm struggling to get this working on Elastic Beanstalk.
dependencies: {
...
"express": "^4.12.4",
"jsonwebtoken": "^5.0.5",
"my-private-module": "git#github.com:<my-user>/<my-repo>.git#<my-version>",
...
}
-
What I need is to be able to set up a working SSH configuration for git on my Elastic Beanstalk instances, without having to store secret keys etc in source control.
Obviously, the EB instances do not have the needed SSH keys to access my private github repos. If I use HTTPS style git URL's with username:password#github.com inlined, it works fine. It also works using the oauth token method offered by github (which is essentially a user:pass). But I do not want any credentials to be checked in to source control, so I'm trying to get cloning from github to work via SSH on my EB instances.
I've tried a million ways, including npm preinstall scripts according to this blog post, which used to work until npm2 where a change made preinstall to run after the tree is built, and the PR to fix that issue is still pending.
I've tried an .ebextensions commands configuration that tries to call git config to place an insteadof on git#github.com into a HTTPS URL with an OAUTH token coming from an environment variable (tricky in itself since env variables aren't set at this time in the startup cycle, and the lack of $HOME makes git config confused).
I've also tried various different ways using .ebextensions to setup SSH on my EB instances, including this solution from the comments on the mentioned blog post. This is basically where I'm stuck now.
I have successfully created a key pair, set it up on my github profile, and verified that the private key is usable from my local client to clone my repo
I have put my private key and a ssh config file on a private S3 bucket
I've created an .ebextensions files configuration which copies these two files from my S3 bucket into /tmp/.ssh/, according to this example
I've created a debug commands .ebextensions configuration which lists /tmp/.ssh and shows that the files were downloaded from S3 successfully:
/tmp/.ssh/config contains:
Host github.com
IdentityFile /tmp/.ssh/deploy_key
IdentitiesOnly yes
UserKnownHostsFile=/dev/null
StrictHostKeyChecking no
/tmp/.ssh/deploy_key contains my private key which is verified to work locally.
However, git still throws an error:
npm ERR! Command failed: git clone --template=/tmp/.npm/_git-remotes/_templates --mirror ssh://git#github.com/[.....]
npm ERR! Cloning into bare repository '/tmp/.npm/_git-remotes/git-ssh-git-github-com-[...]
npm ERR! Host key verification failed.
npm ERR! fatal: Could not read from remote repository.
npm ERR!
npm ERR! Please make sure you have the correct access rights
npm ERR! and the repository exists.
I am now running out of ideas. My best guess would be that /tmp/.ssh is not the path where git goes to look for the ssh config file - it might have been when the linked solution was proposed but might have changed in later AMI:s etc. The environment used when EB is starting up seems to be a bit limited; commands are run as user nodejs but /tmp seems to be used as the home directory, even though $HOME is not set anywhere.
How can I get git to pick up my SSH config, and consequently use my SSH key? How can I find out where git looks for a SSH config file? Normally it's in ~/.ssh, but since $HOME is not set, well... This should be easy but is driving me nuts.
After a full day's struggle and finally stumbling over this answer to a very similar question I had previously missed, it turns out the correct place to put ssh keys in order to be picked up by git on EB is in /root/.ssh, not /tmp/.ssh, not /home/ec2-user/.ssh.
My final configuration (assuming there's a private SSH key located in a S3 bucket at <my-bucket>/github-eb-key, and the corresponding public key is registered with a github user having access to the repo(s)), using an AMI configured as 64bit Amazon Linux 2016.09 v3.3.0 running Node.js, and with the following in .ebextensions/01_ssh_setup.config:
Resources:
AWSEBAutoScalingGroup:
Metadata:
? "AWS::CloudFormation::Authentication"
:
S3Auth:
buckets:
- <my-bucket>
roleName:
? "Fn::GetOptionSetting"
:
DefaultValue: aws-elasticbeanstalk-ec2-role
Namespace: "aws:asg:launchconfiguration"
OptionName: IamInstanceProfile
type: s3
files:
/root/.ssh/github-eb-key:
authentication: S3Auth
mode: "000600"
owner: root
group: root
source: "https://s3-eu-west-1.amazonaws.com/<my-bucket>/github-eb-key"
/root/.ssh/config:
mode: "000600"
owner: root
group: root
content: |
Host github.com
IdentityFile /root/.ssh/github-eb-key
IdentitiesOnly yes
UserKnownHostsFile=/dev/null
StrictHostKeyChecking no

Accessing Github behind corporate proxy Node.js

I am having an issue with calling the following command from cmd for installing PhoneGap:
npm install -g phonegap
The following error is returned:
Failed to connect to github.com port 443: Timed out
There are a fair amount of questions regarding this topic and they all seem to provide the same answer - make sure the proxy settings for git and nodejs are configured. I set up the node proxy settings like so:
npm config set proxy http://proxyname:8080
npm config set https-proxy http://proxyname:8080
And for git:
git config --global http.proxy http://proxyname:8080
git config --global https.proxy http://proxyname:8080
Both git config --list and npm config list confirm that these proxy settings are in place.
I have also allowed the programs through the fire wall by going to Windows Firewall -> Allow a program or feature through windows firewall. Then I selected the node.exe for Node.js and for git I selected git.exe.
I still however have the issue whereby it is failing to connect to Github. Is there anything else I am missing or forgetting to setup? Both Node.js and Git were installed for the first time for this task.
In addition to the above settings, it's possible that you're getting this error if some of the downloaded libraries declare their dependencies using the git:// protocol instead of https://. These dependencies then usually fail with the above error.
To fix this, you can run the following:
git config --global url."https://".insteadOf git://
This will add a configuration option to Git, asking Git to use https whenever a URL uses the git:// protocol.
This setting fixed many proxy issues for me.
You need to add proxy authentication to your command application. I assume you are working in windows, the following works for me (I don't need to add the proxy to either npm or git unless running git commands).
In your active command window you need either or both of these for each session including initial instalation adding devices or plugins and on first application build:
set https_proxy=http://username:password#proxy:port
set http_proxy=http://username:password#proxy:port
So mine looks like this:
set https_proxy=http://john.doe:1234#proxy.det.nsw.edu.au:8080
Ben
With git 2.8 (March 2016), you don't have to embed in clear text your password in the url.
See commit 372370f, commit ef97639 (26 Jan 2016) by Knut Franke (``).
Helped-by: Junio C Hamano (gitster), Eric Sunshine (sunshinebell28), and Elia Pinto (devzero2000).
(Merged by Junio C Hamano -- gitster -- in commit 30f302f, 03 Feb 2016)
http: use credential API to handle proxy authentication
Currently, the only way to pass proxy credentials to curl is by including them in the proxy URL. Usually, this means they will end up on disk unencrypted, one way or another (by inclusion in ~/.gitconfig, shell profile or history).
Since proxy authentication often uses a domain user, credentials can be security sensitive; therefore, a safer way of passing credentials is desirable.
If the configured proxy contains a username but not a password, query the
credential API for one. Also, make sure we approve/reject proxy credentials
properly.
So:
In addition to the syntax understood by curl, it is possible to specify a proxy string with a user name but no password, in which case git will attempt to acquire one in the same way it does for other credentials.
See gitcredentials for more information.
The syntax thus is:
[protocol://][user[:password]#]proxyhost[:port]
This can be overridden on a per-remote basis; see remote.<name>.proxy.
http: allow selection of proxy authentication method
CURLAUTH_ANY does not work with proxies which answer unauthenticated requests with a 307 redirect to an error page instead of a 407 listing supported authentication methods.
Therefore, allow the authentication method to be set using the environment variable GIT_HTTP_PROXY_AUTHMETHOD or configuration variables http.proxyAuthmethod and remote.<name>.proxyAuthmethod (in analogy
to http.proxy and remote.<name>.proxy).
The following values are supported:
anyauth (default)
basic
digest
negotiate
ntlm

Development build of my Node.js site

I have a production build of my site on a VPS, and I deploy to a bare git repo which has a hook that checkouts the commits to an app directory. I use forever to keep my app running from the app directory.
What I want to do is set up a development build which I can push to. The development build could be hosted under a subdomain on my VPS. However, I'll need an authentication step that'll prevent anyone and everyone from accessing the development site. How could I put authentication in front of an entire site with little (if any) changes to my application?
Why don't you just run it on a port that isn't available to the public and then you could create an ssh tunnel and access it via localhost?
Add a dev ssh user to your VPS and assign it a password.
Your ssh tunnel would look like this (just adjust your ports accordingly):
ssh -N -L8808:localhost:8808 user#destination.com
You'll be prompted for your password and then you would leave your terminal session open and go to your dev server via "http://localhost:8808"
Another option (something I typically do). Is to have a file checked into your repo named "config.sample.json" with configuration information (in this case your username/password [development] restriction). Then you also set up git to ignore "config.json" (so you don't accidentally commit this to your repository and have to edit files on your production deployments).
Next you would write a function that would require that config.json file and use it's configuration data if the file is found otherwise it would load up as "production".
Then you would deploy your code to your development directory and afterward rename your "config.sample.json" to "config.json" and make any edits that were needed in that file to setup debugging, access control, etc.

Resources