this is my situation:
1) I have an web application, that is running on Tomcat, inside my war I have bundled Jolokia, so now if I do something:port/jolokia I get JSON back and all works well.
2) I downloaded executable jar from howt.io and I start it from cmd (on windows) and it gets running on some defined port so I get nice web page from which I connect to my server and read JSON from Jolokia, I can see some mbeans from JMX and it's all good!
3)Now here comes the problem, I have spring-security so I configure that /jolokia/* is protected with some role, ADMIN for example, now how can I connect from Howtio to my server ? I guess I should somehow provide user/pass and get session token back or something, I have no idea where to go from here so I would appreciate very much your help!
I came up with the solution to deploy Howtio as war to my server, and then I enable authentication hawtio.authenticationEnabled=true and set tomcat users, all works well but I would really like to just have jolokia there because I have many instances of my application (on more than 50 servers), so I would like to use Howtio just as a client that will read JSON, but I need some way of securing all that!
So please if someone have an idea or can tell me how to do this ? Thanks a lot!
Connecting to remote jolokia instances is done via the 'Connect' tab. You can save connections in there to your tomcat instances, including providing a username and password, for example:
Note: this page may have been updated a bit since this screenshot.
Related
First of all, a rookie, related to VPN/Security issues, so really
forgive me for whatever error I make while describing my problem,
and hope I'm able to make it clear.
Our contractors changed AVIATRIX-OKTA VPN for AWS-VPN with OKTA
Authentication, they send as an .ovpn file, that works ok for
Windows/MAC using AWS-Vpn-Client application software, but a
couple of us using Linux boxes (Ubuntu specifically) run the
described method in AWS which is: openvn config-file.ovpn,
and it does not work.
It simply asks for usr/pwd an then it fails with auth error (we use our OKTA credentials)
, seems nothing is configured to go to OKTA, open a browser or whatever it needs to do.
As an aside note, we can connect without any trouble to our k8s cluster using OKTA
client libraries, no sure is this is useful or not, just in case.
The .ovpn file looks like this
client
dev tun
proto tcp
remote random.cvpn-endpoint-xxxxxx.yyy.clientvpn.us-west-2.amazonaws.com 443
remote-random-hostname
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-GCM
verb 5
<ca>
....
....
....
</ca>
auth-user-pass
auth-federate
auth-retry interact
auth-nocache
reneg-sec 0
An interesting thing to notice is that openvpn complains about auth-federate
seems not to recognize it, so I started using gnome network-manager which seems
to accept this configuration, but getting Auth error too.
After this I tried openvpn3 which didn't complain about configuration,
but still getting the same error.
I also tried adding TOPT token to password and the same problem
Any help on how to configure it, or just know if it is possible, will be greatly welcome
, seems there is very little information around this in the net
and we are really stuck on this, we are willing not to change OS or machines as they
are asking to, or using VM just to connect.
Thanks in advance,
We have tried the solution mentioned in the following URL and it worked for us:
https://github.com/samm-git/aws-vpn-client/blob/master/aws-connect.sh
The detailed working of this solution is explained in :https://github.com/samm-git/aws-vpn-client/blob/master/aws-connect.sh.
We have made few changes in the configuration files to make it work.
Removed the following lines in vpn.conf.
auth-user-pass
auth-federate
Made the following change in line 38 in the script aws-connect.sh.
open "$URL"
to
xdg-open "$URL"
Finally I got an answer from AWS people:
If the Client VPN endpoint is configured using SAML-based
authentication (such as Okta), then you have to use the AWS-provided
client to connect:
https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/client-authentication.html#saml-requirements
And the promise to update del client documentation with a WARNING about
this.
We are using CF Diego API 2.89 version, Currently I was able to use it and see the vcap and the app resources when running cf ssh myApp.
Now it's become harder :-)
I want to deploy App1 that will "talk" with "APP2"
and have access to to it file system (as it available in the command line when you run ls...) via code (node.js), is it possible ?
I've found this lib which are providing the ability to connect to ssh via code but not sure what I should put inside host port etc
In the connect I provided the password which should be retrieved
via code
EDIT
});
}).connect({
host: 'ssh.cf.mydomain.com',
port: 2222,
username: 'cf:181c32e2-7096-45b6-9ae6-1df4dbd74782/0',
password:'qG0Ztpu1Dh'
});
Now when I use cf ssh-code (To get the password) I get lot of requests which I try to simulate with Via postman without success,
Could someone can assist? I Need to get the password value somehow ...
if I dont provide it I get following error:
SSH Error: All configured authentication methods failed
Btw, let's say that I cannot use CF Networking functionality, volume services and I know that the container is ephemeral....
The process of what happens behind the scenes when you run cf ssh is documented here.
It obtains an ssh token, this is the same as running cf ssh-code, which is just getting an auth code from UAA. If you run CF_TRACE=true cf ssh-code you can see exactly what it's doing behind the scenes to get that code.
You would then need an SSH client (probably a programmatic one) to connect using the following details:
port -> 2222
user -> cf:<app-guid>/<app-instance-number> (ex: cf:54cccad6-9bba-45c6-bb52-83f56d765ff4/0`)
host -> ssh.system_domain (look at cf curl /v2/info if you're not sure)
Having said this, don't go this route. It's a bad idea. The file system for each app instance is ephemeral. Even if you're connecting from other app instances to share the local file system, you can still lose the contents of that file system pretty easily (cf restart) and for reasons possibly outside of your control (unexpected app crash, platform admin does a rolling upgrade, etc).
Instead store your files externally, perhaps on S3 or a similar service, or look at using Volume services.
I have exclusively worked with PCF, so please take my advice with a grain of salt given your Bluemix platform.
If you have a need to look at files created by App2 from App1, what you need is a common resource.
You can inject an S3 resource as a CUPS service and create a service instance and bind to both apps. That way both will read / write to the same S3 endpoint.
Quick Google search for Bluemix S3 Resource shows - https://console.bluemix.net/catalog/infrastructure/cloud_object_storage
Ver 1.11 of Pivotal Cloud Foundry comes with Volume Services.
Seems like Bluemix has a similar resource - https://console.bluemix.net/docs/containers/container_volumes_ov.html#container_volumes_ov
You may want to give that a try.
Beginner in Beanstalkd here. I have a hosted Beanstalkd server elsewhere with the following URL : http://beanstalkdhost:1234/here.
Questions:
- How would I be able to view the lists of tubes/jobs available? Note that this server is not hosted by me.
How do I put jobs into the tubes of this server, when specs says it requires a POST and custom headers for a request. The clients (in NodeJS) I have came across over the Internet at the moment, do not allow for custom headers, and also almost always requires a 'port number' parameter which messes up the whole URL. It will end up as 'http://beanstalkdhost:1234/here:1234'.
Do note that I am also running a Windows machine (I believe there might be some limitations).
Will appreciate if I can get some advice.
Thanks in advance!
Beanstalkd is not a webservice. It does not present as a web-URL, but as a TCP socket that a connection is opened to, and bytes are sent to.
Knowing who is running the server for you might help out a lot in assisting you, but it does not appear to be a standard Beanstalkd queue.
I am totally new to couchdb,
How can i expose the service into a local development remote server ? (after in a future step expose it public)
I try to install on a remote development server besides i am not using Digital Ocean server i am using this tutorial : https://www.digitalocean.com/community/tutorials/how-to-install-couchdb-and-futon-on-ubuntu-14-04
I could not access with a web browser after install and start couchdb service with
couchdb -b
Wich return the default message : Apache CouchDB has started, time to relax.
Also from comand line i could:
curl http://127.0.0.1:5984/
And receive the correct message.
How can i access via web browser this development server ?
I can't know for sure, since I don't know your setup, but I'm guessing that you're trying to access the database from a different machine then the one it's running on. And I assume you know what IP to use to get to your remote, and that leads me to believe that your problem is that the port is not open (or not forwarded correctly) to your couchDB server.
A standard couchDB installation should be accessible, from a web-browser.
Here's the scanario... i have a glassfish server runnung my app on EC2, i configured a virtual server on glassfish for one of my domains (lets say mydomain.com) and this same virtual server has a default web module (lets say "myapp").
it works like a charm, when i access www.mydomain.com i get the login screen for my app, as it should be... no need to access www.mydomain.com/myapp (/myapp is the default context path for myapp).
But here's the thing; after i do a new deployment of my WAR file i can't access my app. if i type www.mydomain.com on the browser and press ENTER, the server gives me an "HTTP Status 503" however, if a access www.mydomain.com/myapp y can see my login page.
this problem goes away after i do a "sudo service glassfish restart" but as you might think, restarting the app server after every deployment is a pain, and btw, this is not the only app i'm running here, so... restarting glassfish just shuts down all apps and pisses off all users.
I'm deploying from Netbeans but i get the same result deploying from command line (asadmin).
i tried google but the notes i found didn't help.
is this a glassfish config problem?
am i missing a step after deployment?
for reference, i'm using: jsf 2.1, primefaces 3.2, jasper reports 4.6 (with required dependencies), mysql connector, glassfish server ose 3.1.2.2
i'll appreciate any help.
thanks.
Looks like Im shooting in the dark but here it goes.
In most cases, HTTP Error 503: Service Unavailable indicates that the App Server / Tomcat Server was not communicating well with the Web server, normally Apache.
Whats interesting is that when you sudo restart, it works, ITs a good indication of permissions of the filesystems. If you have deployed as a normal user but you have set up the server as root, this might just be the problem.
Yes, its a config problem & more. Try checking the file permissions & assign users to each process & make them play well.
Let me know if you could share some errors / logs, it would be helpful.