How to renew Lets encrypt certificate in ejabberd configured server? - ejabberd

How to renew Lets encrypt certificate in ejabberd configured server? My server is Debian-jessie and I have tried to renew SSL certificates using the below command,
certbot certonly -d mydomainname
But it produced an unexpected error:
Failed authorization procedure. : urn:acme:error:connection ::Timeout
during connect (likely firewall problem). Skipping.
Timeout during connect (likely firewall problem)
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.

Found the proper answer for this:
You need to stop the service ejabberd service before you do the
process,
service ejabberd stop
Then move the expired ssl pem file to somewhere else,
mv /etc/ejabberd/ejabberd.pem /etc/ejabberd/ejabberd.pem.backup
Go to the directory where the cert boot locating,
cd /root
Enter the below command in-order to renew the certificate for the
required domain
certbot certonly --webroot -w /etc/ejabberd -d yourdomain.com --force-renewal --rsa-key-size 4096
Then merge the generated ssl files to the ejabberd configuration file
cat /etc/letsencrypt/live/yourdomain.com/privkey.pem /etc/letsencrypt/live/chat.yourdomain.com/fullchain.pem > ejabberd.pem
Then move the pem file to the ejabberd root path
mv ejabberd.pem /etc/ejabberd
chown ejabberd /etc/ejabberd/ejabberd.pem
Enable ejabberd service
service ejabberd start
service ejabberd status

Related

Facing issues with Apache2 on Debain 10

I tried to setup the Varnish on the Instance Debian 10 but then something goes wrong and I tried installing some apache2 modules like
sudo a2enmod SSL
sudo a2enmod proxy
sudo a2enmod proxy_balancer
sudo a2enmod proxy_http
But after enabling these modules when I restarted Apache2 I was unable to start the apache because there was something that was blocking port 443 and causing conflict with Apache2. When I removed the port Listen 443 from ports.conf file I was able to start the apache server but only on the 8080 port and on port 80 varnish is running but on the port 443, there is a service called httpd running which I am unable to find out from which config file it is configured.
The content of the ports.conf file is
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default.conf
Listen 8080
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
Screenshot of the ports process running. I am unable to use port 443 and unable to stop that service httpd also. it is not linked with apache2 I tried stopping the apache but this service keeps on running.
httpd
The httpd service usually refers to the Apache webserver. However, if you install Apache on Debian via apt-get install apache2, the actual service is called apache2. This is also reflected in your netstat output.
On Red Hat based system the service is called httpd. Is it possible that you compiled an Apache server from source on that same machine? Or did you accidentally install a package that is httpd-relate?
You can perform a dpkg -l to list the installed packages, maybe you'll find it there.
Anyway, please kill the httpd process and check if there's a systemd service that contains that service name. You can go into /lib/systemd/system and perform a grep httpd *.
What about TLS in Varnish?
You shouldn't enable HTTPS on your system by using mod_ssl. You should install a TLS proxy that terminates the TLS session and then passes the plain HTTP connection to Varnish which in its turn will talk plain HTTP with Apache.
I advise you to use Hitch, it's a TLS proxy that is developed by Varnish Software engineers. It's flexible, powerful and lightweight.
To install Hitch, you can find the official packages here: https://packagecloud.io/varnishcache/hitch.
Here's the documentation you might need: https://github.com/varnish/hitch/tree/master/docs
A Varnish Developer Portal tutorial about Hitch will be available some time next week.

Zabbix server is not running: the information displayed may not be current

So all of a sudden, after a week of using it, I get an error message on my zabbix server gui (http://localhost/zabbix/.)
The error says: Zabbix server is not running: the information displayed may not be current.
Any idea why is this happening ll of a sudden and out of the blue? I restarted the machine - which should automatically restore the zabbix server upon startup - but it's still not running.
I also researched for a startup or restart command but true to form with zabbix helpful, clear documentation is non-existent.
EDIT:
Some more info:
MySQL is running normally. I'm able to select, insert into, whatever I want.
Doing /etc/init.d/zabbix-server status results in * zabbix_server is not running
The last entry in zabbix_server.log is Zabbix Server stopped. Zabbix 2.2.9 (revision 52686).
Doing sudo /etc/init.d/zabbix-server start results in * Starting Zabbix server zabbix_server but the status is still not running and the log file doesn't have any new entries.
just get into the zabbix.conf.php
>$sudo vim /etc/zabbix/web/zabbix.conf.php
>$ZBX_SERVER = '**your zabbix ip address or DNS name**';
>$ZBX_SERVER_PORT = '10051';
>$ZBX_SERVER_NAME = '**your zabbix hostname**';
just change the ip address you can resolve the error
Zabbix server is not running: the information displayed may not be current
After that restart the zabbix server
>$sudo service zabbix-server restart
To verify go to Dashboard Administration -> queue there you see data
i resolved my error like this works fine for me.
To solve the problem zabbix server is not running you have to :
First - Check that all of the database parameters in zabbix.conf.php ( /etc/zabbix/web/zabbix.conf.php) and zabbix_server.conf ( /etc/zabbix/zabbix_server.conf) to be the same. Including:
• DBHost
• DBName
• DBUser
• DBPassword
Second- Change SElinux parameters:
#setsebool -P httpd_can_network_connect on
#setsebool -P httpd_can_connect_zabbix 1
#setsebool -P zabbix_can_network 1
After all, restart all services:
#service zabbix-server restart
#service httpd restart
worth a try.
Edit this file: sudo nano /etc/default/zabbix-server
Adjust the START property to yes:
START=yes
Then try to run Zabbix again: sudo service zabbix-server start
This may happen because of the old and new IP address
I have faced same issue which was solve by below method:
vim /etc/zabbix/web/zabbix.conf.php
$ZBX_SERVER = new ip address
then restart zabbix server
I was using a special character in my DB password - wrapping the DBPassword option in /etc/zabbix/zabbix_server.conf and doing sudo service zabbix-server restart got me back up and running.
Not Working
DBPassword=MyString?
Working
DBPassword='MyString?'
Solution might be this simple:
sudo su
nano /etc/zabbix/zabbix-server.conf
Remove "#" in front of DBPassword=YourPassword (will change from blue to grey)
Ctrl x (Y to save and press enter to exit)
service zabbix-server restart
Now you can refresh your browser running ZABBIX. If not, you will have to do the same steps for CacheSize=32M
You do not have to change anything in /etc/zabbix/web/zabbix.conf.php (localhost is fine)
When editing anything, remember "#" in front of line means invisible to linux.
As Zabbix Senior Instructor and Consultant Hernandes Martins says in his "Zabbix server is not running what to do?" blog post:
This is the first step that should be checked regardless of the situation, always view the logs, from the moment the error message appeared in the zabbix web interface always view the log.
By following his advice I could be able to identify the cause of the issue with my Zabbix server, and then apply the solution related to the specific problem.
In my case, as I've commented in the page:
The problem in my server was of "4. Resource Allocation Issues". Just like you wrote above, Zabbix was showing out of memory errors on the log when trying to start the server.
After increasing the value of parameter CacheSize I tried to restart the service, but it didn't respond. So, I ended up restarting the whole machine. Fortunately, in the end it resolved the problem for good.
So, take a look at the log with command tail -f /var/log/zabbix/zabbix_server.log on the terminal/prompt, watch for any errors, and tackle the problem according to what it makes sense for your particular case.
Looks like the problem was that I created a Database monitoring Item programmatically and it triggered a bug that caused the server to shutdown.
Once I deleted the item the server came back up, and creating subsequent Items didn't kill it.
The deadly Item had a value_type of Numeric unsigned, -1 programmatically, while the newly created Items have a value_type of float, which is 0 programmatically.
The whole thing has a voodoo element to it but it did solve my problem.
Maybe is configuration issue
nano /etc/zabbix/zabbix_server.conf
DBHost=localhost
DBName=zabbix_db
DBUser=zabbix_user
DBPassword=XXXXXXX
works for me on Zabbix 3.0 Centos 7
The zabbix-server daemon doesn't seem to like passwords with special characters in them. Unsure whether quotes would work in the configuration I just removed special characters from the database password, updated the configuration files and restarted the daemon.
Configuration parsing errors don't show up in logs for some reason.
Install nmap (( # yum/apt-get install nmap ))tool and check to find out which port the zabbix is listenning to?(( # nmap -sT -p1-65535 localhost )) 10050 or 10051?
The result should be somthing like this:
Starting Nmap 6.40 ( http://nmap.org ) at 2016-11-01 22:54 IRST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00032s latency).
Other addresses for localhost (not scanned): 127.0.0.1
Not shown: 65530 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
80/tcp open http
3306/tcp open mysql
10050/tcp open unknown <--- In my case this is it
Then open /etc/zabbix/web/zabbix.conf.php and check the line starting with: $ZBX_SERVER_PORT , it's value should be the same number you saw in the nmap scan result. Change it and restart zabbix-server and httpd and you are good to go!
There maybe IP address conflict, try host 'Zabbix server'
On RHEL/CentOS/OEL 6
Check that the firewall is allowing connection to Zabbix Server port which is 10051, as a user with root priv:
vi /etc/sysconfig/iptables
and add the following lines
-A INPUT -m state --state NEW -m tcp -p tcp --dport 10051 -j ACCEPT
restart iptables
# service iptables restart
If you have disabled IPV6, you need to also edit the hosts file and remove IPV6 line for "localhost"
# vi /etc/hosts
remove or comment out "#" the ipv6 line for localhost
::1 localhost6.localdomain6 localhost6
restart the zabbix-server and check if the error message is gone.
I was in the same trouble.
For my case, that was a conflict between /etc/zabbix/zabbix_agentd.conf and zabbix_server.conf parameters.
I adjusted
"DBHost=localhost",
"DBName=zabbix",
"DBUser=zabbix",
"DBPassword=******",
"DebugLevel=3"
"ListenPort".
If you run the default installation, you should keep ListenPort=10051 for the server and 10050 for the agent.
Cheers!
In my case it happens when introducing host with templates, graphs,trigger etc, the server falls.
The problem was that by default the cache is at 128k and you have to change it.
sudo nano /etc/zabbix/zabbix-server.conf
Uncheck # Sizecache and add 32M for example.
Cachesize=32M
restart service and voila!! server working
service zabbix-server start
My problem was caused by having external ip in $ZBX_SERVER setting.
I changed it to localhost instead so that ip was resolved internally,
$sudo nano /etc/zabbix/web/zabbix.conf.php
Changed
$ZBX_SERVER = 'external ip was written here';
to
$ZBX_SERVER = 'localhost';
then
$sudo service zabbix-server restart
Zabbix 3.4 on Ubuntu 14.04.3 LTS
I had the same issue.
I forgotten selinux conf, not all is ok:
setsebool -P httpd_can_connect_zabbix on
In my case, this occurred because the password in the server config file was commented out.
Open the server config file: # sudo vim /etc/zabbix/zabbix-server.conf
Scroll down to db user and below there will be the password with a # commenting out. Remove the hash and insert your DB password.
In my case i had to disable Linux SE
[root#webserverlocaldomain /]# setenforce 0
Disable Firewall
[root#webserverlocaldomain /]# systemctl stop firewalld
Edit config file uncommenting#
[root#webserverlocaldomain /]# vi /etc/zabbix/zabbix_server.conf
ListenPort=10051
DBHost=localhost
DBPassword=password
Then restart the services
[root#webserverlocaldomain /]# systemctl restart zabbix-server zabbix-agent httpd
#getsebool -a
//httpd_can_network_connect off
#setsebool httpd_can_network_connect on
#getsebool httpd_can_network_connect
#service zabbix-server restart
in my case after installing zabbix from sources (removed zabbix 4.0 because upgrading to 4.2 wasn't possible via apt on a Raspbian GNU/Linux 9.4 stretch) it loaded the config from /usr/local/etc/zabbix_server.conf instead from /etc/zabbix/zabbix_server.conf
After deleting /usr/local/etc/zabbix_server.conf and creating a symlink pointing to the correct config file in /etc/zabbix/zabbix_server.conf it started to work
I solved this problem on Ubuntu 18.04 by uninstalling Zabbix and reinstalling it again from scratch.
The initial installation didn't work because I had followed old posts/guides/tutorials, even from Zabbix documentation itself, so these might probably be outdated. So, the trick was to find and follow the most updated guide to Zabbix installation from its docs.
Here are the two links I followed for uninstalling and reinstalling Zabbix:
How to uninstall Zabbix: https://www.quora.com/How-do-I-uninstall-Zabbix-server-agent-in-Ubuntu
How to (properly) install Zabbix: https://www.zabbix.com/download?zabbix=4.0&os_distribution=ubuntu&os_version=18.04_bionic&db=postgresql
When installing Zabbix from the link above, your choosen Zabbix Version, OS Distribution, OS Version or Database may be different from the ones I've selected, but following the instructions on this page will probably be also the right way for you to install your chosen Zabbix configuration without getting errors post installation.
Never had the problem until it suddenly appeared once, for me, the solution was to add (uncomment) the following line in /etc/zabbix/zabbix_server.conf
ListenIP=0.0.0.0
i had similar problem and my gui reported problem with cache, i change it zabbix-server.conf to 32M and now is ok, zabbix is an intelligent tool, please if it possible check problems in gui first. I had to much hosts ... for default cache.

MAMP Apache will not start - Permission Denied: make_sock

MySQL and PHP was working fine with my MAMP for a very long time, so I really don't know what happened. Now every time when I try to log into my Apache from the terminal I get:
httpd: Could not reliably determine the server's fully qualified domain name, using MacBook.local for ServerName (13)Permission denied: make_sock: could not bind to address [::]:80 (13)Permission denied: make_sock: could not bind to address 0.0.0.0:80 no listening sockets available, shutting down Unable to open logs
(I didn't include the actual name for the server)
I'm using a OS X system with Apache 2.2 and I don't think I properly configured my server. How do I fix this and get back on track? I did delete some of the member access and moved my htdoc files so that I could start over with my files. I believe that is where it turned against me.
It sounds like a permissions issue. Go to your terminal and have your MAMP status dialog open.
First issue:
sudo apachectl -k stop
then
sudo apachectl -k start
what you're doing is you're using sudo to get root permissions. See if that helps.
Rename the file envvars located in /Applications/MAMP/Library/bin into _envvars It worked for me. You may need to restart.

Public key setup issue in windows environment for scp

I am trying to configure a Hudson job to copy result of Hudson job (consists of multiple files) into a Hudson server for results consolidation from multiple slaves. My intention is to use scp. Unfortunately, I have difficulties setting up the SSH public key/private key in windows environment (both slave and Hudson server are windows environment). I cannot migrate to Linux because I am not the owner of those machines.
I use the following procedures to set up the SSH public/private keys.
Configure ssh server in Hudson machine by performing the following:
cd C:\Program Files\OpenSSH\bin
mkgroup -l >> ..\etc\group
mkpasswd -l >> ..\etc\passwd
mkpasswd -d -u test >> ..\etc\passwd (Note: test is the user id used for SSH)
Download cygintl-2.dll & cygwin1.dll from http://samanthahalfon.net/resources/cygwin_includes.zip. Copy those dll files to C:\Program Files\OpenSSH\bin.
You will need to replace cygwin1.dll.
cd C:\Program Files\OpenSSH\etc
..\bin\chown test *
..\bin\chmod 600 *
Edit C:\Program Files\OpenSSH\etc\sshd_config with the following configuration:
Port 22
Protocol 2
StrictModes no
PubKeyAuthentication yes
AuthorizedKeysFile /c/home/test/.ssh/authorized_keys
PasswordAuthentication no
UserPrivilegeSeparation no
To start it as Windows service by executing: net start opensshd
Configure ssh public key in Hudson machine, so that the test automation script will not be prompted for password:
In slave machine, using "ssh-keygen -t dsa" command to create key pairs.
By default the key pairs (files: id_dsa & id_dsa.pub) will be generated to C:\Documents and Settings\test.ssh\
Using "scp id_dsa.pub test#XX.XX.XX.XX:.ssh/id_rsa_upload.pub" command to upload public key to Hudson Server.
i.e. scp id_dsa.pub test#XX.XX.XX.XX:.ssh/id_rsa_upload.pub
In Hudson server, go to directory C:\Program Files\OpenSSH.ssh, then execute "type id_rsa_upload.pub >>authorized_keys"
Exit and restart opensshd on Hudson server by executing "net stop opensshd" and "net start opensshd" now you can login ssh server without password.
In Hudson server, execute the following:
cd C:\Program Files\OpenSSH\
chown -R test .
chmod -R 700 .ssh
cd .ssh
chmod 600 authorized_keys
In slave machine, edit C:\Program Files\OpenSSH\etc\ssh_config. Specify "IdentityFile /c/home/test/id_dsa".
Test from your slave computer which SSH private key has been executed. In the slave machine, connect by executing:
ssh test#XX.XX.XX.XX (IP is Hudson server's IP)
Unfortunately, it still prompts for the pass phrase.
I looked into the following possibilities as workaround but the results are not positive:
a. shared drive in Hudson server mapped to a drive in slave machine - Hudson does not permit "copy result.html Y:"
b. sftp - it also requires public key
c. Found a proposed solution to overcome shared drive issue by using "copy result.html \XX.XX.XX.XX\test\" but I encountered access denied error as I have
no idea how to specify the user id and password using this method. Refer to: Hudson continuous integration server: how to see Windows mapped directories that are visible to Ant?
d: I have also looked into Hudson's plugin for any potential solution but could not find anything suitable or have no idea on the plugin usage.
It would be great if someone can spot my mistake in public key setup or propose an alternative solution for me to copy multiple files into Hudson server. Thanks
You need to identify what is wrong first -- server or client.
To verify server setup same key on any Linux/Mac client (which is much more transparent) and try to connect to the server.
To verify that ssh on your slave machine loads your dsa identity key try next:
ssh -i c:/home/test/id_dsa -v test#XX.XX.XX.XX
where -i would tell ssh where to get key and -v enables verbose mode which can help you to identify the problem.

Mercurial on windows and ssh configuration with Copssh problem

I've installed the copssh on a windows 2008 server and then I tried to clone a reposity on the server through ssh. But no matter how hard I tried I couldn't fix this error i got. here is the log:
C:\Users\Admin>hg clone ssh://ehsan#rafsanjani.ir
The authenticity of host 'rafsanjani.ir (96.31.90.174)' can't be established.
RSA key fingerprint is 41:a8:41:21:61:1a:67:2c:e8:44:99:6c:63:e7:06:73.
Are you sure you want to continue connecting (yes/no)? yes
ehsan#rafsanjani.ir's password:
remote: Could not create directory '/home/Administrator/.ssh'.
remote: Failed to add the host to the list of known hosts (/home/Administrator/.ssh/known_hosts).
remote: /bin/bash: Permission denied
abort: no suitable response from remote hg!
I tried to login with administrator but i get the same error message. Also i changed the permission of the folder located in C:\Program Files (x86)\ICW\home\administrator so that ehsan has the full access to this folder.
also when I connect to the server with putty and use this command:
cd /home/administrator/.ssh
echo test>test
file test will create! so it seems that I have the permission to this folder!
this is log when i try to clone with administrator account:
C:\Users\Admin>hg clone ssh://administrator#rafsanjani.ir
The authenticity of host 'rafsanjani.ir (96.31.90.174)' can't be established.
RSA key fingerprint is 41:a8:41:21:61:1a:67:2c:e8:44:99:6c:63:e7:06:73.
Are you sure you want to continue connecting (yes/no)? yes
administrator#rafsanjani.ir's password:
remote: Could not create directory '/home/Administrator/.ssh'.
remote: Failed to add the host to the list of known hosts (/home/Administrator/.ssh/known_hosts).
remote: bash: hg: command not found
abort: no suitable response from remote hg!
The latest versions of copssh/cwrsync use cygwin 1.7 and require a HOME environment variable. So just add a HOME=%HOMEDRIVE%%HOMEPATH% variable and it should work right away. It did for me :)