I have at Fiware Lab a virtual machine deployed with Context Broker + Wilma Pep proxy. PEP is configured with https enabled at config.js config.https = { enabled =true...}
Executing the command below I can see "https" process related to the node.js pep process
[centos#orion ~]$ sudo netstat -t -l -p
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:https *:* LISTEN 1492/node
But when I try to execute the following curl command I get the following message
curl -v -i -X GET https://public-ip-at-fiware-lab:443/v2/entities -H "X-Auth-Token: auth-token-from-idm-keyrock"
curl: (35) Unknown SSL protocol error in connection to public-ip-at-fiware-lab:443
What is missing in the configuration of PEP?
How can I debug what is happening in fiware-lab machine?
How can I test the SSL with curl command?
Any tip is wellcome!
Many thanks in advance
Finally I created a new certificate for the machine and the curl command works.
Related
I have a MongoDB instance on a Google compute engine running that I want to connect to from my Github action (On a windows runner if it makes a difference) to insert test and performance results.
Currently, I am trying to open an SSH tunnel with port forwarding and just test that the port is open.
Here is what my GIthub action step is:
- name: 'Create ssh tunnel'
if: (runner.os == 'Windows')
run: |
gcloud config set auth/impersonate_service_account *****#***.iam.gserviceaccount.com
gcloud compute config-ssh
$sshTunnelJob = Start-Job -Name SshTunnelJob -ScriptBlock { ssh -o "User=*****_iam_gserviceaccount_com" *****.us-east1-b.**** -vvv -fNT -L 27017:0.0.0.0:27017}
Get-Job
Receive-Job -Name SshTunnelJob | Format-List -Force -Expand CoreOnly
netstat -aon
Test-NetConnection localhost -port 27017
gcloud config unset auth/impersonate_service_account
gcloud compute config-ssh --remove
I expect this, Test-NetConnection localhost -port 27017, to succeed, but it fails. Forwarding port 80 is succeeding, though.
Here is the output:
WARNING: TCP connect to (::1 : 27017) failed
WARNING: TCP connect to (127.0.0.1 : 27017) failed
ComputerName: localhost
RemoteAddress: ::1
ResolvedAddresses: {::1, 127.0.0.1}
PingSucceeded: True
PingReplyDetails: System.Net.NetworkInformation.PingReply
TcpClientSocket:
TcpTestSucceeded: False
RemotePort: 27017
TraceRoute:
Detailed: False
InterfaceAlias: Loopback Pseudo-Interface 1
InterfaceIndex: 1
InterfaceDescription:
NetAdapter:
NetRoute: MSFT_NetRoute (InstanceID = "DD;9;?B55;55DD55;")
SourceAddress: ::1
NameResolutionSucceeded: True
BasicNameResolution: {Microsoft.DnsClient.Commands.DnsRecord_AAAA,Microsoft.DnsClient.Commands.DnsRecord_A}
LLMNRNetbiosRecords: {}
DNSOnlyRecords: {Microsoft.DnsClient.Commands.DnsRecord_A}
AllNameResolutionResults: {Microsoft.DnsClient.Commands.DnsRecord_AAAA,Microsoft.DnsClient.Commands.DnsRecord_A}
IsAdmin: True
NetworkIsolationContext: Loopback
MatchingIPsecRules:
What am I missing? Is GitHub limiting ports? I couldn't find any documentation on what ports are blocked or not.
Solution 1 :
The issue might be that the connection from client to server is blocked by a firewall. Can you Please check if the relevant GCP firewall setting is enabled for port 27017.
Also , Please check the target tags and update it accordingly if required . This will allow instances tagged with mongodb-instance to accept connections on port 27017.
Solution 2 :
As per the below output provided by you, it is observed that PingSucceeded was True. Whereas, the response returned as False for the PingSucceeded. In such cases, it is observed that the ICMP requests might be disabled on the remote server/device.
PingSucceeded: True
TcpTestSucceeded: False
As you are expecting Test-NetConnection localhost -port 27017 to succeed,please follow the below steps.
Open PowerShell in the Windows server and type the following command:
tnc <ip_address> -port <PortNumber>
If the device was having issues where it powered off or it got disconnected from the network, a response like below is expected.
PingSucceeded : False
TCPTestSucceeded : False
If the connection is healthy (i.e. MongoDb Server is able to successfully connect) then the following response in PowerShell is expected.
TcpTestSucceeded : True
The above response tells us specifically that the Port 27017 is open and the Test-NetConnection module was able to validate TCP handshake, so the port should be ready to establish a connection.
The above information is derived from the link which was drafted by Rodrigo Restrepo
I have a home server on my Raspberry Pi with a registered domain (say: mysite.com). I would like to use a subdomain to point to my MQTT broker running on the Pi so that I can use mqtt.mysite.com from outside my house.
In order to do that I have added a CNAME record to my DNS and verified that I can ping it.
However, I am not able to use the domain with MQTT. I am using mosquitto, the daemon is running on the Pi on the default port 1883. The port is open on the firewall via ufw allow 1883.
If I use the private IP address everything works fine:
mosquitto_pub -h 192.168.1.80 -p 1883 -t home/bedroom/temp -m 23.4
However if I use the subdomain
mosquitto_pub -h mqtt.mysite.com -p 1883 -t home/bedroom/temp -m 23.4
I get a Connection refused error.
Am I missing something?
For demo purpose, I wanted to start at least 5 MySQL-client connection to only one server. Mysql-server is running on a fixed IP.
In my script, I have added many IP's as following.
eth0 inet addr:1.2.3.4
eth0:1 inet addr:1.2.3.5
I am the mysql client request as follows:
mysql -u test -h mysql.domain.com -p
This request always goes with 1.2.3.4? Can I start the mysql-client request with the IP I wanted?
I'm not sure it can be defined in the mysql client.
However good'ol networking should be your friend here.
The idea here is to make sure that IP traffic from your machine to the server machine goes through the desired NIC as its gateway.
The command on *nix is 'route add' and the syntax should be something in the spirit of:
route add -host <YOUR DB SERVER IP> gw 1.2.3.5 dev <YOUR NIC DEVICE NAME>
i am a fiware user and i have created an iot agent on an ubuntu 14.04 empty vm and when i send a create service or a device registration request , i get an error. And i've made sure that the ports listen properly and i've also allowed tcp connection on the port 4061. and also get an error whenever i send the request .
here's the create service request
(curl -H 'content-type: application/json' -H 'fiware-service: bla770' -H 'fiware-servicepath: /howtobla770' -X POST 'http://217.172.12.243:4061/iot/services' -d #- ) << EOF
{
"services": [
{
"apikey": "api70",
"token": "token",
"cbroker": "http://147.27.60.58:1026",
"resource": "/iot/d",
"entity_type": "thing"
}
]
}
EOF
and this is the error which i get .
connect to 217.172.12.243 port 4061 failed: Connection timed out
* Failed to connect to 217.172.12.243 port 4061: Connection timed out
Although i have allowed the port 4061 through the firewall by the command
sudo ufw allow 4061
sudo ufw allow 4061
So, what could be done to solve this error please ?
i think you can solve this by deploy preconfigured image like Cepheus and it will allow you to use port8080 and 8081 and you can configure your iot agent to listen by change in config.js file
I am trying to setup zabbix proxy. My network is as below
Zabbix server IP: 192.168.101.11 (internal network)
Zabbix proxy server: 192.168.102.109 (internal network)
Zabbix agent: 172.1.16.2 (outside network but pingable from 102.109)
I can ping the zabbix agent IP from my proxy machine.
[root#102_109 ~]# ping 172.1.16.2
PING 172.1.16.2 (172.1.16.2) 56(84) bytes of data.
64 bytes from 172.1.16.2: icmp_seq=1 ttl=64 time=215 ms
64 bytes from 172.1.16.2: icmp_seq=2 ttl=64 time=214 ms
64 bytes from 172.1.16.2: icmp_seq=3 ttl=64 time=214 ms
64 bytes from 172.1.16.2: icmp_seq=4 ttl=64 time=214 ms
I can connect to the zabbix proxy from my zabbix server -
zabbix_get -k agent.ping -s 192.168.102.109
1
My zabbix_proxy.conf file (on 102.109) is as below
ProxyMode=0
Server=192.168.101.11
Hostname=CME_Proxy
LogFile=/tmp/zabbix_proxy.log
DBName=zabbix
DBUser=root
DBPassword=password
And on the zabbix agent machine (172.1.16.2) the configuration is as below.
EnableRemoteCommands=1
LogFile=/tmp/zabbix_agentd.log
Server=192.168.101.11,192.168.102.109
ServerActive=192.168.101.11,192.168.102.109
Hostname=172.1.16.2
AllowRoot=1
On my zabbix front end, I have configured the host as monitored by proxy (CME_Proxy) and there is only 1 item (agent.ping).
I am not able to get any data from the zabbix agent. From my proxy machine, when I run the following command, it returns a blank value.
zabbix_get -k agent.ping -s 172.1.16.2
<this is blank response>
Due to this, in the host configuration, zabbix shows error -
"Received empty response from Zabbix Agent at [172.1.16.2]. Assuming
that agent dropped connection because of access permissions."
Can someone please guide me if the way I have configured is correct? If not how to do this correctly. If you need additional data please let me know.
Thank you
Mukul
Figured it out:
In the agent config file, the following parameters
Server=192.168.101.11,192.168.102.109
ServerActive=192.168.101.11,192.168.102.109
should have been
Server=192.168.101.11,172.1.16.1
ServerActive=192.168.101.11,172.1.16.1
> server 172.1.16.2, some changes in zabbix_agentd.conf
you need specified who will have permission to request the data to agent (passive checks).
Server=192.168.102.109 # it will allow connections from proxy ip
# ServerActive=192.168.102.109 # comment ServerActive if you won't use active checks
at the web interface (set monitored by: CME_Proxy, or the same you defined in Hostname at zabbix_proxy.conf on 192.168.102.109)
> check communication: as you did before!
at the proxy terminal (192.168.102.109):
enter code here
zabbix_get -k agent.ping -s 172.1.16.2 # It should return 1.
PS: check Hostname in the zabbix_proxy.conf, it should be CME_Proxy, or the same you defined at web interface.
# FOR step-by-step guide of running latest zabbix version 5.0 follow these links
# https://blog.zabbix.com/zabbix-docker-containers/7150/
# https://techexpert.tips/zabbix/monitoring-docker-using-zabbix/
#it's simple just add all zabbix server IPs in zabbix host agent conf #file like below
Server=192.168.101.11,172.1.16.1
ServerActive=192.168.101.11,172.1.16.1
if you ur using zabbix server-agent model using docker containers then while deploying containers specify zabbix server Host/Container IPs which wants to connect to zabbix agent container
Assuming if you wanna deploy zabbix server and agent in the same server running docker containers just run below docker deploy commands
#Zabbix Server Container
sudo docker run --name zabbix-appliance -p 8080:80 -p 10051:10051 -d -h zabbix-server zabbix/zabbix-appliance
#Zabbix Agent container
sudo docker run --name=dockbix-agent-xxl --privileged -v /:/rootfs -v /var/run:/var/run -p 10050:10050 -e "ZA_Server=192.168.0.3,172.17.0.1" -e "ZA_ServerActive=192.168.0.3,172.17.0.1" -d monitoringartist/dockbix-agent-xxl-limited:latest
#Default username and password of zabbix server
#username: Admin password: zabbix
# For monitoring docker containers resources import a template from this cloned repository https://github.com/monitoringartist/zabbix-docker-monitoring