I want my Symfony 4.4 site to force https site wide. I know this should be simple and I've been googling for a while but I don't seem to be able to find the correct solution. I have paths defined in my security.yaml file for pages behind a login. I tried adding "requires_channel: https" to those and then added one to catch everything else and it killed my site:
- { path: ^/marketing/page1, roles: ROLE_USER, requires_channel: https }
- { path: ^/marketing/page2, roles: ROLE_USER, requires_channel: https }
- { path: ^/marketing/page3, roles: ROLE_USER, requires_channel: https }
# catch all other URLs
- {path: '^/', roles: IS_AUTHENTICATED_ANNONYMOUSLY, requires_channel: https}
With those rules in place I was unable to connect at all in a browser. I do not have a cert for this, but I still expected to get the "this site is not secure do you want to proceed page". Am I thinking about this the wrong way?
Thanks
Related
I'm having an issue using the routeros_command module. I keep getting an error:
ConnectionError: timeout value 30 seconds reached while trying to send command: b'/system resource print'
I read that it must have something to do with the username, because of the dash. But changing the username is not an option for me.
I'm trying to find a different way to access the router while still making sure that the password won't show without using the no_logs option.
- name: Router OS check
vars:
ansible_connection: network_cli
ansible_network_os: routeros
ansible_user: test-router
ansible_password: testing-router12
routeros_command:
commands:
- /system resource print
Can anyone help me with the error deleting obsolete replication agents using the aem_agent module (https://github.com/lean-delivery/ansible-modules-aem/blob/master/aem_agent.py)?
I face an error:
"msg": "failed to delete agent: 405 - "
Here is a task:
- name: Remove dispatcher flush agents
aem_agent:
name: "{{ obsolete_dispatcher }}"
state: absent
folder: 'agents.publish'
admin_user: '{{ admin_login }}'
admin_password: '{{ admin_password }}'
host: 'http://localhost'
port: '4502'
From the error.log:
XX.XX.XXXX XX:XX:XX.XXX *ERROR* [127.0.0.1 [XXXXXXXXXXXXX] DELETE /etc/replication/agents.publish/ip-XX-XX-XXX-XXX-XX-XXXX-X-compute-internal-dispatcher HTTP/1.1] org.apache.sling.servlets.resolver.internal.SlingServletResolver handleError: Recursive invocation. Not further handling status 405(Method DELETE not supported)
The HTTP DELETE method isn't supported when you disable the WebDav bundles per the security checklist.
You can either re-enable WebDAV or modify the code in the Ansible aemagent project to delete using the Sling POST servlet instead. The request would be a POST with parameter ":operation=delete" to the path.
For examples, see the Sling documentation.
As was advised, I modified a code (delete_agent function). Changes:
request method from delete => post
added data to the request: {':operation': 'delete'}
also, I've created PR to add these changes in the code.
It works for me. Thank you, Andrew Khoury, very much!
I have been trying to login a web page and get/download some specific data from there, but couldn't make it. Is it possible?
If you need to download a specific file, and you can get it via http://username:password#example.com/path/file.conf then you can use the get_url module:
- name: < Fetch file that requires authentication.
get_url:
url: http://example.com/path/file.conf
dest: /etc/foo.conf
url_username: bar
url_password: '{{ mysecret }}'
https://docs.ansible.com/ansible/latest/modules/get_url_module.html
If you need arbitrary auth, why not just write it in normal python/bash and trigger the script with Ansible so that you aren't constrained by Ansible's auth support?
https://docs.ansible.com/ansible/latest/modules/script_module.html
If I have a something like this:
config/deploy/production.rb:
server myserver1 roles: %i[app web db]
server myserver2 roles: %i[app web db]
server myutilserver1 roles: %[util]
config/deploy.rb:
append :linked_files, 'all_servers_file.yml'
append :linked_files, 'util_server_file.yml'
Is there some way to rework this so that util_server_file.yml is only linked on myutilserver1, but all_servers_file.yml still goes to all servers? Or is this an all-or-nothing situation?
You can probably define extra roles for those servers
server myserver1 roles: %i[app web db utils_server_file]
server myserver2 roles: %i[app web db all_servers_file]
And then specify on which roles each task should run:
append :linked_files, 'all_servers_file.yml', roles: %i[all_servers_file]
append :linked_files, 'util_server_file.yml', roles: %i[utils_server_file]
This solution though seems hacku, and maybe there's a better way. But to know that - we'd need to know the context behing this particular files difference between two servers.
I'm trying to download a protected file using HTTP from a remote server with the get_url module but the username password does not seem to get passed in the request and the task therefore fails.
I'm using Ansible 1.9.2
Here is the get_url definition I'm using:
- name: Downloading Artifact
get_url:
url: "http://myserver/somefile.tar.gz"
dest: "/home/jdoe/somefile.tar.gz"
url_username: "jdoe"
url_password: "mysecret"
mode: 0600
Here is the error I get:
failed: [myserver] => {"dest": "/home/jdoe/somefile.tar.gz", "failed": true,
"response": "HTTP Error 403: Forbidden", "state": "absent",
"status_code": 403, "url": "http://myserver/somefile.tar.gz"}
msg: Request failed
FATAL: all hosts have already failed -- aborting
Now, I tried to download the file using cURL and it works.
Any help is appreciated as I've struggling with this for 2 days.
You can use the uri module:
---
- hosts: hostname
tasks:
- name: "download file"
uri:
url: "http://somedomain.com/file.json"
method: GET
user: "{{ somedomain.user }}"
password: "{{ somedomain.password }}"
force_basic_auth: yes
dest: /tmp/somedomain.file.json
return_content: yes
If this doesn't work, probably it will have something to do with the httplib2 library version.
The problem is that your server does not return 401 status so that the httplib2 library can send over the BASIC authentication credentials afterwards. The solution is to upgrade to ansible >= 2.0 and use force_basic_auth: True so that the BASIC authentication credentials from the beginning.
I've had a similar issue in ansible 2.9.
Turns out curl was also getting HTTP 403 but showing content anyway. GET_URL module is just more strict.
For me, the issue was solved by switching from the default Apache welcome page to the smth custom made.