I am facing issues with WebHDFS.
My organization uses WebHDFS on port 50470, which is both "kerberized" and requires HTTPS.
After following the thread in https://github.com/elastic/logstash/issues/8791, and overcoming the Kerberos issue, I am still facing issues with using Kerberos Authentication with HTTPS for WebHDFS.
I am getting the following logs below:
[2018-12-10T23:08:27,237][ERROR][logstash.outputs.webhdfs ] Webhdfs check request failed. (namenode: :50470, Exception: Failed to connect to host :50470, wrong status line: "\x15\x03\x03\x00\x02\x02")
Googling the web for "\x15\x03\x03\x00\x02\x02", it appears that logstash is trying to communicate via HTTP instead of HTTPS. However, I do not see any settings that allow for communication through HTTPS (not talking about use_ssl_authentication, as I do not need to authenticate my client).
I know that WebHDFS is working fine as curl works (after doing kinit):
curl --negotiate -u : -s -k "https://[hostname]:50470/webhdfs/v1/?op=LISTSTATUS"
May I know if there is a way to communicate via HTTPS for WebHDFS?
Related
I have a Laravel app which needs to connect to a secure external API with very strict access requirements. There is a handler hosted on AWS which has a bunch of signed certificates etc. The only way to connect to that API is via that specific server due to those requirements.
Now, to test things on my local machine, I do the following:
SSH to the server using the -D flag to set up a SOCKS proxy.
Use this socks to http package to convert the proxy.
Set up Postman's proxy settings to use that http proxy.
That all works fine and I can complete the requests as expected.
However, I'd like to be able to use the proxy in my local Laravel environment too, for which I use Sail.
The problem is that I'm unsure of how to get the container to interact with the proxy. Using the method above in my local machine, I can cURL the required endpoint just fine, but if I try to do it via the container itself, it refuses to connect.
Any help would be appreciated!
My Spring app uses lets encrypt and is https only. I did not include http to https thing, as it worked for me in postman with https:// format
When I deployed to Cloud Run, and mentioned the custom port (the port specified in spring)
and tested using URL from dashboard
https://..blah..run.app
I am getting error/message
Bad Request
This combination of host and port requires TLS.
What configuration is required on Cloud Run to resolve this?
The url as I see on service details page has htpps://...
EDIT:
If Cloudrun does not need me to take case of SSL, I can remove the application properties entries
server.ssl.key-store-type=PKCS12
server.ssl.key-store=classpath:key/keystore.p12
server.ssl.key-store-password=${lets.secret}
server.ssl.key-alias=someCertAlias
server.ssl.enabled=true
So Can I get an answer on whether to remove SSL from spring?
If cloudrun always uses http, all my calls use redirectConnector, which seems pointless
The Cloud Run Service listens on HTTP and HTTPS. Your application running in the container must listen on a port configured with HTTP only.
FYI: For a public facing web server, you should almost always enable HTTP. Otherwise, when a user enters www.example.com in the browser, the user will receive a connect error. This not always the case, for example .dev gTLDs, but is good practice. When a user connects to Cloud Run with the HTTP protocol, Cloud Run will redirect the user to HTTPS and connect to your application using the HTTP protocol.
I recently started fiddling with Cloud Run for Anthos on GoogleCloud and I just can't enable HTTPS access. I've followed every step in the docs but it still doesn't work. I have a custom .dev domain which I configured through these steps and everything is fine with HTTP but HTTPS still says connection refused
curl http://api.default.customdomain.dev - works fine
but curl https://api.default.customdomain.dev - says:
curl: (7) Failed to connect to api.default.customdomain.dev port 443: Connection refused
I'm pretty sure there's something not specified in the docs, it happens a lot with GCP docs. Has anyone else struggled with this and might be able to help? Thanks!
EDIT: It was actually my fault - when creating the cert/private key secret I provided default for the --namespace value instead of gke-system. So, yeah... it's fixed now.
It was actually my fault - when creating the cert/private key secret I provided default for the --namespace value instead of gke-system. So, yeah... it's fixed now.
I'm trying t use Ngrok to create a local tunnel to an SSL Virtual host I have on my local machine, but can't seem to get it to work.
My Vhost works perfectly. The site is https://local.mysite.com
Any of the command I try to use to predefine the pointing url on Ngrok, e.g.
./ngrok http -host-header=rewrite local.mysite.com:443
or
./ngrok http -subdomain=local.mysite.com local.mysite.com:443
always seems to return:
Bad Request
Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.
I get that this is happening because I am trying to access a HTTPS connection via a HTTP call but I can't see alternatives in the ngrok docs.
https://ngrok.com/docs#expose
You need to use tls which is only available in the pro subscription.
If you use Vagrant, you can use the share function which is free and support https.
I followed the example in the following SO question to successfully set up an Apache forwarding proxy: Setting up an Apache Proxy with Authentication
It works well, except that when accessing sites via https, it says it cannot find the site. For example, Chrome gives
Error 111 (net::ERR_TUNNEL_CONNECTION_FAILED): Unknown error.
And on the server, I do not even see something in the access logs. For my proxy settings, I have configured the same for http and https (i.e. port 80 on my proxy server).
Do you perhaps have an example of how to set up a forward proxy with Apache for https?
It seems the only thing I was missing is that I had not enabled mod_proxy_connect which was achieved with
sudo a2enmod proxy_connect
To quote the mod_proxy_connect documentation page:
This module requires the service of mod_proxy. It provides support for
the CONNECT HTTP method. This method is mainly used to tunnel SSL
requests through proxy servers.
Are you attempting to terminate the SSL or just trying to create a forward proxy without handling any SSL certs? The issue that you are having is because during HTTPS proxying, the browser attempts to create an HTTP tunnel and it seems that your server is not correctly configured to handle tunneling. You can see another example here: Implementing a Simple HTTPS Proxy Application.
Here is another helpful thread on proxying HTTPS traffic with HTTP tunneling: Tunnel over HTTPS.
If you can choose something else other than Apache, I would suggest you use a robust forward proxy such as Squid or TrafficServer that are built to handle this type of setup.