Develop Reference

Webservice does not work after being packaged into a Docker image

I write a simple webservice in ruby with sinatra. If I run ruby app.rb it runs on localhost:4567. I write a Dockerfile to make an image and expose port 4567.
However, when I run the docker image the webservice runs but if I try to connect (with curl and browser) to port 4567, it says Connection reset by peer.
Anyone has any suggestion? Because I do not know what to check in this case. I have tried some vague things but still..
The webservice runs normally outside docker.
EDIT 1:
I have pushed the image to eivor/ruby. If you run it and go to browser to check it would say connection reset. Yes I tried docker run -p 4567:4567 eivor/ruby as said before posting the question.
EDIT 2: Here is the app.rb
require 'sinatra'
require 'referal' # this is the gem that calculate reward points to users
require 'json'
require 'byebug'
get '/' do
'hello, world!'
end
# inside docker image, even get / returns connection reset by peer
# not to mention post data to it
post '/' do
data = JSON.parse(request.body.read)
input = []
data.each do | key, value |
input << value
end
invs, users = input.reduce([[],[]]) do | results, instruction |
results = classify(instruction, results[0], results[1])
results
end
res = export(users)
# byebug
puts res
end
post '/text' do
#data = request.body.readlines
#byebug
#processed = #data.map{ |s| process(s) }
#invs, #users = #processed.reduce([[],[]]) do | results, instruction |
results = classify(instruction, results[0], results[1])
results
end
#jsn = export(#users)
puts #jsn
end
Here is the Dockerfile, i build a lightweight ruby from alpine
FROM alpine:3.5
ENV BUILD_PACKAGES bash curl-dev ruby-dev build-base git libstdc++ tzdata ca-certificates
ENV RUBY_PACKAGES ruby>2.3 ruby-irb ruby-rake ruby-io-console ruby-bigdecimal ruby-json
RUN apk update && apk upgrade
RUN apk add $BUILD_PACKAGES && apk add $RUBY_PACKAGES
RUN apk add ruby-bundler>1.17
RUN echo 'gem: --no-document' > /etc/gemrc && rm -rf /var/cach/apk/*
RUN gem install bundler
RUN mkdir /usr/app
WORKDIR /usr/app
RUN git init
COPY . /usr/app
RUN bundle install
RUN bundle exec rake install
EXPOSE 4567
CMD ["ruby", "./app.rb"]
If I run outside docker with command ruby app.rb or bundle exec rerun app.rb it works normally. But using docker image, it does not. I run the command:
docker run -p 4567:4567 eivor/ruby
The server runs,
[2019-03-14 16:59:59] INFO WEBrick 1.3.1
[2019-03-14 16:59:59] INFO ruby 2.3.8 (2018-10-18) [x86_64-linux-musl]
== Sinatra (v2.0.5) has taken the stage on 4567 for development with backup from WEBrick
[2019-03-14 16:59:59] INFO WEBrick::HTTPServer#start: pid=1 port=4567
but when I try to access with browser or curl, it says connection reset by peer. If I try to post with curl, the data is actually sent but it does not respond, it hangs up on me instead.
curl -v localhost:4567 --data-binary #test/input
* Rebuilt URL to: localhost:4567/
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 4567 (#0)
> POST / HTTP/1.1
> Host: localhost:4567
> User-Agent: curl/7.58.0
> Accept: */*
> Content-Length: 369
> Content-Type: application/x-www-form-urlencoded
>
* upload completely sent off: 369 out of 369 bytes
* Recv failure: Connection reset by peer
* stopped the pause stream!
* Closing connection 0
curl: (56) Recv failure: Connection reset by peer

This issue is happening because Sinatra by default (development environment) listen on 127.0.0.1 which not works in case of external connection to container
:bind - server hostname or IP address
String specifying the hostname or IP address of the interface to listen on when the :run setting is enabled. The default value in the development environment is 'localhost' which means the server is only available from the local machine. In other environments the default is '0.0.0.0', which causes the server to listen on all available interfaces.
So if you will continue on running in development mode, you need to change it to 0.0.0.0, for example:
docker run -p 4567:4567 --name stack eivor/ruby bash -c 'ruby ./app.rb -o 0.0.0.0'
Which can be used in Dockerfile as:
CMD ["ruby", "./app.rb", "-o", "0.0.0.0"]
Or you can use the following within your script:
set :bind, '0.0.0.0'
Then from outside the container you can get the result:
curl -v localhost:4567
* Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 4567 (#0)
> GET / HTTP/1.1
> Host: localhost:4567
> User-Agent: curl/7.64.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Content-Type: text/html;charset=utf-8
< Content-Length: 13
< X-Xss-Protection: 1; mode=block
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< Server: WEBrick/1.3.1 (Ruby/2.3.8/2018-10-18)
< Date: Thu, 14 Mar 2019 17:17:20 GMT
< Connection: Keep-Alive
<
* Connection #0 to host localhost left intact
hello, world!
For more configuration check the following: CONFIGURING SETTINGS

Have a look at this article: https://docs.docker.com/config/containers/container-networking/
In few words - try to publish your exposed ports via -p argument.
For example:
$ docker run -it -p 4567 my-local-image

From the documentation:
Flag value Description
-p 8080:80 Map TCP port 80 in the container to port 8080 on the Docker host.
You need to map the TCP port 4567 in the container to a port on the Docker host. For example, to map it to port 8080:
$ docker run -it -p 8080:4567 image-goes-here

Hostname was NOT found in DNS cache for port 8080 but fine on port 80?

I am testing an API I have made using Springboot from my laptop (192.168.1.217:8080) and I am trying to get a cURL request via SSH from my Raspberry Pi.
Here is the error I am receiving when I try to send the request via port 8080 which it seems to not like:
pi#raspberrypi:~ $ curl -v 192.168.1.217:8080/api
* Hostname was NOT found in DNS cache
* Trying 192.168.1.217...
However cURL does work for the same IP but with port 80:
pi#raspberrypi:~ $ curl -v 192.168.1.217
* Rebuilt URL to: 192.168.1.217/
* Hostname was NOT found in DNS cache
* Trying 192.168.1.217...
* Connected to 192.168.1.217 (192.168.1.217) port 80 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.38.0
> Host: 192.168.1.217
> Accept: */*
>
< HTTP/1.1 302 Found
< Date: Thu, 30 Mar 2017 17:20:43 GMT
* Server Apache/2.4.23 (Win32) OpenSSL/1.0.2h PHP/5.5.38 is not blacklisted
< Server: Apache/2.4.23 (Win32) OpenSSL/1.0.2h PHP/5.5.38
< X-Powered-By: PHP/5.5.38
< Location: http://192.168.1.217/dashboard/
< Content-Length: 0
< Content-Type: text/html
<
* Connection #0 to host 192.168.1.217 left intact
pi#raspberrypi:~ $
I've tried looking around but to no avail... anybody have any suggestions as to why I cannot find my own hostname in the DNS cache?
Cheers

No, Hostname was NOT found in DNS cache is not the problem. You can clearly see on the next line, in both examples, that after saying that curl is trying to connect to 192.168.1.217. Your problem is that nothing is answering on port 8080 on that IP address (while an Apache server is answering on port 80 there).
If you're getting a long pause and then a timeout rather than a quick "Connection refused", you almost certainly need to open port 8080 in the local firewall on your server machine.

curl without a protocol prefix presumes HTTP port 80.
To use another port, where it does not make that assumption, all you need to do is change your command's URL to be like this:
curl -v http://192.168.1.217:8080/api
Here is a decent article on the subject: Using CURL For Testing Web Applications

SNMP not working in amazon server

I'm trying to monitor amazon server from my local server,I installed and configured snmpd but I can't arrive from my local server to amazon server using snmpwalk.
I check it with the command:
snmpwalk -Os -c public -v 2c XX.XX.XX.XX
from amazon server the snmp is working correctly but from local server is not working.
The SNMP configuration in amazon server is:
agentAddress udp:0.0.0.0:161
view systemonly included .1.3.6.1.2.1.1
view systemonly included .1.3.6.1.2.1.25.1
rocommunity public 0.0.0.0
The configuration in /etc/default/snmp is:
SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid'
and the security group in amazon server I opened UDP to anywhere:
Custom UDP Rule - UDP - 161 - 0.0.0.0/0
-- Netstat result:
root## netstat -an | grep 161
udp 0 0 0.0.0.0:161 0.0.0.0:*
-- In my firewall i added this rule:
# cat rules | grep 161
ACCEPT loc:ip_local_server net:ip_amazon_server udp 161
I don't know what I have to check more.
any suggestion?
Thank you!

Lunching tcpdump I see this result in amazon server when I lunch snmpwalk in my local server:
17:38:23.591513 IP 1-1-1-1.ea.com.35403 > .snmp: GetNextRequest(25)
17:38:23.591690 IP .snmp > 1-1-1-1.ea.com.35403: GetResponse(114) system.sysDescr.0="Linux ip-17-3-2-2 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt11-1 (2015-05-24) x86_64"
17:38:24.592491 IP 1-1-1-1.ea.com.35403 > .snmp: GetNextRequest(25)
But the result in local server is:
Timeout: No Response from 1.1.1.1

squid ssl-bump 3.5.4: error - Error negotiating SSL connection on FD 10: Success (0)

I am trying to install squid 3.5.4 (on docker, running debian 8) and run it in ssl-bump mode.
Compilation:
./configure --prefix=/opt/squid --srcdir=. --disable-maintainer-mode \
--disable-dependency-tracking --disable-silent-rules --enable-inline\
--disable-arch-native --enable-async-io=8 \
--enable-storeio=ufs,aufs,diskd,rock \
--enable-removal-policies=lru,heap --enable-delay-pools \
--enable-cache-digests --enable-icap-client \
--enable-follow-x-forwarded-for \
--enable-auth-basic=DB,fake,getpwnam,LDAP,MSNT-multi-domain,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB \
--enable-auth-digest=file,LDAP \
--enable-auth-negotiate=kerberos,wrapper \
--enable-auth-ntlm=fake,smb_lm \
--enable-external-acl-helpers=file_userip,kerberos_ldap_group,LDAP_group,session,SQL_session,unix_group,wbinfo_group \
--enable-url-rewrite-helpers=fake --enable-eui \
--enable-esi --enable-icmp --enable-zph-qos \
--disable-translation --with-filedescriptors=65536 \
--with-large-files --with-default-user=squid \
--enable-linux-netfilter \
CFLAGS="-g -O2 -fPIE -Wall" LDFLAGS="-fPIE -pie -Wl,-z,relro -Wl,-z,now" CPPFLAGS="-D_FORTIFY_SOURCE=2" \
CXXFLAGS="-g -O2 -fPIE " --enable-ssl --with-openssl --enable-ssl-crtd
Changed configuration (squid.conf) (rest is default):
# Squid normally listens to port 3128 \
http_port 9090
sslcrtd_program /opt/squid/libexec/ssl_crtd -s /opt/squid/var/lib/ssl_db -M 4MB
https_port 8080 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB key=/opt/squid/certs/private.pem cert=/opt/squid/certs/public.pem
### New configuration for Squid version 3.5
acl step1 at_step SslBump1
ssl_bump peek step1
ssl_bump bump all
### New config ends
sslproxy_capath /etc/ssl/certs
sslproxy_cert_error allow all
always_direct allow all
sslproxy_flags DONT_VERIFY_PEER
Generated certificates:
openssl req -new -newkey rsa:2048 -sha256 -days 365 -nodes -x509 -keyout private.pem -out public.pem
Generate squid certs dir and change ownership:
/opt/squid/libexec/ssl_crtd -c -s /opt/squid/var/lib/ssl_db -M 4MB
chown -R squid:squid /opt/squid/var/lib/ssl_db
CA Root certs are present in the default path
squid#525f5d9c759a:/opt/squid/certs$ ls -lsthr /etc/ssl/certs | wc -l
741
I am testing this configuration, using HTTP CONNECT, configuring the proxy directly in the browser.
ISSUE:
I get the following error when the browser request hits the proxy
8zjv9ksCWknblqfZ3rjWczvKNRboHpu940olZAbvSP0JWSXhFfRRTIsHIHD2/rt/
n5/qsURq/WLodLffFxuk+bLVTDZu
-----END PRIVATE KEY-----
2015/05/04 15:13:46.468 kid1| client_side.cc(3981) sslCrtdHandleReply: Certificate for 172.17.0.7 was successfully recieved from ssl_crtd
2015/05/04 15:13:46.468 kid1| client_side.cc(3664) httpsCreate: will negotate SSL on local=172.17.0.7:2222 remote=172.17.42.1:40686 FD 10 flags=33
2015/05/04 15:13:46.468 kid1| AsyncCall.cc(26) AsyncCall: The AsyncCall ConnStateData::requestTimeout constructed, this=0x7f0357a16c10 [call105]
2015/05/04 15:13:46.468 kid1| Error negotiating SSL connection on FD 10: Success (0)
2015/05/04 15:13:46.468 kid1| AsyncCall.cc(93) ScheduleCall: comm.cc(730) will call ConnStateData::connStateClosed(FD -1, data=0x7f03575d43b8) [call95]
2015/05/04 15:13:46.468 kid1| AsyncCallQueue.cc(55) fireNext: entering ConnStateData::connStateClosed(FD -1, data=0x7f03575d43b8)
2015/05/04 15:13:46.468 kid1| AsyncCall.cc(38) make: make call ConnStateData::connStateClosed [call95]
2015/05/05 10:00:25| pinger: Initialising ICMP pinger ...
2015/05/05 10:00:25| icmp_sock: (1) Operation not permitted
2015/05/05 10:00:25| pinger: Unable to start ICMP pinger.
2015/05/05 10:00:25| icmp_sock: (1) Operation not permitted
2015/05/05 10:00:25| pinger: Unable to start ICMPv6 pinger.
2015/05/05 10:00:25| FATAL: pinger: Unable to open any ICMP sockets.
Sending a curl request shows this:
curl --proxy https://localhost:8080 -w '\n' https://google.com -v
* Rebuilt URL to: https://google.com/
* Trying ::1...
* Connected to localhost (::1) port 8080 (#0)
* Establish HTTP proxy tunnel to google.com:443
> CONNECT google.com:443 HTTP/1.1
> Host: google.com:443
> User-Agent: curl/7.42.0
> Proxy-Connection: Keep-Alive
>
* Proxy CONNECT aborted
* Connection #0 to host localhost left intact
curl: (56) Proxy CONNECT aborted
Can anyone help with this?

Response got on Squid mailing lists:
http://squid-web-proxy-cache.1019090.n4.nabble.com/Error-negotiating-SSL-connection-on-FD-12-Success-td4671090.html
Summary: use http_port for handling the requests from browsers, which have proxy information directly specified.
Use https_port with ssl-bump and corresponding tag "intercept" or "tproxy" to use in transparent mode.

CentOS 6.5 - haproxy fatal error

Getting error in CentOS 6.5, HA-Proxy version 1.4.24 2013/06/17
Please advise how to make it work? i need to do HTTPS to localhost:8888 , which is failing.
# service haproxy start
[ALERT] 238/084310 (24365) : parsing [/etc/haproxy/haproxy.cfg:18] : timeout 'tunnel': must be 'client', 'server', 'connect', 'check', 'queue', 'http-keep-alive', 'http-request' or 'tarpit'
[ALERT] 238/084310 (24365) : parsing [/etc/haproxy/haproxy.cfg:22] : 'redirect' expects 'code', 'prefix', 'location', 'set-cookie', 'clear-cookie', 'drop-query' or 'append-slash' (was 'scheme').
[ALERT] 238/084310 (24365) : parsing [/etc/haproxy/haproxy.cfg:24] : 'bind' only supports the 'transparent', 'defer-accept', 'name', 'id', 'mss' and 'interface' options.
[ALERT] 238/084310 (24365) : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg
[ALERT] 238/084310 (24365) : Fatal errors found in configuration.
Errors in configuration file, check with haproxy check.
My config is:
global
log 127.0.0.1 local0 debug
maxconn 8000
user haproxy
group haproxy
defaults
log global
option httplog
option dontlognull
option http-server-close
option redispatch
retries 3
mode http
maxconn 5000
timeout connect 5s
timeout client 30s
timeout server 30s
timeout tunnel 12h
frontend www
bind :80
option forwardfor
redirect scheme https if !{ ssl_fc }
frontend lb
bind :443 ssl crt /etc/haproxy/sslkeys/cert.pem ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:RC4-SHA
option forwardfor
reqadd X-Forwarded-Proto:\ https
default_backend api
acl is_websocket hdr(Upgrade) -i WebSocket
acl is_websocket hdr_beg(Host) -i ws
acl is_api hdr_beg(Host) -i api
use_backend ws if is_websocket
use_backend api if is_api
backend api
balance roundrobin
server service 127.0.0.1:5001 weight 1 maxconn 2500 check
backend ws
balance roundrobin
server service 127.0.0.1:5001 weight 1 maxconn 2500 check
EDIT: upgraded to http://silverdire.com/2014/03/19/haproxy-1-5-dev22-rpm-repo/
but still giving error
# service haproxy start
[ALERT] 238/085833 (25096) : parsing [/etc/haproxy/haproxy.cfg:22] : error detected in frontend 'www' while parsing redirect rule : error in condition: unknown fetch method 'ssl_fc' in ACL expression 'ssl_fc'.
[ALERT] 238/085833 (25096) : parsing [/etc/haproxy/haproxy.cfg:24] : 'bind :9999' unknown keyword 'ssl'. Registered keywords :
[ TCP] defer-accept
[ TCP] interface <arg>
[ TCP] mss <arg>
[ TCP] transparent
[ TCP] v4v6
[ TCP] v6only
[STAT] level <arg>
[UNIX] gid <arg>
[UNIX] group <arg>
[UNIX] mode <arg>
[UNIX] uid <arg>
[UNIX] user <arg>
[ ALL] accept-proxy
[ ALL] backlog <arg>
[ ALL] id <arg>
[ ALL] maxconn <arg>
[ ALL] name <arg>
[ ALL] nice <arg>
[ALERT] 238/085833 (25096) : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg
[ALERT] 238/085833 (25096) : Fatal errors found in configuration.
Errors found in configuration file, check it with 'haproxy check'.

CentOS 7 (compatible) - Not compiled it with SSL support. To resolve it:
Step 1
yum remove haproxy
yum install openssl-devel pcre-devel
OR
apt-get install libssl-dev libpcre3
Step 2
Install Haproxy stable
$ wget http://www.haproxy.org/download/1.5/src/haproxy-1.5.3.tar.gz
$ tar -xvzf haproxy-1.5.3.tar.gz -C /var/tmp
$ cd /var/tmp/haproxy-1.5.3
$ make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_CRYPT_H=1 USE_LIBCRYPT=1
$ make install
$ ./haproxy -vv
HA-Proxy version 1.5.3 2014/07/25
Copyright 2000-2014 Willy Tarreau <w#1wt.eu>
Build options :
TARGET = linux2628
CPU = generic
CC = gcc
CFLAGS = -O2 -g -fno-strict-aliasing
OPTIONS = USE_LIBCRYPT=1 USE_CRYPT_H=1 USE_ZLIB=1 USE_OPENSSL=1 USE_PCRE=1
Default settings :
maxconn = 2000, bufsize = 16384, maxrewrite = 8192, maxpollevents = 200
Encrypted password support via crypt(3): yes
Built with zlib version : 1.2.3
Compression algorithms supported : identity, deflate, gzip
Built with OpenSSL version : OpenSSL 1.0.1e-fips 11 Feb 2013
Running on OpenSSL version : OpenSSL 1.0.1e-fips 11 Feb 2013
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports prefer-server-ciphers : yes
Built with PCRE version : 7.8 2008-09-05
PCRE library supports JIT : no (USE_PCRE_JIT not set)
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND
Available polling systems :
epoll : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 3 (3 usable), will use epoll.
Step 3
SSL is now supported
$ ./haproxy -f configfile.cfg
NOTE:
/etc/haproxy/sslkeys/cert.pem: this file should have Private key, Certificate, Intermediate certificate (optional) in one file

I would recommend to use rpm-build instead, at least for all RHEL-like distros
Prepare environment
# cat /etc/redhat-release
CentOS Linux release 7.4.1708 (Core)
# haproxy -v
HA-Proxy version 1.5.18 2016/05/10
Copyright 2000-2016 Willy Tarreau <willy#haproxy.org>
# yum install rpm-build make gcc-c++ openssl-devel pcre-devel
# cd /root/ && wget https://www.haproxy.org/download/1.8/src/haproxy-1.8.1.tar.gz
Build the package
# USE_ZLIB=1 USE_LIBCRYPT=1 USE_OPENSSL=1 rpmbuild -ta haproxy-1.8.1.tar.gz
Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.I61pDI
+ umask 022
+ cd /root/rpmbuild/BUILD
+ cd /root/rpmbuild/BUILD
+ rm -rf haproxy-1.8.1
+ /usr/bin/gzip -dc /root/haproxy-1.8.1.tar.gz
+ /usr/bin/tar -xf -
...
Checking for unpackaged file(s): /usr/lib/rpm/check-files /root/rpmbuild/BUILDROOT/haproxy-1.8.1-1.x86_64
Wrote: /root/rpmbuild/SRPMS/haproxy-1.8.1-1.src.rpm
Wrote: /root/rpmbuild/RPMS/x86_64/haproxy-1.8.1-1.x86_64.rpm
Wrote: /root/rpmbuild/RPMS/x86_64/haproxy-debuginfo-1.8.1-1.x86_64.rpm
Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.jo5GXH
+ umask 022
+ cd /root/rpmbuild/BUILD
+ cd haproxy-1.8.1
+ '[' /root/rpmbuild/BUILDROOT/haproxy-1.8.1-1.x86_64 '!=' / ']'
+ /usr/bin/rm -rf /root/rpmbuild/BUILDROOT/haproxy-1.8.1-1.x86_64
+ exit 0
Install/upgrade the package
# rpm -Uvh /root/rpmbuild/RPMS/x86_64/haproxy-1.8.1-1.x86_64.rpm
Preparing... ################################# [100%]
Updating / installing...
1:haproxy-1.8.1-1 ################################# [ 50%]
Cleaning up / removing...
2:haproxy-1.5.18-6.el7 ################################# [100%]
Check output
# haproxy -vv
HA-Proxy version 1.8.1 2017/12/03
Copyright 2000-2017 Willy Tarreau <willy#haproxy.org>
Build options :
TARGET = linux26
CPU = generic
CC = gcc
CFLAGS = -m64 -march=x86-64 -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement -fwrapv -Wno-unused-label
OPTIONS = USE_ZLIB=1 USE_OPENSSL=1 USE_PCRE=1
Default settings :
maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200
Built with OpenSSL version : OpenSSL 1.0.2k-fips 26 Jan 2017
Running on OpenSSL version : OpenSSL 1.0.2k-fips 26 Jan 2017
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports : SSLv3 TLSv1.0 TLSv1.1 TLSv1.2
Built with transparent proxy support using: IP_TRANSPARENT IP_FREEBIND
Encrypted password support via crypt(3): yes
Built with PCRE version : 8.32 2012-11-30
Running on PCRE version : 8.32 2012-11-30
PCRE library supports JIT : no (USE_PCRE_JIT not set)
Built with zlib version : 1.2.7
Running on zlib version : 1.2.7
Compression algorithms supported : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip")
Built with network namespace support.
Available polling systems :
epoll : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 3 (3 usable), will use epoll.
Available filters :
[SPOE] spoe
[COMP] compression
[TRACE] trace
For systemd based system you should install systemd-devel package and pass USE_SYSTEMD=1 option