Actions
Task #8687
closedAdjust django-hosting to run on Alpine Linux
Start date:
12/05/2020
Due date:
% Done:
0%
Estimated time:
PM Check date:
Description
Currently testing with ula.ungleich.ch.
- nginx start missing
- app user is locked by default (shadow entry with !)
- deprecated ssl configuration directive
- uwsgi configuration seems not to be loaded -> needs permission change
Updated by Nico Schottelius about 4 years ago
- nginx is not automatically started -> certbot gives an error
INFO: [12802]: ula-v6.ungleich.ch: Processing __letsencrypt_cert/ula.ungleich.ch ERROR: [12802]: ula-v6.ungleich.ch: ssh -o User=root -o ControlPath=/tmp/tmp5nw515hq/s -o ControlMaster=auto -o ControlPersist=2h ula-v6.ungleich.ch /bin/sh -c ' export __object=/var/lib/cdist/object/__letsencrypt_cert/ula.ungleich.ch/.cdist-9l5oxy1o; export __object_id=ula.ungleich.ch;/bin/sh -e /var/lib/cdist/object/__letsencrypt_cert/ula.ungleich.ch/.cdist-9l5oxy1o/code-remote': ['ssh', '-o', 'User=root', '-o', 'ControlPath=/tmp/tmp5nw515hq/s', '-o', 'ControlMaster=auto', '-o', 'ControlPersist=2h', 'ula-v6.ungleich.ch', "/bin/sh -c ' export __object=/var/lib/cdist/object/__letsencrypt_cert/ula.ungleich.ch/.cdist-9l5oxy1o; export __object_id=ula.ungleich.ch;/bin/sh -e /var/lib/cdist/object/__letsencrypt_cert/ula.ungleich.ch/.cdist-9l5oxy1o/code-remote'"] Error processing object '__letsencrypt_cert/ula.ungleich.ch' ============================================================ name: __letsencrypt_cert/ula.ungleich.ch path: /tmp/tmprc1zhcj0/a2937c96337251ad011edfc78d9d26a3/data/object/__letsencrypt_cert/ula.ungleich.ch/.cdist-9l5oxy1o source: /tmp/tmprc1zhcj0/a2937c96337251ad011edfc78d9d26a3/data/conf/type/__ungleich_django_microservice/manifest type: /home/nico/vcs/cdist/cdist/conf/type/__letsencrypt_cert code-remote:stderr ------------------ An unexpected error occurred: Traceback (most recent call last): File "/usr/lib/python3.8/site-packages/urllib3/contrib/pyopenssl.py", line 488, in wrap_socket cnx.do_handshake() File "/usr/lib/python3.8/site-packages/OpenSSL/SSL.py", line 1934, in do_handshake self._raise_ssl_error(self._ssl, result) File "/usr/lib/python3.8/site-packages/OpenSSL/SSL.py", line 1663, in _raise_ssl_error raise SysCallError(errno, errorcode.get(errno)) OpenSSL.SSL.SysCallError: (104, 'ECONNRESET') During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/lib/python3.8/site-packages/urllib3/connectionpool.py", line 670, in urlopen httplib_response = self._make_request( File "/usr/lib/python3.8/site-packages/urllib3/connectionpool.py", line 381, in _make_request self._validate_conn(conn) File "/usr/lib/python3.8/site-packages/urllib3/connectionpool.py", line 976, in _validate_conn conn.connect() File "/usr/lib/python3.8/site-packages/urllib3/connection.py", line 361, in connect self.sock = ssl_wrap_socket( File "/usr/lib/python3.8/site-packages/urllib3/util/ssl_.py", line 377, in ssl_wrap_socket return context.wrap_socket(sock, server_hostname=server_hostname) File "/usr/lib/python3.8/site-packages/urllib3/contrib/pyopenssl.py", line 494, in wrap_socket raise ssl.SSLError("bad handshake: %r" % e) ssl.SSLError: ("bad handshake: SysCallError(104, 'ECONNRESET')",) During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/lib/python3.8/site-packages/requests/adapters.py", line 439, in send resp = conn.urlopen( File "/usr/lib/python3.8/site-packages/urllib3/connectionpool.py", line 724, in urlopen retries = retries.increment( File "/usr/lib/python3.8/site-packages/urllib3/util/retry.py", line 439, in increment raise MaxRetryError(_pool, url, error or ResponseError(cause)) urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by SSLError(SSLError("bad handshake: SysCallError(104, 'ECONNRESET')"))) During handling of the above exception, another exception occurred: requests.exceptions.SSLError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by SSLError(SSLError("bad handshake: SysCallError(104, 'ECONNRESET')"))) Please see the logfiles in /var/log/letsencrypt for more details. VERBOSE: [12802]: config: Total processing time for 1 host(s): 144.5763819217682
Updated by Nico Schottelius about 4 years ago
- Description updated (diff)
2020/12/05 11:03:50 [warn] 3251#3251: the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/https-ula.ungleich.ch:13 2020/12/05 11:03:50 [warn] 3254#3254: the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/https-ula.ungleich.ch:13
Updated by Nico Schottelius about 4 years ago
- Description updated (diff)
[11:06] ula-v6:/var/log/uwsgi# less uwsgi.log [emperor-tyrant] invalid permissions for vassal app.ini [11:08] ula-v6:/var/log/uwsgi# cat /etc/uwsgi/conf.d/readme.emperor drop your uwsgi config files inside this directory uwsgi will automatically load them (Emperor mode) and start a vassal. uwsgi will run the vassal using the UID/GID of the vassal configuration file. see: http://uwsgi-docs.readthedocs.io/en/latest/Emperor.html make sure your webserver belongs to the uwsgi group to access the socket. [11:08] ula-v6:/var/log/uwsgi# chown app:app /etc/uwsgi/ conf.d/ uwsgi.ini [11:08] ula-v6:/var/log/uwsgi# chown app:app /etc/uwsgi/ conf.d/ uwsgi.ini [11:08] ula-v6:/var/log/uwsgi# chown app:app /etc/uwsgi/conf.d/app.ini
Updated by Nico Schottelius about 4 years ago
- Description updated (diff)
Jin-Guk, can you checkout above problems, fix them in cdist, create a new test instance
Updated by Jin-Guk Kwon almost 4 years ago
- set new instance (ipv6only, alpine3.12)
- when i ran cdist. there is no error message
...... INFO: [1589]: test-ula-v6.lab.ungleich.ch: Processing __package_apk/certbot VERBOSE: [31477]: test-ula-v6.lab.ungleich.ch: Running object __package/certbot VERBOSE: [31477]: test-ula-v6.lab.ungleich.ch: Running object __letsencrypt_cert/test-ula.lab.ungleich.ch INFO: [31477]: test-ula-v6.lab.ungleich.ch: Processing __letsencrypt_cert/test-ula.lab.ungleich.ch VERBOSE: [31477]: test-ula-v6.lab.ungleich.ch: Preparing object __ungleich_dynamicweb_nginx/test-ula.lab.ungleich.ch VERBOSE: [31477]: test-ula-v6.lab.ungleich.ch: Running manifest and explorers for __ungleich_dynamicweb_nginx/test-ula.lab.ungleich.ch VERBOSE: [31477]: test-ula-v6.lab.ungleich.ch: Running type explorers for <CdistType __ungleich_dynamicweb_nginx> VERBOSE: [31477]: test-ula-v6.lab.ungleich.ch: Running type manifest /tmp/tmpdufukk_x/c4efb3c7713cc19b9938cc55b79bc0ee/data/conf/type/__ungleich_dynamicweb_nginx/manifest for object __ungleich_dynamicweb_nginx/test-ula.lab.ungleich.ch VERBOSE: [31477]: test-ula-v6.lab.ungleich.ch: Preparing object __file/etc/nginx/conf.d/https-test-ula.lab.ungleich.ch VERBOSE: [31477]: test-ula-v6.lab.ungleich.ch: Running manifest and explorers for __file/etc/nginx/conf.d/https-test-ula.lab.ungleich.ch VERBOSE: [31477]: test-ula-v6.lab.ungleich.ch: Running type explorers for <CdistType __file> VERBOSE: [31477]: test-ula-v6.lab.ungleich.ch: Running object __file/etc/nginx/conf.d/https-test-ula.lab.ungleich.ch INFO: [31477]: test-ula-v6.lab.ungleich.ch: Processing __file/etc/nginx/conf.d/https-test-ula.lab.ungleich.ch VERBOSE: [31477]: test-ula-v6.lab.ungleich.ch: Running object __ungleich_dynamicweb_nginx/test-ula.lab.ungleich.ch VERBOSE: [31477]: test-ula-v6.lab.ungleich.ch: Running object __ungleich_django_microservice/ INFO: [31477]: test-ula-v6.lab.ungleich.ch: Finished successful run in 166.01 seconds VERBOSE: [31477]: config: Total processing time for 1 host(s): 166.22307467460632 control%
Updated by Jin-Guk Kwon almost 4 years ago
- nginx status
[11:12] test-ula-v6:/etc/nginx/conf.d# netstat -tnlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 5170/nginx.conf tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 4046/sshd [listener tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 4743/postgres tcp 0 0 :::80 :::* LISTEN 5170/nginx.conf tcp 0 0 :::22 :::* LISTEN 4046/sshd [listener tcp 0 0 ::1:5432 :::* LISTEN 4743/postgres [11:13] test-ula-v6:/etc/nginx/conf.d# service nginx status * status: started [11:13] test-ula-v6:/etc/nginx/conf.d#
[11:13] test-ula-v6:/etc/nginx/conf.d# service nginx restart * Stopping nginx ... [ ok ] nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/https-test-ula.lab.ungleich.ch:13 * Starting nginx ... nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/https-test-ula.lab.ungleich.ch:13 [ ok ] [11:14] test-ula-v6:/etc/nginx/conf.d# netstat -tnlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 5443/nginx.conf tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 4046/sshd [listener tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 4743/postgres tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 5443/nginx.conf tcp 0 0 :::80 :::* LISTEN 5443/nginx.conf tcp 0 0 :::22 :::* LISTEN 4046/sshd [listener tcp 0 0 ::1:5432 :::* LISTEN 4743/postgres tcp 0 0 :::443 :::* LISTEN 5443/nginx.conf [11:14] test-ula-v6:/etc/nginx/conf.d#
Updated by Jin-Guk Kwon almost 4 years ago
[11:19] test-ula-v6:/etc/nginx/conf.d# nginx -v nginx version: nginx/1.18.0 [11:32] test-ula-v6:/etc/nginx/conf.d#
The ssl parameter of the listen directive should be used instead
http://nginx.org/en/docs/http/ngx_http_ssl_module.html
[11:16] test-ula-v6:/etc/nginx/conf.d# vi https-test-ula.lab.ungleich.ch
...... listen 443 ssl; listen [::]:443 ssl; ...... #ssl on; ......
[11:18] test-ula-v6:/etc/nginx/conf.d# service nginx restart * Stopping nginx ... [ ok ] * Starting nginx ... [ ok ] [11:18] test-ula-v6:/etc/nginx/conf.d#
Updated by Nico Schottelius 12 months ago
- Status changed from In Progress to Rejected
Actions