I'm trying to figure out how to install bigbluebutton in a private network.
Is it possible to install bigbluebutton 2.5 using openssl instead of letsencrypt certbot?
Yes. Check the help message of bbb install scripts, there is an option "-d":
-d Skip SSL certificates request (use provided certificates from mounted volume) in /local/certs/
In my case, I use mkcert to generate the certificate and private key files, then put them under /local/certs:
/local/
└── certs
├── fullchain.pem
└── privkey.pem
And install the bbb with this command:
sudo ./bbb-install-2.5.sh -v focal-250 -s 192.168.56.101 -d -g -a -w
PS:
If you use self signed certificate, don't forget to install the root CAs for the instances of nodejs and greenlight.
Related
How to start hazelcast when try configuring on redhat linux systemctl status hazelcast.service i found error cannot find main class and cannot find any documentation please help. Thank you
From your comment it's obvious you want to run the old Hazelcast IMDG version 3.12.12. This version is not supported by native package managers (as the 5.1 is).
Still, you can install this old Hazelcast as a standalone app and configure the systemd service on your own. See this example repository: https://github.com/kwart/hazelcast-linux-service/tree/3.12.z/
These would be the steps on RHEL (run them as root):
# Prerequisities
dnf install -y wget curl unzip git rsync java-1.8.0-openjdk-headless
# Clone the repo (with 3.12.z branch)
git clone -b 3.12.z https://github.com/kwart/hazelcast-linux-service.git
cd hazelcast-linux-service
# Create the hazelcast user/group
groupadd -r hazelcast
useradd -r -g hazelcast -d /opt/hazelcast -s /sbin/nologin hazelcast
# Install Hazelcast
HAZELCAST_VERSION=3.12.12
wget https://github.com/hazelcast/hazelcast/releases/download/v$HAZELCAST_VERSION/hazelcast-$HAZELCAST_VERSION.zip
unzip hazelcast-$HAZELCAST_VERSION.zip -d /opt
ln -s /opt/hazelcast-$HAZELCAST_VERSION /opt/hazelcast
# Change owner of the Hazelcast directories and links
chown -R hazelcast:hazelcast /opt/hazelcast /opt/hazelcast-$HAZELCAST_VERSION
# Copy service and config files
rsync -r etc/ /etc
# Start and enable service
systemctl daemon-reload
systemctl start hazelcast.service
systemctl enable hazelcast.service
Warning: Hazelcast 3.12.z already reached the end of the standard support. It's highly recommended to use an up-to-date version.
I'm trying to change the MongoDB default port on my AWS Virtual Machine but semanage is not found on the server
semanage port -a -t mongod_port_t -p tcp 27042
-bash: semanage: command not found
Trying to find the package that provides semanage fails.
dnf whatprovides semanage
Errors during downloading metadata for repository 'rhui-client-config-server-8':
Curl error (58): Problem with the local SSL certificate for https://rhui3.eu-west-3.aws.ce.redhat.com/pulp/mirror/protected/rhui-client-config/rhel/server/8/x86_64/os [could not load PEM client certificate, OpenSSL error error:0200100D:system library:fopen:Permission denied, (no key found, wrong pass phrase, or wrong file format?)]
Error: Failed to download metadata for repo 'rhui-client-config-server-8': Cannot prepare internal mirrorlist: Curl error (58): Problem with the local SSL certificate for https://rhui3.eu-west-3.aws.ce.redhat.com/pulp/mirror/protected/rhui-client-config/rhel/server/8/x86_64/os [could not load PEM client certificate, OpenSSL error error:0200100D:system library:fopen:Permission denied, (no key found, wrong pass phrase, or wrong file format?)]
dnf update works and the system is up-to-date
Last metadata expiration check: 0:42:00 ago on Tue 21 Jul 2020 10:11:35 AM UTC.
Dependencies resolved.
Nothing to do.
Complete!
Additional informations :
cat /etc/redhat-release
Red Hat Enterprise Linux release 8.2 (Ootpa)
dnf repolist
repo id / repo name
mongodb-org-4.2 / MongoDB Repository
rhel-8-appstream-rhui-rpms / Red Hat Enterprise Linux 8 for x86_64 - AppStream from RHUI (RPMs)
rhel-8-baseos-rhui-rpms / Red Hat Enterprise Linux 8 for x86_64 - BaseOS from RHUI (RPMs)
rhui-client-config-server-8 / Red Hat Update Infrastructure 3 Client Configuration Server 8
Could you help me to install semanage please ? Thanks.
1.dnf install policycoreutils-python-utils
2. dnf provides semanage (This displays the same result as above-the path)
3. yum provides /usr/sbin/semanage
4. yum install policycoreutils-python
I fixed my issue using this.
You can also refer this link:
https://www.ostechnix.com/linux-troubleshooting-semanage-command-not-found-in-centos-7rhel-7/
When I type in the bash of the Server apt-get update it fails, I don't know why. The error is:
E: Failed to fetch https://enterprise.proxmox.com/debian/pve/dists/buster/InRelease 401 Unauthorized [IP: 2a01:7e0:0:424::249 443]
E: The repository 'https://enterprise.proxmox.com/debian/pve buster InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
The apt package manager on the fresh Proxmox host is configured to download packages from Enterprise Repository by default. You must have a paid subscription to use this repo. If you don't have paid subscription you should switch to No-Subscription Repository.
Either delete /etc/apt/sources.list.d/pve-enterprise.list file or comment all lines in this file with #.
Create new file /etc/apt/sources.list.d/pve-no-subscription.list with content:
deb http://download.proxmox.com/debian/pve buster pve-no-subscription
Read about Proxmox package repositories here:
https://pve.proxmox.com/wiki/Package_Repositories
I came across this answer when looking for a solution to similar GPG errors when trying to update Proxmox while running the Debug terminal during a fresh install. This is a rather old question, but I haven't found a better place to give a more detailed answer other than the Proxmox forums.
As Moayad Almalat says above, you need to buy an Enterprise subscription or disable that repository and add the pve-no-subscription repository instead.
This is the easiest one-line command to add the no-sub repo (don't forget to remove or disable the enterprise repo though):
echo "deb [trusted=yes] http://download.proxmox.com/debian/pve $(lsb_release -s -c) pve-no-subscription" > /etc/apt/sources.list.d/pve-no-sub-repo.list
Once those changes are made, you need to make sure your GPG Keys for the new repositories are in place:
wget https://enterprise.proxmox.com/debian/proxmox-release-$(lsb_release -s -c).gpg -O /etc/apt/trusted.gpg.d/proxmox-release-$(lsb_release -s -c).gpg
wget http://download.proxmox.com/debian/proxmox-ve-release-5.x.gpg -O /etc/apt/trusted.gpg.d/proxmox-ve-release-5.x.gpg
If you still have GPG issues when trying to run apt update, you can make sure the GPG keys have the proper permissions by using:
chmod +r /etc/apt/trusted.gpg.d/proxmox-release-$(lsb_release -s -c).gpg
chmod +r /etc/apt/trusted.gpg.d/proxmox-ve-release-5.x.gpg
Again, as Moayad Almalat mentioned, you can read most of this on the Proxmox wiki here: https://pve.proxmox.com/wiki/Package_Repositories
I've been trying to install CouchDB on a fresh centos7 in digital ocean droplet. I get no errors trying to install with the following steps:
yum -y update
yum -y groupinstall "Development Tools"
yum -y install libicu-devel curl-devel ncurses-devel libtool libxslt fop java-1.6.0-openjdk java-1.6.0-openjdk-devel unixODBC unixODBC-devel openssl-devel
Step 2 - Installing Erlang
wget http://www.erlang.org/download/otp_src_R16B02.tar.gz
tar -zxvf otp_src_R16B02.tar.gz
cd otp_src_R16B02
./configure && make
make install
Step 3 - Installing the SpiderMonkey JS Engine
wget http://ftp.mozilla.org/pub/mozilla.org/js/js185-1.0.0.tar.gz
tar -zxvf js185-1.0.0.tar.gz
cd js-1.8.5/js/src
./configure && make
make install
Step 4 - Installing CouchDB
wget http://mirror.olnevhost.net/pub/apache/couchdb/source/1.6.1/apache-couchdb-1.6.1.tar.gz
tar -xvf apache-couchdb-1.6.1.tar.gz
cd apache-couchdb-1.6.1
./configure && make
make install
Step 5 - Setting up CouchDB
adduser --no-create-home couchdb
chown -R couchdb:couchdb /usr/local/var/lib/couchdb /usr/local/var/log/couchdb /usr/local/var/run/couchdb
ln -sf /usr/local/etc/rc.d/couchdb /etc/init.d/couchdb
chkconfig --add couchdb
chkconfig couchdb on
vi /usr/local/etc/couchdb/local.ini
Should you need to access couchdb from the web, in the [httpd] section, look for a setting called bind_address and change it to 0.0.0.0 - this will make CouchDB bind all available addresses.
[httpd]
port = 5984
bind_address = 0.0.0.0
service couchdb start
/etc/init.d/couchdb status (this has no output)
And i get the following when i try to run:
/usr/local/bin/couchdb
Apache CouchDB 1.6.1 (LogLevel=info) is starting.
{"init terminating in do_boot",{{badmatch,{error,{bad_return,{{couch_app,start,[normal,["/usr/local/etc/couchdb/default.ini","/usr/local/etc/couchdb/local.ini"]]},{'EXIT',{{badmatch,{error,{shutdown,{failed_to_start_child,couch_secondary_services,{shutdown,{",[]},{couch_uuids,new_prefix,0,[{file,"couch_uuids.erl"},{line,84}]},{couch_uuids,state,0,[{file,"couch_uuids.erl"},{line,100}]},{couch_uuids,init,1,[{file,"couch_uuids.erl"},{line,50}]},{gen_server,init_it,6,[{file,"gen_server.erl"},{line,304}]},{proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,239}]}]}}}}}}},[{couch_server_sup,start_server,1,[{file,"couch_server_sup.erl"},{line,98}]},{application_master,start_it_old,4,[{file,"application_master.erl"},{line,269}]}]}}}}}},[{couch,start,0,[{file,"couch.erl"},{line,18}]},{init,start_it,1,[]},{init,start_em,1,[]}]}}
Crash dump was written to: erl_crash.dump
init terminating in do_boot ()
Does anyone know how to get past this?
Note I get no such file or directory when trying the answer from here
Can you check if erlang-crypto is a separate module that is maybe not installed?
CouchDB doesn’t (imho rightfully) doesn’t account for distributions splitting up the monolithically released Erlang installation.
Your error is raised in the UUID module and the only thing I can think of immediately is the crypto dependency that might be missing.
(FYI: I'm following the Twitter Omniauth from railscast #241. I used Twitter successfully, now going onto Facebook)
As soon as I logged into Facebook using Omniauth, I get this error:
Faraday::Error::ConnectionFailed
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
What does this mean?
This is my code
Rails.application.config.middleware.use OmniAuth::Builder do
provider :facebook, '<key from fb>', '<another key from fb>'
end
There's actually nothing much in my code, all I have is in the sessionController that I want to use to_yaml to see what's inside the request.env
class SessionsController < ApplicationController
def create
raise request.env["omniauth.auth"].to_yaml
end
end
How do I solve the Faraday error?
I've fixed this on Mac OS X Lion 10.7.4 with this solution:
$ rvm remove 1.9.3 (or whatever version of ruby you are using)
$ rvm pkg install openssl
$ rvm install 1.9.3 --with-openssl-dir=$rvm_path/usr
after this you will need to download the missing cacert.pem file:
$ cd $rvm_path/usr/ssl
$ sudo curl -O http://curl.haxx.se/ca/cacert.pem
$ sudo mv cacert.pem cert.pem
You are getting this error because Ruby cannot find a root certificate to trust.
Fix for Windows: https://gist.github.com/867550
Fix for Apple/Linux: http://martinottenwaelter.fr/2010/12/ruby19-and-the-ssl-error/ <--This site is now down.
Here is the Apple/Linux fix according the site above:
The solution is to install the curl-ca-bundle port which contains the same root certificates used by Firefox:
sudo port install curl-ca-bundle
and tell your https object to use it:
https.ca_file = '/opt/local/share/curl/curl-ca-bundle.crt'
Note that if you want your code to run on Ubuntu, you need to set the ca_path attribute instead, with the default certificates location /etc/ssl/certs.
In the end, that’s what will work on both Mac OS X and Ubuntu:
require 'net/https'
https = Net::HTTP.new('encrypted.google.com', 443)
https.use_ssl = true
https.verify_mode = OpenSSL::SSL::VERIFY_PEER
https.ca_path = '/etc/ssl/certs' if File.exists?('/etc/ssl/certs') # Ubuntu
https.ca_file = '/opt/local/share/curl/curl-ca-bundle.crt' if File.exists('/opt/local/share/curl/curl-ca-bundle.crt') # Mac OS X
https.request_get('/')
Andrei's answer didn't work for me on Mac OSX 10.8.3. I had reinstalled openssl to install ruby 2.0 some time ago and since then always got this error. I fixed it thanks to Andrei's answer and instructions from the Rails project.
I ran:
$ rvm -v
$ rvm get head
# Installation of latest version of rvm...
$ rvm -v
# rvm 1.19.5 (master)
$ rvm osx-ssl-certs status all
# Certificates for /usr/local/etc/openssl/cert.pem: Old.
# Certificates for /Users/mpapis/.sm/pkg/versions/openssl/0.9.8x/ssl/cert.pem: Old.
$ sudo rvm osx-ssl-certs update all
# Updating certificates...
Then I checked if the certificates were correctly updated by running rvm osx-ssl-certs status all again but /usr/local/etc/openssl/cert.pem was still not updated. I don't know if that was necessary but I did the following:
$ cd /usr/local/etc/openssl/
$ curl -O http://curl.haxx.se/ca/cacert.pem
$ mv cacert.pem cert.pem
After that the problem was fixed. Hope that helps someone else who runs into the same issue.
this worked for me (on Mac OS X):
$ brew install curl-ca-bundle
$ export SSL_CERT_FILE=/usr/local/opt/curl-ca-bundle/share/ca-bundle.crt
Alternative Solution:
[I am Win7 user with manual install the Ruby and Ruby on Rails]
I have the same problem but cannot resolve by the answer that given by this question. By the way, finally, I got problem solved by following url
Facebook Redirect url in ruby on rails open ssl error
https://github.com/technoweenie/faraday/wiki/Setting-up-SSL-certificates
The RVM website suggests running rvm osx-ssl-certs update all
RVM Website: How to fix broken certificates in your operating system.
For Windows 7: the above solution link of Neil Hoff (Fix for Windows: https://gist.github.com/867550) did not work for me.
Here is what works:
Using cmd.exe:
curl -o c:\cacert.pem http://curl.haxx.se/ca/cacert.pem
set SSL_CERT_FILE=c:\cacert.pem
using msysgit bash:
curl -o /c/cacert.pem http://curl.haxx.se/ca/cacert.pem
export SSL_CERT_FILE=/c/cacert.pem
If you do not have curl on your windows 7 command line get it here:
http://www.confusedbycode.com/curl/#downloads
original solution is from here - credit to:
https://github.com/chef/chef-dk/issues/106
Dunn.
Andrei's answer worked for me, however I ran into a huge roadblock when trying to reinstall Ruby 1.9.3. Because I had installed a new version of Xcode since installing 1.9.3 I was unable to reinstall until I opened the Xcode Preferences and installed the Command Line Tools from the Downloads tab.
Check out certified gem. Description:
Ensure net/https uses OpenSSL::SSL::VERIFY_PEER to verify SSL
certificates and provides certificate bundle in case OpenSSL cannot
find one