I'm trying to install SonarQube onto a bare-metal kubernetes cluster.
All is working except for when the software inside the pod tries to make a HTTPS request.
I've checked using wget (pod doesn't have curl & cannot use ping) & using the kubernetes DNS debugging guide, however whenever I make a call such as wget https://google.com I get the following error:
Connecting to google.com (192.168.1.179:443)
ssl_client: google.com: TLS connect failed
wget: error getting response: Connection reset by peer
command terminated with exit code 1
The IP address 192.168.1.179 is the address of another server on the host network.
The resolv.conf I have (ubuntu host) is:
nameserver 1.1.1.1
nameserver 1.0.0.1
I can't figure out why this is happening or how to fix it. DNS is working but not resolving HTTPS.
I'm using Calico, kubernetes dashboard, MetalLB, ingress-nginx & sonarqube
Edit:
After restarting the host the DNS servers successfully changed to 1.1.1.1.
However, now I'm presented with the following
Connecting to google.com (142.250.204.14:443)
ssl_client: google.com: TLS connect failed
wget: error getting response: Connection reset by peer
command terminated with exit code 1
This error went away when I:
Disabled my firewall (ufw) and;
Restarted the machine for the DNS changes to take affect.
Related
I am in the process of deploying my MERN app to a Digital Ocean droplet(Ubuntu 20.04 server).
I have cloned my GitHub repo, installed the dependencies and pm2.
I start the server using the command pm2 start server/index.js.
Then when I visit the URL http://134.122.112.22:5000, I get the following error:
Why am I not able to access my site?
*Note that I have not yet bought a domain. Also I have not yet installed NGINX.
Am I missing something?
EDIT-1
I added a HTTP inbound rule in the firewall. Yet, I am receiving the same error.
You are missing the Nginx. Port 80 is open but you are trying 5000, so won't work.
You can open port 5000 in the firewall and also check ufw firewall.
ufw status
and open the port using command
sudo ufw allow 5000
Recently I've set up an Amazon EC2 instance of Ubuntu 16.04 that was authorized to scan an IP block. The version of GSA that I have installed is 7.0.3. Currently, I can locally access GSA through the EC2 instance or remotely using my public Amazon elastic IP.
Additionally, I've allowed external access to GSA's listening port from my IP block. Currently, I can access GSA without any problems using my instances static public IP over HTTPS.
The problem that I'm currently running into is accessing GSA using a FQDN.
For example, I want to be able to use https://gsa.mydomain.com
My local DNS server has an A record with the FQDN and my EC2 instances public IP.
On my instance, I ran the following command.
sudo gsad --allow-header-host gsa.mydomain.com
However, browsing to https://gsa.mydomain.com produces the following error.
"The request contained an unknown or invalid Host header. If you are trying to access GSA via its hostname or a proxy, make sure GSA is set up to allow it."
Neither restarting GSA services or my instance had no effect.
Clearly, DNS is working but the host header command is not.
Any thoughts on how I can make this happen?
Additionally, for reference, I used the following URL
https://github.com/greenbone/gsa/pull/318
In ubuntu/debian edit /etc/default/openvas-gsa file and set ALLOW_HEADER_HOST=HOSTNAME
where HOSTNAME is your host name in the browser address line.
I'm using Kali and was able to figure this out my modifying the systemd service files. Modify the file /lib/systemd/system/greenbone-security-assistant.service, adding the --allow-header-host gsa.mydomain.com to the end of the ExecStart line.
For example, change the line from:
ExecStart=/usr/sbin/gsad --foreground --listen=<internal IP> --port=<configured web server port> --mlisten=<internal IP> --mport=<configured management port>
to:
ExecStart=/usr/sbin/gsad --foreground --listen=<internal IP> --port=<configured web server port> --mlisten=<internal IP> --mport=<configured management port> --allow-header-host gsa.mydomain.com
Then run:
systemctl daemon-reload
systemctl restart greenbone-security-assistant.service openvas-manager.service openvas-scanner.service
Getting the below error while trying to execute the statement in command prompt.
C:\users\Blue mix> cf API https://api.ng.bluemix.net
Setting API endpoint to https://api.ng.bluemix.net...
Request error: Get https://api.ng.bluemix.net/v2/info: http: error connecting to
proxy http://my.proxyserver.com:8080: dial tcp : lookup my.proxy server.com: GET Address inflow : No such host is known.
TIP: If you are behind a firewall and require an HTTP proxy, verify the HTTPS_proxy environment variable is correctly set. Else, check your network connection.
FAILED
Can you please suggest how can I fix this problem ?
It looks like you have configured the https_proxy variable? https://docs.cloudfoundry.org/cf-cli/http-proxy.html.
The error message suggests that the hostname you have set for your proxy server can not be resolved to an IP address.
Update:
You can verify if your machine is able to resolve the hostname of the proxy server by pinging your proxyserver, e.g.
C:\> ping my.proxyserver.com
Ping will report if it is unable to resolve the proxy hostname to an ip address. E.g.
C:\> ping my.proxyserver.com
Ping request could not find host my.proxyserver.com. Please check the name and try again.
If it is unable to resolve to an ip address, you need to fix that problem first. See here for some tips: https://support.rackspace.com/how-to/modify-your-hosts-file/
Getting this error in instance log. I could not seek out any errors in nova or neutron log.
Checked with all configuration and everything is fine.
url_helper.py[WARNING]: Calling 'http://169.254.169.254/2009-04-04/meta-data/instance-id' failed [50/120s]: request error [(, 'Connection to 169.254.169.254 timed out. (connect timeout=50.0)')]
Anyone could help whats the actual error and how to solve it?
Probable Reason1:-
I guess you are running instances with GUI installed on them. When you install GUI on an instance(ubuntu/centos or whatever), they bring in a bunch of different services. Specially, in ubuntu, a service named "avahi" gets added and started which adds a route of 169.254/16 on the instance. This starts causing the issue as now the instance thinks that it can reach 169.254.169.254 directly rather than sending the packets to the gateway.
More details why this happens and how you can stop this can be found on this blog.
https://rahulait.wordpress.com/2016/04/02/metadata-failure-with-ubuntu-desktop-on-openstack/
Probable Reason2:-
If you have a private-network and it is not connected to any "router", the gateway interface for that private-network will be down. For communicating to metadata service, the packets needs to be sent to gateway of network, which would not be reachable in this case and hence you would see these logs.
I hope it helps.
In my case this error raised because the L3 agent was down due to some corruption in the ini file. Check if there is an agent down in neutron:
openstack network agent list
Fix the issue (check the log at /var/log/neutron and restart the service)
service neutron-l3-agent restart
This happened to me on a node that was still running nova-network from a previous configuration.
The effect on the faulty node was this (bad):
# curl -v http://169.254.169.254/openstack
* Hostname was NOT found in DNS cache
* Trying 169.254.169.254...
* connect to 169.254.169.254 port 80 failed: Connection refused
* Failed to connect to 169.254.169.254 port 80: Connection refused
* Closing connection 0
curl: (7) Failed to connect to 169.254.169.254 port 80: Connection refused
...instead of this (good):
# curl -v http://169.254.169.254/openstack
* Hostname was NOT found in DNS cache
* Trying 169.254.169.254...
* Immediate connect fail for 169.254.169.254: Network is unreachable
* Closing connection 0
curl: (7) Couldn't connect to server
If this is the case get rid of the legacy service on your node and enjoy.
I can't connect to ContextBroker from another machine, even a machine in the same LAN.
Accessing by ssh without any problem
ssh geezar#192.168.1.115
and then
curl localhost:1026/statistics
the terminal shows the statistics, all right
<orion>
<xmlRequests>3</xmlRequests>
<jsonRequests>1</jsonRequests>
<updates>1</updates>
<versionRequests>1</versionRequests>
<statisticsRequests>2</statisticsRequests>
<uptime_in_secs>84973</uptime_in_secs>
<measuring_interval_in_secs>84973</measuring_interval_in_secs>
</orion>
But when I try without ssh connection...
curl 192.168.1.115:1026/statistics
curl: (7) Failed to connect to 192.168.1.115 port 1026: No route to host
Even, I routed the port 1026 to that machine (192.168.1.115) on the router configuration, and tried to access from my public IP, the result is the same, failed to connect
I think I am missing something, but.. what is it?
The most probable causes of this problem are:
Something in the host (e.g a firewall or security group) is blocking the incoming connection
Something in the client (e.g a firewall) is blocking the outcoming connection
There is some other network issue is causing the connection problem.
EDIT: in GNU/Linux system, iptables is usually used as firewall. It can be disabled typically running iptables -F.