I'm trying to serve a Yocto cache to the internet and I want to password-protect the share with basic authentication.
This works:
$ curl http://foo:bla#localhost:8081/build/old-sstate-cache/ # OK!
$ curl -u foo:bla http://localhost:8081/build/old-sstate-cache/ # OK!
However, when building Yocto, it doesn't. Here is my local.conf:
SSTATE_MIRRORS ?= "file://.* http://localhost:8081/build/old-sstate-cache/PATH;user=foo:bla"
Looking at the server logs it says 401 (Unauthorized).
Is the syntax for basic auth in the url correct for building?
Related
I was trying to follow the instructions on hosting scopes (https://bit.dev/docs/scope/running-a-scope-server).
Commands entered:
docker run -it -p 4000:3000 bitcli/bit-server:latest
http://localhost:4000
bit remote add http://localhost:4000
I get the following error after the bit remote add command:
error: scope not found at /Users/tdugger/development/bit
There must be a step missing. The browser page shown does say the following, but I'm not sure what that means.
Set "defaultScope": "remote-scope" in workspace.jsonc
file and export components here.
Thanks for your help.
Having problems when using the "sudo" command to make requests through a proxy server:
If i don't use sudo, the request goes through the proxy 10.139.212.25:8080
wget http://www.proxypronto com/
Connecting to 10.139.212.25:8080... connected.
Proxy request sent, awaiting response... 403 Forbidden (Blocked by Trustwave Secure Web Gateway)
2015-12-01 13:11:47 ERROR 403: Forbidden (Blocked by Trustwave Secure Web Gateway).
If I use sudo, the request does not go through the proxy 10.139.212.25:8080
sudo wget http://www.proxypronto com/
Resolving www.proxypronto com ... 96.31.64.186
Connecting to www.proxypronto com |96.31.64.186|:80... failed: Connection refused.
How can I make the requests to go through the proxy when using "sudo"?
Firstly, try the following comand:
sudo http_proxy=$http_proxy wget "http://stackoverflow.com"
At first glance, you need to add enviroment variables to sudoers config:
sudo visudo
add these lines
Defaults env_keep += "ftp_proxy http_proxy https_proxy no_proxy"
or, use separate lines:
Defaults env_keep +="http_proxy"
Defaults env_keep +="https_proxy"
Defaults env_keep +="HTTP_PROXY"
Defaults env_keep +="HTTPS_PROXY"
I am developing a dashboard that connects to Splunk via REST API and displays data on various charts/graphs etc. In order to get the data I have to make a POST request via curl (node.js). Everything is working great. However when I try to make a Post request with a dbxquery, it fails and returns 'fatal dbxquery unknown command.' I was wondering if anyone had encountered this before.
curl -H 'Authorization: Basic auth token' -k https://devfg.com:8089/services/search/jobs -d search=" | dbxquery query=\"SELECT count(*) FROM db.table\" connection=\"connection\"" -d output_mode=json
Are the permissions for the dbxquery command set to be executable from any app? Check under app permissions to see if the command is globally exported.
Alternatively, you may need to escape the *, so \*.
Otherwise, you should be able to run the dbxquery via a curl command.
I am now trying out the Twilio Verify API and the guides actually showed there are only two calls to the API to send the OTP to the target phone number and check if the OTP entered by end user is correct or not. I have problem with the verify code part, which return the curl error.
The OTP is successfully sent to the target phone.
This is the curl command i used to check the OTP:
curl -GET 'https://api.authy.com/protected/json/phones/verification/check' -d api_key=xxxx -d verification_code=xxxx-d phone_number=xx-d country_code=xx
This is the error message:
curl: (58) could not load PEM client certificate, OpenSSL error error:02001002:system library:fopen:No such file or directory, (no key found, wrong pass phrase, or wrong file format?)
Sorry for not reading the error message properly, I fixed it already by add the SSL cert path and private key path of the server to the curl command and it works.
curl -GET 'https://api.authy.com/protected/json/phones/verification/check' -d api_key=xxxx -d verification_code=xxxx-d phone_number=xx-d country_code=xx --cert path/to/fullchain.pem --key path/to/privkey.pem
We currently have a docker registry setup, that has security. Normally, in order to access it, from a developer's perspective, I have to do a long with the docker login --username=someuser --password=somepassword --email user#domain.com https://docker-registry.domain.com.
However, since I am currently trying to do an automatized deployment of a docker container in the cloud, one of the operations, which is the docker pull command, fails because the login was not performed (it works if I add the login in the template, but that's bad).
I was suggested to use the certificate to allow the pull from being done (.crt file). I tried installing the certificate using the steps explained here: https://www.linode.com/docs/security/ssl/ssl-apache2-centos
But it does not seem to work, I still have to do a manual login in order to be able to perform my docker pull from the registry.
Is there a way I can replace the login command by the use of the certificate?
As I see, it's wrong URL for SSL authentication between docker server and private registry server.
You can follow this:
Running a domain registry
While running on localhost has its uses, most people want their registry to be more widely available. To do so, the Docker engine requires you to secure it using TLS, which is conceptually very similar to configuring your web server with SSL.
Get a certificate
Assuming that you own the domain myregistrydomain.com, and that its DNS record points to the host where you are running your registry, you first need to get a certificate from a CA.
Create a certs directory:
mkdir -p certs
Then move and/or rename your crt file to: certs/domain.crt, and your key file to: certs/domain.key.
Make sure you stopped your registry from the previous steps, then start your registry again with TLS enabled:
docker run -d -p 5000:5000 --restart=always --name registry \
-v `pwd`/certs:/certs \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
registry:2
You should now be able to access your registry from another docker host:
docker pull ubuntu
docker tag ubuntu myregistrydomain.com:5000/ubuntu
docker push myregistrydomain.com:5000/ubuntu
docker pull myregistrydomain.com:5000/ubuntu
Gotcha
A certificate issuer may supply you with an intermediate certificate. In this case, you must combine your certificate with the intermediate's to form a certificate bundle. You can do this using the cat command:
cat domain.crt intermediate-certificates.pem > certs/domain.crt