We Keep Coding

MongoDB Compass error creating SSH Tunnel: connect EADDRINUSEt, after setting username / password on database, AWS Linux 2 (EC2)

I have setup my mongodb on AWS Linux 2 EC2 instance.
I have associated inbound rule as - SSH | TCP | 22 | to the instance.
I was able to SSH into it through MongoDB Compass by using following settings:
However as soon as I added a username password to my database using following method:
use my_database
db.createUser(
{
user: "some_user",
pwd: "some_password",
roles: [{ role: "readWrite", db: "my_database" }]
}
)
And tried to access it using following parameters:
I got following error:
Error creating SSH Tunnel: connect EADDRINUSE some_ip:22 - Local (0.0.0.0:29353)
Here is my /etc/ssh/sshd_config file content:
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
# Ciphers and keying
#RekeyLimit default none
# Logging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#PubkeyAuthentication yes
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys
#AuthorizedPrincipalsFile none
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
PermitEmptyPasswords no
#PasswordAuthentication no
# Change to no to disable s/key passwords
ChallengeResponseAuthentication yes
#ChallengeResponseAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
#KerberosUseKuserok yes
# GSSAPI options
GSSAPIAuthentication yes
GSSAPICleanupCredentials no
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
#GSSAPIEnablek5users no
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
# WARNING: 'UsePAM no' is not supported in Red Hat Enterprise Linux and may cause several
# problems.
UsePAM yes
#AllowAgentForwarding yes
AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation sandbox
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#ShowPatchLevel no
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
# no default banner path
#Banner none
# Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
# override default of no subsystems
Subsystem sftp /usr/libexec/openssh/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server
AuthorizedKeysCommand /opt/aws/bin/eic_run_authorized_keys %u %f
AuthorizedKeysCommandUser ec2-instance-connect
Am I missing anything over here?

I was running in to the exact same issue when trying to connect through an SSH tunnel. I have found a quirky solution for this issue.
I solved it by installing Studio 3T. Once opened create a new connection by clicking on Connect -> New Connection. 
Once opened set up your connection, save it, and you should be able to connect successfully. 
When this is complete do the following:
Click on Connect once again.
Right-click the saved connection and select Edit....
At the bottom left there is an option named To URI... to export the Connection String. 
And Finally select the option Include Passwords and copy the Connection String.
That's it! You can now paste it in MongoDB Compass and you should be good to go.

Kibana is not running on FreeBSD

I'm fighting with kibana since few days and I don't overcome to start it on my FreeBSD server.
This is my environment:
FreeBSD 11.1-STABLE
ElasticSearch 5.3.0
Kibana 5.3.0
Logstash 5..
ElasticSearch and Logstash work fine. But I don't overcome to start kibana service.
This is files according to kibana:
kibana.yml file:
# Kibana is served by a back end server. This setting specifies the port to use.
server.port: 5601
# Specifies the address to which the Kibana server will bind. IP addresses and host names are
both valid values.
# The default is 'localhost', which usually means remote machines will not be able to connect.
# To allow connections from remote users, set this parameter to a non-loopback address.
server.host: "0.0.0.0"
# Enables you to specify a path to mount Kibana at if you are running behind a proxy. This only affects
# the URLs generated by Kibana, your proxy is expected to remove the basePath value before forwarding requests
# to Kibana. This setting cannot end in a slash.
server.basePath: "/qual/kibana"
# The maximum payload size in bytes for incoming server requests.
#server.maxPayloadBytes: 1048576
# The Kibana server's name. This is used for display purposes.
#server.name: "your-hostname"
# The URL of the Elasticsearch instance to use for all your queries.
elasticsearch.url: "http://localhost:9200"
# When this setting's value is true Kibana uses the hostname specified in the server.host
# setting. When the value of this setting is false, Kibana uses the hostname of the host
# that connects to this Kibana instance.
#elasticsearch.preserveHost: true
# Kibana uses an index in Elasticsearch to store saved searches, visualizations and
# dashboards. Kibana creates a new index if the index doesn't already exist.
kibana.index: ".kibana"
# The default application to load.
#kibana.defaultAppId: "discover"
# If your Elasticsearch is protected with basic authentication, these settings provide
# the username and password that the Kibana server uses to perform maintenance on the Kibana
# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which
# is proxied through the Kibana server.
#elasticsearch.username: "user"
#elasticsearch.password: "pass"
# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively.
# These settings enable SSL for outgoing requests from the Kibana server to the browser.
#server.ssl.enabled: false
#server.ssl.certificate: /path/to/your/server.crt
#server.ssl.key: /path/to/your/server.key
# Optional settings that provide the paths to the PEM-format SSL certificate and key files.
# These files validate that your Elasticsearch backend uses the same key files.
#elasticsearch.ssl.certificate: /path/to/your/client.crt
#elasticsearch.ssl.key: /path/to/your/client.key
# Optional setting that enables you to specify a path to the PEM file for the certificate
# authority for your Elasticsearch instance.
#elasticsearch.ssl.certificateAuthorities: [ "/path/to/your/CA.pem" ]
# To disregard the validity of SSL certificates, change this setting's value to 'none'.
#elasticsearch.ssl.verificationMode: full
# Time in milliseconds to wait for Elasticsearch to respond to pings. Defaults to the value of
# the elasticsearch.requestTimeout setting.
#elasticsearch.pingTimeout: 1500
# Time in milliseconds to wait for responses from the back end or Elasticsearch. This value
# must be a positive integer.
#elasticsearch.requestTimeout: 30000
# List of Kibana client-side headers to send to Elasticsearch. To send *no* client-side
# headers, set this value to [] (an empty list).
#elasticsearch.requestHeadersWhitelist: [ authorization ]
# Header names and values that are sent to Elasticsearch. Any custom headers cannot be overwritten
# by client-side headers, regardless of the elasticsearch.requestHeadersWhitelist configuration.
#elasticsearch.customHeaders: {}
# Time in milliseconds for Elasticsearch to wait for responses from shards. Set to 0 to disable.
#elasticsearch.shardTimeout: 0
# Time in milliseconds to wait for Elasticsearch at Kibana startup before retrying.
#elasticsearch.startupTimeout: 5000
# Specifies the path where Kibana creates the process ID file.
pid.file: /var/run/kibana.pid
# Enables you specify a file where Kibana stores log output.
logging.dest: /var/log/kibana.log
# Set the value of this setting to true to suppress all logging output.
#logging.silent: false
# Set the value of this setting to true to suppress all logging output other than error messages.
#logging.quiet: false
# Set the value of this setting to true to log all events, including system usage information
# and all requests.
#logging.verbose: false
# Set the interval in milliseconds to sample system and process performance
# metrics. Minimum is 100ms. Defaults to 5000.
#ops.interval: 5000
# The default locale. This locale can be used in certain circumstances to substitute any missing
# translations.
#i18n.defaultLocale: "en"
/usr/local/etc/rc.d/kibana:
#!/bin/sh
#
# $FreeBSD: head/textproc/kibana5/files/kibana.in 462830 2018-02-24 14:17:41Z feld $
#
# PROVIDE: kibana
# REQUIRE: DAEMON
# KEYWORD: shutdown
. /etc/rc.subr
name=kibana
rcvar=kibana_enable
load_rc_config $name
: ${kibana_enable:="NO"}
: ${kibana_config:="/usr/local/etc/kibana.yml"}
: ${kibana_user:="www"}
: ${kibana_group:="www"}
: ${kibana_log:="/var/log/kibana.log"}
required_files="${kibana_config}"
pidfile="/var/run/${name}/${name}.pid"
start_precmd="kibana_precmd"
procname="/usr/local/bin/node"
command="/usr/sbin/daemon"
command_args="-f -p ${pidfile} env BABEL_DISABLE_CACHE=1 ${procname} /usr/local/www/kibana5/src/cli serve --config ${kibana_config} --log-file ${kibana_log}"
kibana_precmd()
{
if [ ! -d $(dirname ${pidfile}) ]; then
install -d -o ${kibana_user} -g ${kibana_group} $(dirname ${pidfile})
fi
if [ ! -f ${kibana_log} ]; then
install -o ${kibana_user} -g ${kibana_group} -m 640 /dev/null ${kibana_log}
fi
if [ ! -d /usr/local/www/kibana5/optimize ]; then
install -d -o ${kibana_user} -g ${kibana_group} /usr/local/www/kibana5/optimize
fi
}
run_rc_command "$1"
/etc/rc.conf:
kibana_enable="YES"
But when I execute: service kibana start
I get:
root#server:/var/log # service kibana start
Starting kibana.
root#server:/var/log # service kibana status
kibana is not running.
I don't know why ?

Start the service in debug mode
sh -x /usr/local/etc/rc.d/kibana start
find which command is used to start the kibana service. For kibana, the command should be something like /usr/local/bin/node /usr/local/www/kibana6/src/cli serve --config /usr/local/etc/kibana/kibana.yml
Start the process in foreground
It is possible that node is not properly installed or some permission issue.

Linux Ubuntu apache2 config

I have a question about the apache2 config on Linux.
can someone give me the content and location
for the apache2 config file in Ubuntu18.04?
I have problems, because the .htaccess files are not processed( routing and indexing).
Thank you for your time
:-)

the location is: /etc/apache2/sites-available/000-default.conf
And my content is:
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /var/www/html>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
Allow from all
</Directory>
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
Don't forget to restart the service:
sudo a2ensite 000-default.conf
sudo systemctl restart apache2.service

ProFTPD Version 1.3.5d ExtendedLog is not working?

I am a beginner in Linux. I am using Plesk onyx with 17.5.3 Ubuntu 16.04 1705170317.16. My ExtendedLog configured in /etc/proftpd.conf is not working.
Following is my /etc/proftpd.conf
#
# To have more informations about Proftpd configuration
# look at : http://www.proftpd.org/
#
# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use. It establishes a single server
# and a single anonymous login. It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.
ServerName "ProFTPD"
#ServerType standalone ServerType inetd DefaultServer on LogFormat nijin "%t %h %u %D
%f \"%r\" %s %b" ExtendedLog /var/log/ftp.log ALL nijin <Global
DefaultRoot ~ psacln AllowOverwrite on
<IfModule mod_tls.c
# common settings for all virtual hosts
TLSEngine on
TLSRequired off
TLSLog /var/log/plesk/ftp_tls.log
TLSRSACertificateFile /usr/local/psa/admin/conf/httpsd.pem
TLSRSACertificateKeyFile /usr/local/psa/admin/conf/httpsd.pem
# Authenticate clients that want to use FTP over TLS?
TLSVerifyClient off
# Allow SSL/TLS renegotiations when the client requests them, but
# do not force the renegotations. Some clients do not support
# SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
# clients will close the data connection, or there will be a timeout
# on an idle data connection.
TLSRenegotiate none
# As of ProFTPD 1.3.3rc1, mod_tls only accepts SSL/TLS data connections
# that reuse the SSL session of the control connection, as a security measure.
# Unfortunately, there are some clients (e.g. curl) which do not reuse SSL sessions.
TLSOptions NoSessionReuseRequired </IfModule PassivePorts 50001 50100 </Global DefaultTransferMode binary UseFtpUsers
on
TimesGMT off SetEnv TZ :/etc/localtime
# Port 21 is the standard FTP port. Port 21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable. Umask 022
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd) MaxInstances 30
#Following part of this config file were generate by PSA automatically
#Any changes in this part will be overwritten by next manipulation
#with Anonymous FTP feature in PSA control panel.
#Include directive should point to place where FTP Virtual Hosts configurations
#preserved
ScoreboardFile /var/run/proftpd_scoreboard
# Primary log file mest be outside of system logrotate province
TransferLog /var/log/plesk/xferlog
#Change default group for new files and directories in vhosts dir to psacln
<Directory /var/www/vhosts
GroupOwner psacln </Directory
# Enable PAM authentication AuthPAM on AuthPAMConfig proftpd
IdentLookups off UseReverseDNS off
AuthGroupFile /etc/group
Include /etc/proftpd.d/*.conf
This is my customized configuration file. Added ExtendedLog /var/log/ftp.log in my configuration file. But extended log /var/log/ftp.log is not created yet. I touch this file manually but no use, logs are not populating.
Any answers will be appreciated.

Update: the permissions were set to 664

Try to set non-world writable permissions to /var/log/ftp.log as it recommended at http://www.proftpd.org/docs/directives/linked/config_ref_ExtendedLog.html
I have tested it by the following steps and it worked:
echo "ExtendedLog /var/log/ftp.log read,write" >> /etc/proftpd.conf
touch /var/log/ftp.log && chmod 644 /var/log/ftp.log
upload a test file
check the log:root#server:/# cat /var/log/ftp.log
192.168.34.219 UNKNOWN mario [14/Jun/2017:11:38:20 +0700] "STOR Google Chrome.lnk" 226 2356

forward requests to cpanel server through haproxy

I deployed an loadbalanced infrustructure. I am using haproxy as the loadbalancer and cpanel as backend webservers. I created a test host on the cpanel, and I can see the site in browser when I configure the website in my /etc/host with the cpanel server ip address. But when I change the ip to the loadbalancer it forwards the requests to /usr/local/apache/htdocs/ and I get the default cpanel server page. What configurations should I use in haproxy to redirects requests correctly?
Any help is appreciated.
# Global settings
#---------------------------------------------------------------------
global
log 127.0.0.1 local2 #Log configuration
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy #Haproxy running under user and group "haproxy"
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
#---------------------------------------------------------------------
#HAProxy Monitoring Config
#---------------------------------------------------------------------
listen haproxy2-monitoring *:8080 #Haproxy Monitoring run on port 8080
mode http
option forwardfor
option httpclose
stats enable
stats show-legends
stats refresh 5s
stats uri /stats #URL for HAProxy monitoring
stats realm Haproxy\ Statistics
stats auth lb2:F6khdTrt9g #User and Password for login to the monitoring dashboard
stats admin if TRUE
default_backend app-main #This is optionally for monitoring backend
#---------------------------------------------------------------------
# FrontEnd Configuration
#---------------------------------------------------------------------
frontend main
bind *:80
default_backend app-main
#---------------------------------------------------------------------
# BackEnd roundrobin as balance algorithm
#---------------------------------------------------------------------
backend app-main
balance roundrobin #Balance algorithm
application is up and healty - 200 status code
server cpanel1 192.168.1.110:80 check
server cpanel2 192.168.1.111:80 check
Cpanel apache config:
Listen 0.0.0.0:80
# BEGIN: HTTP vhosts list
<VirtualHost 88.99.219.13:80>
ServerName wiki.serversetup.ir
ServerAlias mail.wiki.serversetup.ir www.wiki.serversetup.ir
DocumentRoot /home/wiki/public_html
ServerAdmin webmaster#wiki.serversetup.ir
UseCanonicalName Off
CustomLog /etc/apache2/logs/domlogs/wiki.serversetup.ir combined
<IfModule log_config_module>
<IfModule logio_module>
CustomLog /etc/apache2/logs/domlogs/wiki.serversetup.ir-bytes_log "%{%s}t %I .\n%{%s}t %O ."
</IfModule>
</IfModule>
## User wiki # Needed for Cpanel::ApacheConf
<IfModule userdir_module>
<IfModule !mpm_itk.c>
<IfModule !ruid2_module>
UserDir disabled
UserDir enabled wiki
</IfModule>
</IfModule>
</IfModule>
# Enable backwards compatible Server Side Include expression parser for Apache versions >= 2.4.
# To selectively use the newer Apache 2.4 expression parser, disable SSILegacyExprParser in
# the user's .htaccess file. For more information, please read:
# http://httpd.apache.org/docs/2.4/mod/mod_include.html#ssilegacyexprparser
<IfModule include_module>
<Directory "/home/wiki/public_html">
SSILegacyExprParser On
</Directory>
</IfModule>
<IfModule suphp_module>
suPHP_UserGroup wiki wiki
</IfModule>
<IfModule suexec_module>
<IfModule !mod_ruid2.c>
SuexecUserGroup wiki wiki
</IfModule>
</IfModule>
<IfModule ruid2_module>
RMode config
RUidGid wiki wiki
</IfModule>
<IfModule mpm_itk.c>
# For more information on MPM ITK, please read:
# http://mpm-itk.sesse.net/
AssignUserID wiki wiki
</IfModule>
<IfModule alias_module>
ScriptAlias /cgi-bin/ /home/wiki/public_html/cgi-bin/
</IfModule>
# To customize this VirtualHost use an include file at the following location
# Include "/etc/apache2/conf.d/userdata/std/2_4/wiki/wiki.serversetup.ir/*.conf"
</VirtualHost>
# END: HTTP vhosts list