Config Server in Play framework 2.7 - scala

I am implementing a web socket server application using play framework 2.7
I would like to implement a remote configuration where all the application's
configuration should reside in a github.
When i searched for documents to implement it, i found below url,
https://github.com/play-rconf
but accessing configuration from github is not listed.
Is there any better way or document do access the config server from github (like in Spring) ?

You can try play-rconf-http by specifying a URL of your config file:
remote-configuration {
## Provider - HTTP
# ~~~~~
# Retrieves configuration from a simple HTTP server
http {
# URL where is located the configuration file to fetch. You can
# use basic authentication
url = "https://raw.githubusercontent.com/<user>/<repo>/<branch>/<path-to-file>"
url = ${?REMOTECONF_HTTP_URL}
}
}
You can use basic authentication as well.
Look Download single files from GitHub for more info regarding GitHub link.

Related

Unable to update composer in a Symfony project

I just imported a Symfony project from GitHub to Intellij IDEA. I used the usual method : https://www.jetbrains.com/help/phpstorm/2016.2/cloning-a-repository-from-github.html
Now I want to update composer and start working. But when I type the command line :
composer update
I got this error :
your configuration does not allow connections to http://packagist.org/packages.json...
And I can't continue. Please where I'm wrong ?
Newer versions of Composer do not allow connections via unsecured HTTP anymore by default:
Defaults to true. If set to true only HTTPS URLs are allowed to be downloaded via Composer. If you really absolutely need HTTP access to something then you can disable it, but using Let's Encrypt to get a free SSL certificate is generally a better alternative.
Source
To resolve this, make sure to use HTTPS to connect to the repositories, or change your Composer config.
If your resource URL is secured (using ssl) add https:// in front of your URL.
If you want to allow not secured connection add:
"config": {
"secure-http": false
},
in your composer.json
warning: Please note that is always a good practice to use ssl certificates and allow only secured connections.

How to configure Mongodb MMS to go via a Proxy?

How to I change the monitoring-agent.config to go out via proxy with authentication?
The change log states...
Monitoring Agent 2.3.1.89-1
Released 2014-07-08
Added support for HTTP proxy configuration in the agent configuration file.
But I can't see how to do this.
Following wdberkeley's link I can add this value to the monitoring-agent.config file.
httpProxy=http://"pxproxy01":3128
But this gives..
Failure getting conf. Op: Get Err: Proxy Authentication Required
Is there anyway to set the authentication user/password ?
Edit file:
C:\MMSData\Monitoring\monitoring-agent.config
Add line...
httpProxy=http://<insert_server_address>:<insert_port>
e.g.
httpProxy=http://PROXY01.server.com:3128
Then get the proxy control team, who ever they be, to exclude the following from requiring authentication.
https://mms.mongodb.com 80
https://mms.mongodb.com 443
This has worked for me. I now have the MMS Agent on Windows sending stat's to the MMS service.
Thanks to #wdberkeley for starting me off on this route.
wdberkeley, the page you linked to does not exist & the classic page PDF & HTTP versions state 'HTTP_PROXY' not 'httpproxy' (on OSx section & tar.gz section), section '6.6 Monitoring Agent Configuration' does state the correct property name 'httpproxy'.

Disable /rest URL in ColdFusion10

Our problem with ColdFusion 10 is that there is the /rest/ URL binded. In our application we have a rest service ourselves. Since ColdFusion 10 it will not work because the URL is already defined and our requests won't get through. Is there any way to disable /rest/ completely? Or do we have to rename our service?
I also tried to edit the axis2.xml file
<parameter name="disableREST" locked="true">true</parameter>
<parameter name="restPath">restdisabled</parameter>
But that won't effect anything on the server.
Thanks in advance!
Disclaimer: I have not tried this and do not have a ColdFusion 10 installation nearby to verify
There is a servlet mapping defined in the web.xml file that defines how to handle /rest/ requests for ColdFusion. So you should be able to rename that URI to something else for your implementation. The web.xml file is located under the wwwroot\WEB-INF directory on your ColdFusion server.
I found some reference to this here - Getting started with RESTful web services in ColdFusion (under the Accessing a REST Service through HTTP section)
That documentation also mentioned updating the uriworkermap.properties file. Here is an excerpt from that page:
rest in the URL specifies that the request is for a REST service. ColdFusion has a servlet mapping for the same and would direct the request to the servlet that handles REST service. If there is a directory in the server webroot with the same name, you must update the servlet mapping in web.xml file inside wwwroot\WEB-INF directory. Also, you must update the same mapping in the uriworkermap.properties file located under the config\wsconfig\1 of the server directory.
You will need to restart the ColdFusion service after making any changes to these files.
While this will not disable the functionality in ColdFusion it will allow your services to respond under the /rest/ URI because ColdFusion will be listening under a different one that you define.

"RA layer request failed" error with Subclipse, no errors with web browser

I'm using STS 2.8.1 (I think it's based on Eclipse Indigo) with Subclipse 1.6.18.
I'm trying to check some code out from a repository, but when I add the repository location, I get the following error:
RA layer request failed
svn: Server sent unexpected return value (503 Service Unavailable) in response to OPTIONS request for 'http://a.b.com:18080/svn/myproject'
The thing is, if I try to access that repository from a web browser (e.g. Chrome or IE), I'm allowed to access it. It asks for my username and password, and after I enter them, I can see the project tree.
Does anyone know why I can access from the web browser but not from STS?
The proxy settings are configured correctly for Subclipse (and I can access other repositories from STS, but not that one).
This is usually due to an SVN setting (c:\Documents and Settings\_username_\Application Data\Subversion\servers or ~/.subversion/servers) overriding an Eclipse setting.
Or one of those settings could have the wrong password for the proxy.
However, the OP Neets reports:
I'm able to connect to other repository locations (so the proxy password is correct)
I solved it, adding the corresponding exception in the servers file, like this:
http-proxy-exceptions = exception.com
That is compliant with what describes the openDNS article Configuring Subversion to Use a Proxy Server:
http-proxy-exceptions
This specifies a set of repository addresses for which you don't need to access a proxy server. For example, if you have a repository on your local LAN, then you probably won't need a proxy to access it.
This should be a comma-delimited list of servers, and you can use an asterisk as a wildcard.
If all of the repositories that you will access require you to use a proxy server, then you can leave this out.
The following shows a sample configuration that will use a proxy server to access all servers outside of the example.com domain:
[global]
http-proxy-exceptions = *.example.com
http-proxy-host = proxy.example.com
http-proxy-port = 8080
http-proxy-username = myuserid
http-proxy-password = mypassword

Protecting click once web deployed installations

I have a link on my website to the standard publish page generated by Visual Studio. My concern is that if anybody finds out the URL to that page, they can download my software. Sure, I could password protect the page with the link, but it still would not be protecting the download URL. Are there any ways to secure the click once upload? I have looked around, and it seems like I am stuck in this sense.
Public URL is a security issue in ClickOnce Deployment. However, there is a solution for your problem if your web server has windows and .NET installed. Tell me if you have one ? I will have to come up with another workaround for Linux web server in case you have that.
Brief
Firstly, a bit of information about ClickOnce deployment. When you deploy the application, the GET requests on the server made are (assuming WebDir is the publish directory on the server)
G-1. GET /WebDir/setup.exe (Initial download)
G-2. GET /WebDir/MyApp.Application (setup.exe -url request)
G-3. GET /WebDir/MyApp.Application (.application deployment provider URL request)
G-4. GET /WebDir/Application Files/MyApp_1_0_0_0/MyApp.exe.manifest (Application manifest request)
G-5. GET /WebDir/Application Files/MyApp_1_0_0_0/MyApp.exe.deployand other .deploy files ... (Application file requests)
Implementation
Now, the solution is to intercept these file requests on the server. On IIS, you can attach a custom HTTPHandler and handle the request. On Apache, you can redirect requests to a PHP code using .htaccess files. Apart from this, you will have to generate unique identifier uid for client instances downloaded from the server (can be your license key) and put that in the deployment provider URL query parameters.
Directory Structure
Create an "Application" folder inside your WebDir and restrict access to /WebDir/Application/. Rest everything can be there inside /WebDir/
File Requests
So here's what you do on a Apache web server hosted on a windows machine:
Create a custom download page or use the one created from publishing the application using Visual Studio (but you will have to edit it manually!). Let's assume that page is /WebDir/Download.php
After authenticating user from Download.php, you have to send setup.exe from your code (can do it with readfile() in PHP) to the user. However, the catch is bootstrapper (setup.exe) after installing will do a GET request [G-2]. Don't forget now, that you have to validate this file request. So basically you change the "setup.exe -url" property to include uid before returning the file. For eg: change it to /WebDir/uid/MyApp.Application [G-2]. You can use MsiStuff.exe to change the URL property for the bootstrapper.
Using a .htaccess file, rewrite [G-2] to /WebDir/Handler.php?user=uid. From Handler.php, you can check if it is a valid uid. If it is valid, you will have to include the uid in the deployment provider URL and "Dependent Assemblies Path" in deployment manifest so that if an upgrade request comes (It essentially requests the deployment manifest), you can validate the user there too. Add uid to query string parameters. For eg: change it to /WebDir/MyApp.application?user=uid [G-3]. Don't forget that you will have to resign the manifests once you modify them. Use Mage or write your own code to do that.
So finally, the GET requests on the server will be (assuming uid=1f3rd)
G-1. GET /WebDir/Download.phpAction: return setup.exe with the -url changed
G-2. GET /WebDir/Application/setup.exe/1f3rd/MyApp.ApplicationAction: redirect, validate user, change URL, re-sign and return file
G-3. GET /WebDir/Application/setup.exe/MyApp.Application?user=1f3rdAction: redirect, validate user and return file
G-4. GET /WebDir/Application/1f3rd/Application Files/MyApp_1_0_0_0/MyApp.exe.manifestAction: redirect, validate user and return file
G-5. GET /WebDir/Application/1f3rd/Application Files/MyApp_1_0_0_0/MyApp.exe.deployand other .deploy files ...Action: redirect, validate user and return file
Pros
Application is successfully deployed and upgraded only if all the requests have a valid uid in the URL present.
You can now identify different instances of application on client systems. You can track the update history, do a selective version upgrade/downgrade and much more !
Cons
You will need a windows server to implement the above since you need mage.exe | your-own-.NET-code-signing-application and Msistuff.exe.
You may have minor performance issues since you are performing validation on every file request. You can choose to skip validation on .manifest and .deploy file requests.
You will have to ensure proper security for companies certificate which will be present on the web server for signing (You can store it on the server local file-system if you have the full server to yourself. In that case, it is fine unless somebody breaks into machine itself !)
If you want me to make something clear or explain in detail, feel free to ask. In case you have suggestions for modification to the above, post that too.
I will write a detailed CodeProject article if I have spare time someday.