We Keep Coding

TLS encrypted PostgreSQL connection not possible

I would like to establish a TLS encrypted connection to a PostgreSQL 11 database using Tokio as the framework, Deadpool as the connection pooler and rustls as TLS library.
I developed/modified the following code:
let pool = if let Some(ca_cert) = settings.db_ca_cert {
let mut tls_config = ClientConfig::new();
let cert_file = File::open(&ca_cert)?;
let mut buf = BufReader::new(cert_file);
tls_config.root_store.add_pem_file(&mut buf).map_err(|_| {
anyhow::anyhow!("failed to read database root certificate: {}", ca_cert)
})?;
let tls = MakeRustlsConnect::new(tls_config);
settings.pg.create_pool(tls)?
} else {
settings.pg.create_pool(NoTls)?
};
My test scenario is taken from here:
PostgreSQL 11 docker container (including TLS turned on)
TLS was already tested successfully with the psql client
I now get the following error message and can't explain the problem. I already checked the access rights and other parameters.
/usr/local/bin/cargo run --color=always
Finished dev [unoptimized + debuginfo] target(s) in 0.20s
Running `target/debug/tokio-postgres-rustls-connection-pool-demo`
DEBUG tokio_postgres_rustls_connection_pool_demo > settings: Settings { pg: Config { user: Some("postgres"), password: Some("postgres"), dbname: Some("postgres"), options: Some("sslrootcert=/xxx/tokio-postgres-rustls-connection-pool-demo/docker/files/cert/ca.pem"), application_name: None, ssl_mode: None, host: Some("127.0.0.1"), hosts: None, port: Some(6432), ports: None, connect_timeout: None, keepalives: None, keepalives_idle: None, target_session_attrs: None, channel_binding: None, manager: None, pool: None }, db_ca_cert: None }
Error: Backend(Error { kind: Connect, cause: Some(Os { code: 2, kind: NotFound, message: "No such file or directory" }) })
I looked at the logs of the database and could identify the following error:
[86] LOG: XX000: could not accept SSL connection: Success
[86] LOCATION: be_tls_open_server, be-secure-openssl.c:408
How can I solve the problem?

nodemailer: message queued but not sent

I am working with nodemailer to send email using custom SMTP server.
let transporter = nodemailer.createTransport({
host: 'my.smtp.host',
port: 587,
secure: false,
auth: {
user: 'user',
pass: 'password',
},
debug: true,
logger: true
})
let info = await transporter.sendMail({
from: from,
to: to,
subject: subject,
text: content,
html: content,
cc: cc,
bcc: bcc,
})
Following is the result of sendMail.
{
accepted: [
'to#to.com'
],
rejected: [],
envelopeTime: 39,
messageTime: 49,
messageSize: 1730,
response: '250 2.0.0 Ok: queued as 5513B432BE6',
envelope: {
from: 'from#from.com',
to: [
'to#to.com'
]
},
messageId: '<274421c8-1abd-4973-dd8e-f57285b46a70#from.com>'
}
And following is log message.
...
[2021-06-09 19:00:21] INFO [StdWZWNkAto] <1730 bytes encoded mime message (source size 1693 bytes)>
[2021-06-09 19:00:21] DEBUG [StdWZWNkAto] S: 250 2.0.0 Ok: queued as 5513B432BE6
[2021-06-09 19:00:21] DEBUG [StdWZWNkAto] Closing connection to the server using "end"
I already tested this SMTP server with other tools and it works correctly.
What's wrong?
Please help me.

Well, this means that nodemailer successfully send the email and now it is in the queue of your custom SMTP server, so you have to deal with it. For instance, sendmail allows to see the queue via mailq command and resend via sendmail -q (or sendmail -q -v for more information). If you need more details, you should provide info about your SMTP server.

How to implement modules in ejabberd?

I am new on the XMPP server ejabberd. I installed ejabberd on ubuntu from this link: https://docs.ejabberd.im/admin/installation/#install-on-linux. I am using the default ejabberd.yml file which is present in ejabberd-20.07/conf folder. Here is my ejabberd.yml file:
hosts:
- "faiqkhan-VirtualBox"
loglevel: 4
log_rotate_size: 10485760
log_rotate_count: 1
certfiles:
- "/home/faiqkhan/ejabberd-20.07/conf/server.pem"
## - "/etc/letsencrypt/live/localhost/fullchain.pem"
## - "/etc/letsencrypt/live/localhost/privkey.pem"
ca_file: "/home/faiqkhan/ejabberd-20.07/conf/cacert.pem"
listen:
-
port: 5222
ip: "::"
module: ejabberd_c2s
max_stanza_size: 262144
shaper: c2s_shaper
access: c2s
starttls_required: false
-
port: 5269
ip: "::"
module: ejabberd_s2s_in
max_stanza_size: 524288
-
port: 5443
ip: "::"
module: ejabberd_http
tls: true
request_handlers:
"/admin": ejabberd_web_admin
"/api": mod_http_api
"/bosh": mod_bosh
"/captcha": ejabberd_captcha
"/upload": mod_http_upload
"/ws": ejabberd_http_ws
"/oauth": ejabberd_oauth
-
port: 5280
ip: "::"
module: ejabberd_http
request_handlers:
"/admin": ejabberd_web_admin
-
port: 1883
ip: "::"
module: mod_mqtt
backlog: 1000
s2s_use_starttls: optional
acl:
local:
user_regexp: ""
loopback:
ip:
- 127.0.0.0/8
- ::1/128
- ::FFFF:127.0.0.1/128
admin:
user:
- "admin#faiqkhan-VirtualBox"
access_rules:
local:
allow: local
c2s:
deny: blocked
allow: all
announce:
allow: admin
configure:
allow: admin
muc_create:
allow: local
pubsub_createnode:
allow: local
trusted_network:
allow: local
api_permissions:
"console commands":
from:
- ejabberd_ctl
who: all
what: "*"
"admin access":
who:
access:
allow:
acl: loopback
acl: admin
oauth:
scope: "ejabberd:admin"
access:
allow:
acl: loopback
acl: admin
what:
- "*"
- "!stop"
- "!start"
"public commands":
who:
ip: 127.0.0.1/8
what:
- status
- connected_users_number
shaper:
normal: 1000
fast: 50000
shaper_rules:
max_user_sessions: 10
max_user_offline_messages:
5000: admin
100: all
c2s_shaper:
none: admin
normal: all
s2s_shaper: fast
max_fsm_queue: 10000
acme:
contact: "mailto:admin#faiqkhan-VirtualBox"
ca_url: "https://acme-v02.api.letsencrypt.org/directory"
modules:
mod_adhoc: {}
mod_admin_extra: {}
mod_announce:
access: announce
mod_avatar: {}
mod_blocking: {}
mod_bosh: {}
mod_caps: {}
mod_carboncopy: {}
mod_client_state: {}
mod_configure: {}
mod_disco: {}
mod_fail2ban: {}
mod_http_api: {}
mod_http_upload:
put_url: https://#HOST#:5443/upload
mod_last: {}
mod_mam:
## Mnesia is limited to 2GB, better to use an SQL backend
## For small servers SQLite is a good fit and is very easy
## to configure. Uncomment this when you have SQL configured:
## db_type: sql
assume_mam_usage: true
default: never
mod_mqtt: {}
mod_muc:
access:
- allow
access_admin:
- allow: admin
access_create: muc_create
access_persistent: muc_create
access_mam:
- allow
default_room_options:
allow_subscription: true # enable MucSub
mam: false
mod_muc_admin: {}
mod_offline:
access_max_user_messages: max_user_offline_messages
mod_ping: {}
mod_privacy: {}
mod_private: {}
mod_proxy65:
access: local
max_connections: 5
mod_pubsub:
access_createnode: pubsub_createnode
plugins:
- flat
- pep
force_node_config:
## Avoid buggy clients to make their bookmarks public
storage:bookmarks:
access_model: whitelist
mod_push: {}
mod_push_keepalive: {}
mod_register:
## Only accept registration requests from the "trusted"
## network (see access_rules section above).
## Think twice before enabling registration from any
## address. See the Jabber SPAM Manifesto for details:
## https://github.com/ge0rg/jabber-spam-fighting-manifesto
ip_access: all
mod_roster:
versioning: true
mod_s2s_dialback: {}
mod_shared_roster: {}
mod_stream_mgmt:
resend_on_timeout: if_offline
mod_vcard: {}
mod_vcard_xupdate: {}
mod_version:
show_os: false
mod_stanza_ack: {}
I try the given code in the link question Ejabberd return message to sender hook / message receipts and added my module in ejabberd.yml file which is in the last line of the above code. I create mod_stanza_ack.erl file and compile the file using command
./erlc mod_stanza_ack.erl
and get mod_stanza_ack.beam file. I coped mod_stanza_ack.beam file to ejabberd-20.07/lib/ejabberd-20.07/ebin folder where all the module files are present. Then I start ejabberd server using
./ejabberdctl live
command to view logs. Module works for me but on the server-side, it always crashes with an error
**Hook user_send_packet crashed when running mod_stanza_ack:on_user_send_packet/1:
** exception error: undefined function mod_stanza_ack:on_user_send_packet/1
in function ejabberd_hooks:safe_apply/4 (src/ejabberd_hooks.erl, line 236)
in call from ejabberd_hooks:run_fold1/4 (src/ejabberd_hooks.erl, line 217)
in call from ejabberd_c2s:handle_authenticated_packet/2 (src/ejabberd_c2s.erl, line 484)
in call from xmpp_stream_in:process_authenticated_packet/2 (src/xmpp_stream_in.erl, line 714)
in call from xmpp_stream_in:handle_info/2 (src/xmpp_stream_in.erl, line 404)
in call from p1_server:handle_msg/8 (src/p1_server.erl, line 696)
in call from proc_lib:init_p_do_apply/3 (proc_lib.erl, line 249)**.
Did I miss something? Or using deprecated functions?

Well, that example source code is six years old, and ejabberd development API has changed since then. I've updated the example, and this compiles and starts correctly with ejabberd 20.07:
-module(mod_stanza_ack).
-behaviour(gen_mod).
-include("xmpp.hrl").
-include("logger.hrl").
-include("translate.hrl").
-export([start/2, stop/1, mod_options/1, mod_doc/0, depends/2]).
-export([on_user_send_packet/1]).
start(Host, _Opts) ->
?INFO_MSG("mod_stanza_ack starting", []),
ejabberd_hooks:add(user_send_packet, Host, ?MODULE, on_user_send_packet, 0),
ok.
stop(Host) ->
?INFO_MSG("mod_stanza_ack stopping", []),
ejabberd_hooks:delete(user_send_packet, Host, ?MODULE, on_user_send_packet, 0),
ok.
on_user_send_packet({#presence{to = To, from = From} = Packet, C2SState}) ->
?INFO_MSG("mod_stanza_ack a presence has been sent coming from: ~p", [From]),
?INFO_MSG("mod_stanza_ack a presence has been sent to: ~p", [To]),
?INFO_MSG("mod_stanza_ack a presence has been sent with the following packet:~n ~p", [Packet]),
{Packet, C2SState};
on_user_send_packet({#iq{to = To, from = From} = Packet, C2SState}) ->
?INFO_MSG("mod_stanza_ack a iq has been sent coming from: ~p", [From]),
?INFO_MSG("mod_stanza_ack a iq has been sent to: ~p", [To]),
?INFO_MSG("mod_stanza_ack a iq has been sent with the following packet:~n ~p", [Packet]),
{Packet, C2SState};
on_user_send_packet({#message{to = To, from = From} = Packet, C2SState}) ->
?INFO_MSG("mod_stanza_ack a message has been sent coming from: ~p", [From]),
?INFO_MSG("mod_stanza_ack a message has been sent to: ~p", [To]),
?INFO_MSG("mod_stanza_ack a message has been sent with the following packet:~n ~p", [Packet]),
{Packet, C2SState}.
depends(_Host, _Opts) ->
[].
mod_options(_Host) ->
[].
mod_doc() ->
#{desc =>
?T("This an example module.")}.
Following your detailed step by step installation guide, I get two problems, that I describe here and how to solve them:
Compilation lacks header files.
I copy mod_stanza_ack.erl to ejabberd-20.07/bin, and then run this command:
$ ./erlc mod_stanza_ack.erl
mod_stanza_ack.erl:4: can't find include file "xmpp.hrl"
mod_stanza_ack.erl:5: can't find include file "logger.hrl"
mod_stanza_ack.erl:6: can't find include file "translate.hrl"
mod_stanza_ack.erl:12: undefined macro 'INFO_MSG/2'
mod_stanza_ack.erl:17: undefined macro 'INFO_MSG/2'
mod_stanza_ack.erl:22: undefined macro 'INFO_MSG/2'
mod_stanza_ack.erl:47: undefined macro 'T/1'
mod_stanza_ack.erl:8: function mod_doc/0 undefined
mod_stanza_ack.erl:8: function start/2 undefined
mod_stanza_ack.erl:8: function stop/1 undefined
mod_stanza_ack.erl:9: function on_user_send_packet/1 undefined
The solution is simple: provide the paths to the header files:
$ ./erlc -I ../lib/ejabberd-20.07/include/ -I ../lib/xmpp-1.4.9/include/ -I ../lib/fast_xml-1.1.43/include/ mod_stanza_ack.erl
This way the file is compiled correctly.
INFO_MSG in the source code do not produce log messages in ejabberd log file or "ejabberdctl live" console.
This is because we didn't tell the compiler to use the LAGER library. The solution is quite simple: include -DLAGER in the module compilation. So, this is the perfect compilation call:
$ ./erlc -I ../lib/ejabberd-20.07/include/ -I ../lib/xmpp-1.4.9/include/ -I ../lib/fast_xml-1.1.43/include/ -DLAGER mod_stanza_ack.erl
Now, you copy the resulting mod_stanza_ack.beam with all the other ejabberd beam files, enable the module in ejabberd.yml, and restart ejabberd, and all will work as expected

Fiware Orion - pepProxy

i'm part of a team that is developing an application that uses the Fiware GE's has part of the Smart-AgriFood accelerator.
We are using the Orion Context Broker for gathering the data provided by the sensor network, and we intend to use the Pep-Proxy to authenticate the sensor node for access the Orion instance. We have tried the following pepProxy's:
https://github.com/telefonicaid/fiware-orion-pep
https://github.com/ging/fi-ware-pep-proxy
We only have success implementing the second (fi-ware-pep-proxy) implementation of the proxy. With the fiware-orion-pep we haven't been able to connect to the Keystone Global instance (account.lab.fi-ware.org), we have tried the account.lab... and the cloud.lab..., my question are:
1) is the keystone (IDM) instance for authentication the account.lab or the cloud.lab?? and what port's to use or address's?
2) is the fiware-orion-pep prepared for authenticate at the account.lab.fi-ware.org?? here is way i ask this:
This one works with the curl command at >> cloud.lab.fiware.org:4730/v2.0/tokens
{
"auth": {
"passwordCredentials": {
"username": "<my_user>",
"password": "<my_password>"
}
}
}'
This one does't work with the curl comand at >> account.lab.fi-ware.org:5000/v3/auth/tokens
{
"auth": {
"identity": {
"methods": [
"password"
],
"password": {
"user": {
"domain": {
"name": "<my_domain>"
},
"name": "<my_user>",
"password": "<my_password>"
}
}
}
} }'
3) what is the implementation that i should be using for authenticate the devices or other calls to the Orion instance???
Here are the configuration that i used:
fiware-orion-pep
config.authentication = {
checkHeaders: true,
module: 'keystone',
user: '<my_user>',
password: '<my_password>',
domainName: '<my_domain>',
retries: 3,
cacheTTLs: {
users: 1000,
projectIds: 1000,
roles: 60
},
options: {
protocol: 'http',
host: 'account.lab.fiware.org',
port: 5000,
path: '/v3/role_assignments',
authPath: '/v3/auth/tokens'
}
};
fi-ware-pep-proxy (this one works), i have set the listing port to 1026 at the source code
var config = {};
config.account_host = 'https://account.lab.fiware.org';
config.keystone_host = 'cloud.lab.fiware.org';
config.keystone_port = 4731;
config.app_host = 'localhost';
config.app_port = '10026';
config.username = 'pepProxy';
config.password = 'pepProxy';
// in seconds
config.chache_time = 300;
config.check_permissions = false;
config.magic_key = undefined;
module.exports = config;
Thanks in advance for the time ... :)

The are currently some differences in how both PEP Proxies authenticate and validate against the global instances, so they do not behave in exactly the same way.
The one in telefonicaid/fiware-orion-pep was developed to fulfill the PEP Proxy requirements (authentication and validation against a Keystone and Access Control) in individual projects with their own Keystone and Keypass (a flavour of Access Control) installations, and so it evolved faster than the one in ging/fi-ware-pep-proxy and in a slightly different direction. As an example, the former supports multitenancy using the fiware-service and fiware-servicepath headers, while the latter is transparent to those mechanisms. This development direction meant also that the functionality slightly differs from time to time from the one in the global instance.
That being said, the concrete answer:
- Both PEP Proxies should be able to contact the global instance. If one doesn't, please, fill a bug in the issues of the Github repository and we will fix it as soon as possible.
- The ging/fi-ware-pep-proxy was specifically designed for accessing the global instance, so you should be able to use it as expected.
Please, if you try to proceed with the telefonicaid/fiware-orion-pep take note also that:
- the configuration flag authentication.checkHeaders should be false, as the global instance does not currently support multitenancy.
- current stable release (0.5.0) is about to change to next version (probably today) so maybe some of the problems will solve with the update.
Hope this clarify some of your doubts.

[EDIT]
1) I have already install the telefonicaid/fiware-orion-pep (v 0.6.0) from sources and from the rpm package created following the tutorial available in the github. When creating the rpm package, this is created with the following name pep-proxy-0.4.0_next-0.noarch.rpm.
2) Here is the configuration that i used:
/opt/fiware-orion-pep/config.js
var config = {};
config.resource = {
original: {
host: 'localhost',
port: 10026
},
proxy: {
port: 1026,
adminPort: 11211
} };
config.authentication = {
checkHeaders: false,
module: 'keystone',
user: '<##################>',
password: '<###################>',
domainName: 'admin_domain',
retries: 3,
cacheTTLs: {
users: 1000,
projectIds: 1000,
roles: 60
},
options: { protocol: 'http',
host: 'cloud.lab.fiware.org',
port: 4730,
path: '/v3/role_assignments',
authPath: '/v3/auth/tokens'
} };
config.ssl = {
active: false,
keyFile: '',
certFile: '' }
config.logLevel = 'DEBUG'; // List of component
config.middlewares = {
require: 'lib/plugins/orionPlugin',
functions: [
'extractCBAction'
] };
config.componentName = 'orion';
config.resourceNamePrefix = 'fiware:';
config.bypass = false;
config.bypassRoleId = '';
module.exports = config;
/etc/sysconfig/pepProxy
# General Configuration
############################################################################
# Port where the proxy will listen for requests
PROXY_PORT=1026
# User to execute the PEP Proxy with
PROXY_USER=pepproxy
# Host where the target Context Broker is located
# TARGET_HOST=localhost
# Port where the target Context Broker is listening
# TARGET_PORT=10026
# Maximum level of logs to show (FATAL, ERROR, WARNING, INFO, DEBUG)
LOG_LEVEL=DEBUG
# Indicates what component plugin should be loaded with this PEP: orion, keypass, perseo
COMPONENT_PLUGIN=orion
#
# Access Control Configuration
############################################################################
# Host where the Access Control (the component who knows the policies for the incoming requests) is located
# ACCESS_HOST=
# Port where the Access Control is listening
# ACCESS_PORT=
# Host where the authentication authority for the Access Control is located
# AUTHENTICATION_HOST=
# Port where the authentication authority is listening
# AUTHENTICATION_PORT=
# User name of the PEP Proxy in the authentication authority
PROXY_USERNAME=XXXXXXXXXXXXX
# Password of the PEP Proxy in the Authentication authority
PROXY_PASSWORD=XXXXXXXXXXXXX
In the files above i have tried the following parameters:
Keystone instance: account.lab.fiware.org or cloud.lab.fiware.org
User: pep or pepProxy or "user from fiware account"
Pass: pep or pepProxy or "user password from account"
Port: 4730, 4731, 5000
The result it's the same as before... the telefonicaid/fiware-orion-pep is unable to authenticate:
log file at /var/log/pepProxy/pepProxy
time=2015-04-13T14:49:24.718Z | lvl=ERROR | corr=71a34c8b-10b3-40a3-be85-71bd3ce34c8a | trans=71a34c8b-10b3-40a3-be85-71bd3ce34c8a | op=/v1/updateContext | msg=VALIDATION-GEN-003] Error connecting to Keystone authentication: KEYSTONE_AUTHENTICATION_ERROR: There was a connection error while authenticating to Keystone: 500
time=2015-04-13T14:49:24.721Z | lvl=DEBUG | corr=71a34c8b-10b3-40a3-be85-71bd3ce34c8a | trans=71a34c8b-10b3-40a3-be85-71bd3ce34c8a | op=/v1/updateContext | msg=response-time: 50745 statusCode: 500
result from the client console
{
"message": "There was a connection error while authenticating to Keystone: 500",
"name": "KEYSTONE_AUTHENTICATION_ERROR"
}
I'm doing something wrong here??

MongoDB with Geddy

I'd like to use MongoDB with Geddy. I've edited my "production.js" file but it seems not working... I don't remember my MondoDB username and password...
I get this error : Error: 500 Internal Server Error
production.js :
var config = {
detailedErrors: false
, hostname: null
, port: 4000
, model: {
defaultAdapter: 'mongo'
}
, db: {
mongo: {
username: 'root'
, dbname: 'anthonycluse'
, prefix: null
, password: 'root'
, host: 'localhost'
, port: 27017
}
}
};
module.exports = config;
UPDATE
Command :
geddy gen secret
config.js :
var config = {
detailedErrors: true
, debug: true
, hostname: null
, port: 4000
, model: {
defaultAdapter: 'mongo'
}
, db: {
mongo: {
dbname: 'anthonycluse'
, host: 'localhost'
, port: 27017
}
}

A few things could be going wrong here.
Try turning on detailed errors detailedErrors: true so that you can see what's going wrong in the console.
Also, it seems unlikely that your password and username would both be "root" in production. Are you running Geddy in development? In that case, you should be editing development.js.
You can see in the console output what mode (development or production) you have started geddy in.