How do I deploy to nexus (hosted by secureci)? - deployment

Like recommended in a previous SO-Answer I'm running a VmWare image of secureci as a preconfigured development infrastructure containing maven, nexus, hudson, svn.
Now I want to configure maven on my Windows XP machine to deploy its artifacts to nexus. But when I configure my pom.xml like this (taken from Deploying Artifacts to Nexus):
<distributionManagement>
<!-- use the following if you're not using a snapshot version. -->
<repository>
<id>nexus</id>
<name>RepositoryProxy</name>
<url>scp://192.168.0.197/nexus/content/repositories/releases</url>
</repository>
<!-- use the following if you ARE using a snapshot version. -->
<snapshotRepository>
<id>nexus</id>
<name>RepositoryProxy</name>
<url>scp://192.168.0.197/nexus/content/repositories/snapshots</url>
</snapshotRepository>
</distributionManagement>
... mvn deploy prints the error message:
Error deploying artifact: Exit code: 1 -
mkdir: cannot create directory `/nexus': Permission denied
In settings.xml I configured username and password like this:
<servers>
<server>
<id>nexus</id>
<username>tangens</username>
<password>********</password>
</server>
</servers>
Question: What configuration do I have to use for deploying to nexus?
I already tried https instead of scp, but with this maven ran into problems with missing certificates.
I tried http instead of scp, but secureci has a firewall installed to block access to port 80 (http), causing a timeout.
EDIT:
I found that nexus stores its artifacts at /root/sonatype-work/nexus/storage/snapshots/. But I don't like the idea to enter the credentials of the root account in my settings.xml.
EDIT:
Q: Did you enabled deployment for a hosted repository under Nexus?
Yes, it's enabled by default.
Q: Is Nexus listening on port 80?
There is an apache running on port 80.
Server: Apache/2.2.8 (Ubuntu) DAV/2 SVN/1.4.6 mod_ssl/2.2.8 OpenSSL/0.9.8g mod_wsgi/1.3 Python/2.5.2
Q: If a firewall is not allowing HTTP, why don't you just add an exception for HTTP connections from the "host" IP?
Because I assumed SecureCI is well configured and there should be a way to do it without tweaking the installation. But perhaps I'm too naive here.

The error is clear: the user tangens doesn't have the permission to create /nexus on the remote machine. Actually, your scp url is not correct and isn't pointing to the right location as you mentioned it. You'd have to give the user tangens the right permission or to configure sshd to allow root to connect but this is not a good idea.
Having that said, I don't think that scp is the way to go with Nexus. If you deploy using scp, Nexus won't be notified of the deployment and your artifacts won't be visible. According to Deploying Artifacts to Nexus and to the chapter 9.4.2. Update the POM: Deployment Configuration of the Nexus book, deployment must be done with HTTP PUT. In other words, your distributionManagement section should look like something like this:
<distributionManagement>
...
<repository>
<id>releases</id>
<name>Internal Releases</name>
<url>http://localhost:8081/nexus/content/repositories/releases</url>
</repository>
...
</distributionManagement>
I noticed you said that SecureCI uses a firewall that is configured to drop connections on port 80. However, as I'm not using SecureCI myself, I have a few (maybe stupid) questions:
Did you enabled deployment for a hosted repository under Nexus?
Is Nexus listening on port 80?
If a firewall is not allowing HTTP, why don't you just add an exception for HTTP connections from the "host" IP?
EDIT: According to the OP answers, I think that using HTTPS might be indeed the "natural" way to go with SecureCI. But, before you can upload via HTTPS, you'll need to add the SecureCI's CA certificate (the certificate of the issuer of their certificate) into your JDK. You can follow these instructions to do this. But before going further, the real question is:
Does SecureCI provide the CA certificate (the certificate of the issuer of their certificate)?
If they don't, I don't know how to make deployment possible without tweaking the firewall rules.

Sorry. Just came across the question.
There are two options, as other posters have mentioned: supply the certificate to Maven or turn on HTTP access and open port 80 (which is closed by default for security).
For enabling HTTP access, see /trac/secureci/wiki/HowTo/EnableHttp in SecureCI (under the HowTo docs on the wiki, How do I enable HTTP access?).
For the certificate, the public and private key are in /etc/apache2/ssl/.
If you want to replace the default cert, the docs for installing your own (which could be self-signed or signed by a recognized CA) are in the SecureCI wiki at /trac/secureci/wiki/HowTo/InstallSslCert (under the HowTo docs on the wiki, How do I install an SSL certificate?). The location of the existing cert is noted there as well.

Related

tomcat localhost url return ERR_CONNECTION_REFUSED

I developed a spring MVC app in eclipse and trying to test in my laptop tomcat localhost. This URL works http://localhost:8080. It brings up the tomcat admin page. But when i call http://localhost:8080/mywebsite, as part of spring security port mapping it forwards to https://localhost:8443/mywebsite, but i get
This site can’t be reached
localhost refused to connect.
Try:
Checking the connection
Checking the proxy and the firewall
ERR_CONNECTION_REFUSED
This is definitely not firewall issue, as i uninstalled all my antivirus, disabled firewall in windows defender
I have also changed the server location to "use tomcat installation" in eclipse
I have cleaned up deployment folder multiple times and reinstalled app and restarted server multiple times. The server started successfully i can see the logs
I am using tomcat 9 and JDK-19
I dont see any calls in access logs, only a 302 when it redirects from http://localhost:8080/mywebsite to https://localhost:8443/mywebsite
I have been trying this for 2 days and it wont budge an inch. I need help please
As #nitin pointed out in the comment above, I had not configured SSL connector. My bad I thought SSl cert is not needed for localhost testing. But it is required. I following the steps in
https://medium.com/beingcoders/setup-ssl-on-apache-tomcat-in-just-10-minutes-step-by-step-guide-706484094bb2

Will JIRA clash with Plesk on Install

I have a dedicated hosting account that is managed using Plesk (i am not very comfortable with Linux command line - learning). Plesk is fine as its easy to use for managing different web spaces.
I want to know if i install JIRA on the same server will i run into
any issues with Plesk. I believe the ports used for Plesk and JIRA
are not the same (8080 for JIRA).
Are there any good walk throughs for doing so
Any recommendations on the install process
Eventually, i want JIRA to be accessed via subdomain url j.domain.com and not xx.xxx.xx.xx:xxxx. how could i set this up
thanks a lot!
Yes, JIRA can be installed on Plesk server without any issues.
There is port clash only with Tomcat, so if you have it installed JIRA installer suggest you to choose another port.
# wget https://www.atlassian.com/software/jira/downloads/binary/atlassian-jira-software-7.2.4-x64.bin
# chmod +x atlassian-jira-software-7.2.4-x64.bin
# ./atlassian-jira-software-7.2.4-x64.bin
It's better to use MySQL database if you haven't experience with PostgreSQL.
JIRA installer always silently fallback to built in H2 file database in case of issue with provided DB settings
you have to create domain, database and mail user in plesk
You have to enable proxy_http in Tools&Settings > Apache Web Server and create file /httpdocs/.htaccess in j.domain.com domain to redirect requests to JIRA:
RewriteEngine on
RewriteRule ^(.*) http://127.0.0.1:8080/$1 [P,L]
SMTP settings:
Troubleshooting:
Logs are placed here /opt/atlassian/jira/logs/catalina.out

Enabling remote access to Keycloak

I'm using the Keycloak authorization server in order to manage my application permissions. However, I've found out the standalone server can be accessed locally only.
http://localhost:8080/auth works, but not it does http://myhostname:8080/auth. This issue doesn't permit accessing the server from the internal network.
The standalone Keycloak server runs on the top of a JBoss Wildfly instance and this server doesn't allow accessing it externally by default, for security reasons (it should be only for the administration console, but seems to affect every url in case of Keycloak). It has to be booted with the -b=0.0.0.0 option to enable it.
However, if your Wildfly is running on a remote machine and you try to
access your administrative page through the network by it’s IP address
or hostname, let’s say, at http://54.94.240.170:8080/, you will
probably see a graceful This webpage is not available error, in
another words, Wildfly said “No, thanks, I’m not allowing requests
from another guys than the ones at my local machine”.
See also:
Enable Wildfly remote access
Wildfly remotely access administration console doesnt work
you can start keycloak server with this command
standalone.bat -b 0.0.0.0
For anyone who happens by here now, I found this in the documentation for Keycloak 8:
Users can interact with Keycloak without SSL so long as they stick to
private IP addresses like localhost, 127.0.0.1, 10.0.x.x, 192.168.x.x,
and 172.16.x.x. If you try to access Keycloak without SSL from a
non-private IP address you will get an error.
This is how you can disable it from the admin console, just click on your realm, and make the mentioned option.
Note: Don't forget the following
standalone.bat -b 0.0.0.0

Setup Wicket application/JBoss Server to use my domain URL

I just purchased a domain Url from Google Domains and I'd like to have my localhost project (Wicket app. deployed on Jboss server) to use my new domain (example.com). I have looked online for a process on doing this, but seeing as this is a very specific instance, I cannot find the proper documentation. I have made my ip addr. static, added my external IP addr. to the Google Domain website (I think this registers my domain to my ip?), and I've edited the Window's Host file to point 127.0.0.1 to example.com. What am I missing here? Is there a configuration in my wicket project's web.xml or maybe a configuration in my JBoss server? I'm using Wicket 7.0.0 (latest) and JBoss 7.0. Any help would be greatly appreciated! Thanks in advance!
I am not an network expert, but you could check if you are receiving any traffic on your JBOSS server port without application deployed, just to make sure that your firewall or any sort of Antivirus is blocking incoming traffic or not.

weblogic ssl with custom truststore

Is it possible that weblogic uses a custom ssl socket implementation? I'm running into a problem with the JavaMail. Trying to use a smtp ssl connection fails even though I've setup a custom truststore with the mailserver ca. However if I set the javax.net.ssl.trustStore property to use a truststore with the mailserver ca everything works.
This makes me think that weblogic uses their custom sockets or custom config for sockets. While JavaMail relies on the standard mechanisms and will not take into account what's in the weblogic custom truststore.
Any ideas?
(posted as an answer - thanks!)
WebLogic Server doesn't use custom socket implementation that I'm aware of. I've integrated it in the past with a number of client applications or other servers. That being said, SSL is gloriously frustrating to get working right. Can you post the exceptions/errors you're getting in your logs when WebLogic Server tries to make the connection? If you're not seeing anything in the logs, depending on the version of WebLogic Server you're using, there are a number of debug flags you can enable to get more information.
By default WebLogic uses the Certicom SSL implementation. My experience of this library has been nothing but grief. You haven't provided any details of the error but I would enable the Sun implementation to see if that helps. In the "Advanced" tab in the SSL-configuration there is a checkbox called "Use JSSE SSL" which will do it.
Or you can do it with system properties like so:
http://weblogic-wonders.com/weblogic/2010/11/09/enforce-weblogic-to-use-sun-ssl-implementation-rather-than-certicom/