• Recent
    • Unsolved
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    Force SSL failure

    Scheduled Pinned Locked Moved Solved
    FOG Problems
    3
    8
    1.8k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sbenson
      last edited by sbenson

      I was looking to force SSL and found that you can run the install with a -S. I attempted this and had an error restarting apache

      * Setting up SSL FOG Server...................................OK
      * Restarting Apache2 for fog vhost............................Failed!
      

      Upon looking into the problem I found that line 9 of the apache conf for fog had a syntax error

      Sep 20 14:39:38 Fog-Dev apache2[18425]: AH00526: Syntax error on line 9 of /etc/apache2/sites-enabled/001-fog.conf:
      Sep 20 14:39:38 Fog-Dev apache2[18425]: Invalid command '-e<VirtualHost', perhaps misspelled or defined by a module not included in th
      

      Looking into the config file I found this trainwreck.

      -e<VirtualHost *:443>\n\tKeepAlive Off\n\tServername 192.168.76.169\n\tDocumentRoot /var/www/html/\n\tSSLEngine On\n\tSSLProtocol all -SSLv3 -SSLv2\n\tSSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA\n\tSSLHonorCipherOrder on\n\tSSLCertificateFile /var/www/html/fog//management/other/ssl/srvpublic.crt\n\tSSLCertificateKeyFile /opt/fog/snapins/ssl//.srvprivate.key\n\tSSLCertificateChainFile /var/www/html/fog//management/other/ca.cert.der\n</VirtualHost>
      

      I can manually fix this(I think), but the install script should have this fixed.
      EDIT1:
      Update functions.sh. It’s missing a space.

      sed -i 's/-e"/-e "/' trunk/lib/common/functions.sh
      

      EDIT2:
      After the update to functions.sh it successfully starts apache, but now has and error backing up the database.

      * Resetting SSL Permissions...................................OK
      * Setting up SSL FOG Server...................................OK
      * Restarting Apache2 for fog vhost............................OK
      * Changing permissions on apache log files....................OK
      * Backing up database.........................................Failed!
      
      1 Reply Last reply Reply Quote 0
      • Wayne WorkmanW
        Wayne Workman
        last edited by Wayne Workman

        what version of FOG? Tom may have already fixed this.

        Run the installer as snmysqlhost='127.0.0.1' ./installfog.sh -y and see if that works. If so, edit the /opt/fog/.fogsettings file and modify snmysqlhost=

        Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
        Daily Clean Installation Results:
        https://fogtesting.fogproject.us/
        FOG Reporting:
        https://fog-external-reporting-results.fogproject.us/

        S 1 Reply Last reply Reply Quote 0
        • S
          sbenson
          last edited by sbenson

          define('FOG_VERSION', '1.3.0-RC-10');
                  define('FOG_SCHEMA', 234);
                  define('FOG_BCACHE_VER', 100);
          -        define('FOG_SVN_REVISION', 5954);
          +        define('FOG_SVN_REVISION', 5955);
                  define('FOG_CLIENT_VERSION', '0.11.5');
          
          1 Reply Last reply Reply Quote 0
          • S
            sbenson @Wayne Workman
            last edited by sbenson

            @Wayne-Workman

            Turning on debugging and I found this

            * Backing up database.........................................+ return 0
            + [[ -d /home//fog_web_1.3.0-RC-10.BACKUP ]]
            + [[ ! -d /home//fogDBbackups ]]
            ++ date +%Y%m%d_%I%M%S
            + wget --no-check-certificate -O /home//fogDBbackups/fog_sql_1.3.0-RC-10_20160920_031708.sql http://192.168.76.169//fog//maintenance/backup_db.php '--post-data=type=sql&fogajaxonly=1'
            + errorStat 4
            + local status=4
            + [[ 4 != 0 ]]
            + echo 'Failed!'
            Failed!
            + [[ -z '' ]]
            + exit 1
            

            http://192.168.76.169/fog/status/bandwidth.php?type=sql&fogajaxonly=1 is unable to connect
            where
            http://127.0.0.1/fog/status/bandwidth.php?type=sql&fogajaxonly=1 does work, but provides back

            {"dev":"Unknown","rx":0,"tx":0}
            

            EDIT: This is my fault. I am in a devel environment and I am swapping cables as to not mess up the current DHCP server(overlapping ranges, etc). It looks like my IP has changed. The database issue is on my end

            1 Reply Last reply Reply Quote 0
            • S
              sbenson
              last edited by sbenson

              Ok, so there MIGHT be another issue with SSL and upgrading. I am running the upgrade and it says to go to http://192.168.76.10/fog/management to complete the schema upgrade.

              upon doing so I get a “this connection is not secure”. I add the cert and it takes me to the standard dashboard. nothing that updates the schema. I am not sure if the update only shows up when there are actually changes that need to be made or not.

              Edit: But it looks like my old IP is still listed inside the database.

              Wayne WorkmanW 1 Reply Last reply Reply Quote 0
              • Wayne WorkmanW
                Wayne Workman @sbenson
                last edited by

                @sbenson if you just run ./installfog.sh it always tells you to go to the web interface. The db’s schema doesn’t change with every update. If you would rather skip that, you can simply run the installer as ./installfog.sh -y

                Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
                Daily Clean Installation Results:
                https://fogtesting.fogproject.us/
                FOG Reporting:
                https://fog-external-reporting-results.fogproject.us/

                1 Reply Last reply Reply Quote 0
                • Tom ElliottT
                  Tom Elliott
                  last edited by

                  The failed to backup could be any number of things, but it’s most likely the problem of the db not already existing. I don’t know for sure though.

                  That said, I did fix the -e issue, thank you.

                  Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

                  Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                  Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                  S 1 Reply Last reply Reply Quote 1
                  • S
                    sbenson @Tom Elliott
                    last edited by

                    @Tom-Elliott the backup was my fault. To gain access to the internet I have to swap cables. When I did the “real” dhcp server gave that server a different ip. The database had the old info.

                    1 Reply Last reply Reply Quote 1
                    • 1 / 1
                    • First post
                      Last post

                    202

                    Online

                    12.0k

                    Users

                    17.3k

                    Topics

                    155.2k

                    Posts
                    Copyright © 2012-2024 FOG Project