@george1421
Once again I appreciate your feedback!
I’m just going to paste the results here. From netstat you’d say “port 80 isn’t listening for ipv4” but that’s not the case, I’ll demonstrate:
[root@fog ~]# netstat -an | grep :80
tcp6 0 0 :::80 :::* LISTEN
[root@fog ~]# netstat -an | grep http
unix 2 [ ACC ] STREAM LISTENING 28078 /etc/httpd/run/cgisock.886
the first line is for tcp6 so it’s listening for the IPv6 stack, apparently you’d say from this output it isn’t listening.
However, if I type http://fog.servers.domain.io I am redirected to https
. So port 80 MUST be listening otherwise it wouldn’t redirect and I would simply get an error.
So I “curled” from my machine:
% curl -Lvv http://fog.servers.domain.io
* Trying 10.0.0.1:80...
* Connected to fog.servers.domain.io (10.0.0.1) port 80 (#0)
> GET / HTTP/1.1
> Host: fog.servers.domain.io
> User-Agent: curl/7.77.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 302 Found
< Date: Wed, 16 Feb 2022 13:35:22 GMT
< Server: Apache/2.4.37 (rocky) OpenSSL/1.1.1k
< Location: https://fog.servers.domain.io//
< Content-Length: 208
< Content-Type: text/html; charset=iso-8859-1
<
* Ignoring the response-body
* Connection #0 to host fog.servers.domain.io left intact
* Issue another request to this URL: 'https://fog.servers.domain.io//'
* Trying 10.0.0.1:443...
* Connected to fog.servers.domain.io (10.0.0.1) port 443 (#1)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
* CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: self signed certificate in certificate chain
* Closing connection 1
curl: (60) SSL certificate problem: self signed certificate in certificate chain
More details here: https://curl.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
I can’t find ca_root_pub.cer
what should its location be? Also there is no path /usr/local/share/ca-certificates/
All fog certificates are at /var/www/html/fog/management/other
(or are we talking about the certs in /etc/ssl
?)
[root@fog other]# ls -laR
.:
total 52
drwxr-xr-x. 3 apache apache 91 Feb 14 20:39 .
drwxr-xr-x. 10 apache apache 143 Feb 14 20:39 ..
-rw-r--r--. 1 apache apache 1301 Feb 14 20:39 ca.cert.der
-rwxr-xr-x. 1 apache apache 1818 Feb 14 20:39 ca.cert.pem
-rw-r--r--. 1 apache apache 35141 Feb 14 20:39 gpl-3.0.txt
-rw-r--r--. 1 apache apache 6152 Feb 14 20:39 index.php
drwxr-xr-x. 2 apache apache 27 Feb 14 20:39 ssl
./ssl:
total 4
drwxr-xr-x. 2 apache apache 27 Feb 14 20:39 .
drwxr-xr-x. 3 apache apache 91 Feb 14 20:39 ..
-rw-r--r--. 1 apache apache 1749 Feb 14 20:39 srvpublic.crt
About the topic with Hiren’s CD I did take a superficial look at it, actually there’s a number of other interesting tutorials here in the forum I’ve seen a few. Hiren’s doesn’t mean much to me as we don’t use Windows machines. Desktops/workstations are Apple, servers are linux (cli-only).
From what I can tell, the booting random stuff with fog as you called it works fine with this configuration for SystemRescueCD, it finds the pxe, downloads undionly.kpxe, moves on to boot the files for sysresccd.
What invokes curl instead of wget for example? Isn’t it the fog boot environment?
thank you.