RE: HTTPS Redirect Web GUI

@JJ-Fullmer said in HTTPS Redirect Web GUI:

https redirect

I had this issue, but wanted to add to the Copilot answer that works on RHEL 8.10 running the latest Apache and FOG 1.5.10.1634 (this assumes you installed FOG with NO HTTPS option, in other words HTTPS disabled by default):

To redirect all HTTP requests on port 80 to HTTPS on port 443 using your provided certificate and key, you can use the following configuration:

Create a new configuration file in the /etc/httpd/conf.d/ directory, for example, redirect.conf:

<VirtualHost *:80>
    ServerName ip.of.fog.server
    ServerAlias hostnameOfFogServer
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
</VirtualHost>

Update your SSL configuration in the /etc/httpd/conf.d/ssl.conf file to include your certificate and key:

<VirtualHost *:443>
    ServerName ip.of.fog.server
    ServerAlias hostnameOfFogServer
    DocumentRoot /var/www/html/
    SSLEngine on
    SSLCertificateFile /opt/fog/ssl/UNIQUE-FOR-ME/MYCERT.cer
    SSLCertificateKeyFile /opt/fog/ssl/UNIQUE-FOR-ME/MYCERT.key

    <Directory /var/www/html/fog/>
        DirectoryIndex index.php index.html index.htm
        AllowOverride All
        Require all granted
    </Directory>

    <FilesMatch "\.php$">
        SetHandler "proxy:fcgi://127.0.0.1:9000/"
    </FilesMatch>

    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
    RewriteRule .* - [F]
    RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
    RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-d
    RewriteRule ^/fog/(.*)$ /fog/api/index.php [QSA,L]
</VirtualHost>

Restart Apache to apply the changes:

sudo systemctl restart httpd

This configuration will redirect all HTTP requests to HTTPS and use the provided certificate and key for SSL. Make sure to replace ip.of.fog.server and hostnameOfFogServer with your actual server IP and hostname.

Lastly, When enrolling a cert I used the FQDN and plain hostname as a “Subject Alternative Name”. For my company, this means internal use only (.pvt). This takes care of both redirects (prob could have also talked to the DNS team to redirect the hostname to the FQDN eg hostname.blah.pvt as well. But it’s better (and faster) in the cert if you can do it that way.

A lot has changed since then. We now use “Parameters” instead of “Boot options”.

My questions is, is it possible to add (or maybe in a future update) commands to the “boot options” that run AFTER pxe finishes loading the iso/files?

The goal is, instead of editing the ISO (everytime I use DISM to edit wimboot, remake the ISO using imgburn it get sanboot errors, but the original unaltered ISO works fine), I could just run 3 simple commands (.bat script) via FOG (boot options?) that run after it boots. For instance, adding the below to be ran after a WinPE iso loads and you get to a desktop:

net use Z: yada yada; Explorer Z:\test.iso;“X:\StartScript.exe”

@EuroEnglish Check the usual suspects first

1.) Since it seems your passwords may have changed, make sure they are all synced. This includes the ones in the FOG webUI configurations, in configuration files like the .fog_settings file for instance, MySQL etc.

2.) Check the permissions of your files on the FOG server. Make sure they mirror what you had before (prob something like fogproject:root or likes). EG the folder with the images, the tftpboot folder as well (esp if you’re PXE booting images from the menu and not just capturing or deploying images).

3.) Check logs in /var/log/fog and /var/log in general depending on the issues. This will tell you exactly what’s going on if you know how to read the logs. This should actually be #1 on this list.

4.) Check systemctl status messages: make sure fog-tftp is the correct tftp server running, is actually running, and pointing to where the files actually are (like /tftpboot versus /var/lib/tftpboot).

@george1421 said in new version e2fsck ?:

FOS Linux OS

Thanks for that tidbit. Using this guide in the FOG wiki:
https://wiki.fogproject.org/wiki/index.php/Modifying_the_Init_Image

I was able to replace initmountdir/sbin/e2fsck with the latest version.

I booted a fogclient into debug mode and ran “e2fsck -V” to verify the changes.

Thanks George!

P.S
I did upgrade e2fsck on our FOG server via SSH to the latest:
e2fsck 1.47.0 (5-Feb-2023)
Using EXT2FS Library version 1.47.0, 5-Feb-2023

but it throws the exact same error.

UPDATE I got it fixed.

Used answer from MarSoft found here (the last comment):
https://github.com/NixOS/nixpkgs/issues/229450

basically run :
tune2fs -O ^orphan_file /dev/mydevice
e2fsck -f /dev/mydevice

and it is successfully capturing

@rhromyko maybe try the above and see if it works for you too (that is, if you’re still having issues).

I am getting the same errors. below is a photo:

trying to capture a dual boot image for our labs that includes:
Windows 10/11 (can verify if important, but is sysprepped)
Ubuntu 23.04

did all the fsck, resize2fs, no avail.

Thanks

@george1421 Thanks a ton for those words (OK that iso image seems to be only a legacy/bios boot media.)

I figured out one thing I was doing very wrong.
I was PXE booted in UEFI… when hitting F12 to boot the PC, I automatically selected the IPV4 under UEFI, and not the “network boot” under legacy, both of which show up in my F12 menu. Both of which FOG PXE boot works with.

Well, after using the legacy, the dell iso image (that only shows CD.txt) works flawlessly. Now I think everything will work that requires legacy for me, as some things seems you can’t use PXE UEFI with (perhaps not supported by the manufacturer, some programs like Memtest require spending thousands of dollars to get the “site edition” that works with PXE, etc). Keeping in mind your words in other posts about the size limitations of isos (2gb?), the ones I wish to use should all be small enough. I think we can mark this as solved.

Thanks so much for your help.

@george1421 see, the issue is when I run that, I get something like this

tftp://(my fog ip)/memdisk... ok
Could not select: EXEC format error (https://ipxe.org/2e008081)
Could not boot: Exec format error (ipxe)
Could not boot: Exec format error (https:)

When looking at the ISO, mounting or unzipping it’s just a CD.txt file (there was a [BOOT] folder but it doesn’t show in linux, and seems the ISO is made in way proprietary to DELL/windows. Inside that folder is a Boot-HardDisk.img with has one file, 0.fat inside. I did not see any .efi, BCD, or other files)

I have the .img version extracted to a folder, but not sure what to point things to in this case
there’s files like:
AUTOEXEC.BAT
COMMAND.COM
CONFIG.SYS
DELLBIO.BIN
DELLDIAG.INI
DIAK1
DISK2
DISK3
DISKS.BAT
GUI.EXE
HIMEM.SYS
RAMDRIVE.SYS

with nothing really in DELLDIAG.INI.

Until further advise, I will probably move on to more regular PXE boot options, like trying to get the WinPE going as we could use a winblows environment (The one I got working, System Rescue CD is a *nix environment)

@Jackalcorn I am still awaiting your response to the questions I asked you previously. Until then, I would have to say that the information you provided was not helpful, and in fact made me more confused and in a worse position than when I started, having second guessed what I already thought I knew.

If you are able to answer the questions I asked prior please feel free to answer so I as well as others may learn from your wisdom.

All the best,

@george1421 Thanks a lot. I will report back shortly with the results. I was just able to finally get one image to work, the System Rescue CD using this guide:
https://forums.fogproject.org/topic/15295/here-config-for-systemrescuecd-8?sort=oldest_to_newest

Although the above was posted in 2021, and though it was for System Rescue CD version 8, the latest version 10.01 works fine with Fog 1.5.10.

As for my environment, I am running a RHEL server in vmware that only job is FOG.

To get the System Rescue CD to work I used “/tftpboot/os/RescueCD/10.01-amd64” instead of the “/var/www/utils/systemrescuecd/” that the above guide used. Here are the PXE parameters that are working for me:

kernel tftp://${fog-ip}/os/RescueCd/10.01-amd64/sysresccd/boot/x86_64/vmlinuz archisobasedir=sysresccd ip=dhcp archiso_http_srv=http://${fog-ip}/os/RescueCd/10.01-amd64/ checksum
initrd tftp://${fog-ip}/os/RescueCd/10.01-amd64/sysresccd/boot/intel_ucode.img
initrd tftp://${fog-ip}/os/RescueCd/10.01-amd64/sysresccd/boot/amd_ucode.img
initrd tftp://${fog-ip}/os/RescueCd/10.01-amd64/sysresccd/boot/x86_64/sysresccd.img
imgargs copytoram
boot || goto MENU

note the old versions of System Rescue CD used “imgargs docache” but according to System Rescue CD website:

copytoram causes SystemRescue to be fully loaded into memory. This corresponds to the docache option in previous versions. A slower start but once complete, the system will be more responsive and also it will not require the original device to run. It means you can actually work on the device where SystemRescue is installed. This requires 2GB of memory to cache the system.

Again, thank you so much. I have been fighting with this for 2 days, and finally have some success (other than knowing what does NOT work… lol).

@Jackalcorn said in simple PXE tutorial:

To create a custom PXE menu, set up a TFTP server, and configure DHCP options for PXE boot. Use FOG Project to upload ISO files of diagnostics or live CDs to the server, then modify the PXE menu to include these images. Ensure your network environment supports PXE booting for technicians to access the diagnostics and recovery tools.

I have a working TFTP server, and DHCP options work for PXE boot before posting my question. We have been using FOG successfully for years at our University, including everything already in the PXE menu by default, as well as imaging in unicast and multicast. When you say “modify the PXE menu to include these images” do you happen to have some sample code that works in FOG 1.5.10 for this? That is what I am after, a working example for FOG version 1.5.10. I’ve read thru all the fog WIKI and documentation, as well as all the forum posts I could find.

How do you use “FOG Project” itself to upload ISO files to the server? It was my understanding that you use a (t)ftp server, or plain scp. I didn’t see any uploader in the GUI specifically for ISO’s/PXE.

Thanks.

Does anyone have a working PXE tutorial where you can download the same files and follow along 100% (say using “dell 32 bit diagnostics utility (graphical user interface version” found here : https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=v029c)

Every video on youtube or tutorial here is 8-10+ years old and does not work in fog 1.5.10 .

My end goal is:
have diagnostic tools, live cds added to PXE menu (for technicians).
So a customized recovery winPE like NHV BOOT 2023 Computer rescue toolkit (got all kinds of errors I can post later if someone is interested)

when I try to just load a plain .img or .iso (like the one made from the above dell 32 bit diagnostic utility) using :
initrd http://10.133.134.10/os/diags.img/iso
sanboot

i get errors like exec error.

the closing I got using the NVH iso image. It showed the windows boot manager screen with 32bit and 64bit option, but pressing either gives the error:
status: 0xc000000f (couldn’t google nothing worthwhile)
info: a required device isn’t connected or can’t be accessed.

So therefore, I figure if I can go thru a real working tutorial i may have hope.

I’ve been thru george’s great thread here:
https://forums.fogproject.org/topic/10944/using-fog-to-pxe-boot-into-your-favorite-installer-images?sort=oldest_to_newest

and that’s how i was able to setup samba and all, but can’t get anything to work there.

thanks

@kureebow in windows, once the fog client is installed AND you have the correct AD settings in fog:

it should work without issues. Correct settings are make sure “join domain after deploy” as well as "name change(ad join forced reboot) are selected,as well as a domain username credentials with privilege to join the domain. You may have to “reset encryption data” for fog to get the correct token, that is if you keep getting the below errors over and over:
9/27/2022 10:48:41 AM Middleware::Authentication ERROR: Could not get security token
9/27/2022 10:48:41 AM Middleware::Authentication ERROR: Could not find file ‘C:\Program Files (x86)\FOG\token.dat’.

@sebastian-roth
Update I was able to make progress by fixing up the code per-say. I think the OP of the code (ch3i) wrote up something from memory and not from actual tests, and possibly update or make note of any changes in syntax as programs update.

For instance, hostname --fqdn gives an error “hostname: unrecognized option ‘–fqdn’ BusyBox v1.31.1” so I changed to ‘hostname -f’.

I was able to get pass the original MySQL errors using your advice, and using the fogstorage account instead. Running both scripts on ubuntu still stops without reason at “checking hostname/domain configurations”. When I run it on FOG (As a postdownloadscript), and it runs after cloning the image,it stops at :
“Check Mysql Configuration: Done
Check FOG Mysql Database Status: Done
Checking hostname/domain configurations *Rebooting system as task is completed”
Reboot: restarting system

but upon reboot, I have the same hostname I myself set prior to capturing the image. Fog has a different hostname set to the MAC that I never changed, so if the script worked my hostname should reflect what FOG has.

IT never makes it to the next part which should say “updating /etc/hostname” nor saying “Done” or “host not found in fog database”. So I am thinking it’s stuck at these lines:

#########################################################
	# Get interfaces
	#########################################################
	NETWORK_CARDS=($(ls /sys/class/net | grep eth))

	#########################################################
	# Get host name and domain from FoG database
	#########################################################
FUNC_DOTS "Checking hostname/domain configurations"
	for ETH in ${NETWORK_CARDS[*]}
	do
			# read mac address
			MAC=$(cat /sys/class/net/$ETH/address)
			# get mac address information from fog web server
			wget http://$FOG_SERVER/$FOG_WEBROOT/service/hostname.php?mac=$MAC -O /tmp/hostname_check 2>/dev/null
			HOST_NAME="$(grep 'ok=' /tmp/hostname_check | cut -d "=" -f2)"
			HOST_DOMAIN_NAME="$(grep 'ADDom' /tmp/hostname_check | cut -d "=" -f2)"
			if [ "$HOST_NAME" != "" ]
			then
				echo "Done ($HOST_NAME.$HOST_DOMAIN_NAME)"
				sleep 3
				# A hostname is found - quit the loop
				break
			else
				echo "Error"
				FUNC_DOTS "Host not found in FOG database"
				echo "exiting"
				sleep 3
				exit
			fi
	done

Final Update
I got it to work!
As first mentioned, I had to update the syntax as it’s been over 7 years since the code was written by OP (ch3i). The update that crashed the above code was :

NETWORK_CARDS=($(ls /sys/class/net | grep eth))

To get it to work I swapped it to :

NETWORK_CARDS=($(ls /sys/class/net ))

I learned thru google there was a change (systemd?) that made ls /sys/class/net not use ETH anymore, rather showing something like “enp0s31f6” which is the same as ETH0, but showing the exact location. The code was looking for ETH so just removing that line fixed it.

Now that it works, I feel I can turn the code into a snap-in or post-download script.

@sebastian-roth Thanks I will give this a go today. My main concern is just allowing the MySql (or non MySQL) script to run. My final objective is getting FOG’s host rename to work with Ubuntu… we have over 40 dual-boot computers we image in one lab (over 300 computers total), and on the Linux side, we have to change the hostnames and join AD manually. Would be nice to get this automated at some point.

Thanks for your help

Trying to run the script located here: Re: [SCRIPTS] Customization of Ubuntu - "Fog Service" for Ubuntu

The Master runs fine, but neither of the “host_rename_fog” runs (or should it really be rename_host_fog? OP is VERY unclear). Running the non-MySQL script on latest LTS Ubuntu (OP didn’t say run as a post-download script on fog server) it stops at “checking hostname/domain configurations” and shoots back to bash. I think it’s because on line 79 it’s just done instead of echo “done” and it crashes out or something (blame bad code or changes in the latest ubuntu?)

when I run the MySQL version it stops at :
“check FOG MySQL database status… error
failed to connect to server… exiting”

this goes to the fact that seems what’s written in fog’s config (/opt/fog/.fogsettings = fogmaster learned from https://wiki.fogproject.org/wiki/index.php?title=Password_Central) does not have the rights to change anything somehow, looking like the database locked itself out?

I can login to MySQL with fogmaster but it’s as if the user is a standard unprivileged user who can’t make changes to MySQL.

also running the below I get errors:

MariaDB [fog]> GRANT ALL PRIVILEGES ON fog.* TO ‘fogmaster’@‘localhost’;
ERROR 1044 (42000): Access denied for user ‘fogmaster’@‘localhost’ to database ‘fog’

INSERT INTO users (uName,uPass,uCreateDate,uCreateBy,uType,uDisplay,uAllowAPI,uAPIToken) VALUES(‘fog’,‘$2y$11$A2D/RijXM.qL7KYrMVo7f.Gfomq6vO6NpL6pEHQIY1OzUci7wBOjC’,‘2017-11-23 9:48:00’,‘localAdmin’,0,‘fog’,1,‘’);
quit

If you get this error after renaming an image (eg: from SUMMER22-Blah to Summer22-Blah) on the web-based interface, the solution is to log in to fog via ssh & rename the image folder itself in /images.:
$ mv SUMMER22-Blah SUMMER22-Blah2
$ mv SUMMER22-Blah2 Summer22-Blah

@jj-fullmer said in Secure Boot Support for Windows 11:
“As long as your CPU supports TPM 1.2 you can do a clean install of windows 11, you just can’t in-place upgrade (without a registry change).”

Is it possible to share the registry change? Unless something even better has changed, I am thinking of in-place windows 10 21H2 to 11 in a dual-boot ubuntu environment. I figure this would stop me from having to reinstall Ubuntu (or grub repair).