I've just upgraded to the lastest Java SDK and my presigned urls are no longer working.
Previously I used
generatePresignedUrlRequest.addRequestParameter(
Headers.S3_CANNED_ACL,
CannedAccessControlList.PublicRead.toString()
);
However now the generatePresignedUrlRequest returns this error:
There were headers present in the request which were not signed: x-amz-acl
How do I sign the x-amz-acl header?
I'm trying to get the letsencrypt auto renewal working with haproxy.
I've followed these instructions: https://www.digitalocean.com/community/tutorials/how-to-secure-haproxy-with-let-s-encrypt-on-ubuntu-14-04
I get the error:
Attempting to renew cert (api.example.com.nz) from /etc/letsencrypt/renewal/api.example.com.conf produced an unexpected error: Problem binding to port 54321: Could not bind to IPv4 or IPv6.. Skipping.
Here is my haproxy:
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon
maxconn 2048
tune.ssl.default-dh-param 2048
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# Default ciphers to use on SSL-enabled listening sockets.
# For more information, see ciphers(1SSL). This list is from:
# https://hynek.me/articles/hardening-yourweb-servers-ssl-ciphers/
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:EC$
ssl-default-bind-options no-sslv3
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
option forwardfor
option http-server-close
frontend localhost
bind *:80
mode http
reqadd X-Forwarded-Proto:\ http
acl letsencrypt-acl path_beg /.well-known/acme-challenge/
use_backend letsencrypt-backend if letsencrypt-acl
use_backend web1 if { hdr(host) -i example.com }
use_backend web2 if { hdr(host) -i api.example.com }
use_backend web1 if { hdr(host) -i www.example.com }
frontend app_ssl
bind *:443 ssl crt /etc/haproxy/certs/api.example.com.pem
reqadd X-Forwarded-Proto:\ https
acl letsencrypt-acl path_beg /.well-known/acme-challenge/
use_backend letsencrypt-backend if letsencrypt-acl
default_backend web2
backend letsencrypt-backend
server letsencrypt 127.0.0.1:54321
Can anyone tell me why it's not getting to the backend?
This is configured on a jump-box, would that be something to do with it?
EDIT
LISTEN 0 128 127.0.0.1:3006 *:* users:(("ssh",pid=7608,fd=5))
LISTEN 0 128 *:80 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 128 *:9081 *:*
LISTEN 0 128 *:9082 *:*
LISTEN 0 128 *:9083 *:*
LISTEN 0 128 *:443 *:*
LISTEN 0 128 ::1:3006 :::* users:(("ssh",pid=7608,fd=4))
LISTEN 0 128 :::80 :::*
LISTEN 0 5 :::54321 :::*
LISTEN 0 128 :::22 :::*
Certbot is listening on that port
ubuntu@jump-box:~$ sudo lsof -i :54321
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
certbot 3077 root 8u IPv6 301513579 0t0 TCP *:54321 (LISTEN)
I'm trying to use Putty to create a tunnel that MySQL Workbench can connect through.
Steps I take:
Then in MySQLWorkbench, try and connect to the database at localHost:3307
This fails.
Can anyone enlighten me on how to create a SSH connection via a JumpBox using Putty or find where the problem might be?
I'm attempting to get around some Cross Origin issues on IE11 and iOS by masking a subdomain as a directory
i.e.
I want example.com/cdn/ to actually load cdn.example.com/
I've kind of got it working with
RedirectMatch 301 ^/cdn/(.*)$ http://cdn.example.com/$1
But in the browser the redirect happens and it still shows http://cdn.example.com rather than leaving it as example.com/cdn/
Any way to achieve this!?
I'm really struggling to get Cloudfront and S3 to add Access-Control-Allow-Origin: * to the headers of video files stored on S3 (for inline video on iPhones - seems to be working everywhere else however inline video is only working on iPhones from the same domain, so assume it's CORS related).
Only the first file in the bucket has the right headers
curl -I -H "Origin: https
://example.com" http://cdn.example.com/0000d723-5c73-4d71-953c-d7e29e70f17b.jpg
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 80962
Connection: keep-alive
Date: Thu, 02 Jun 2016 00:38:50 GMT
Access-Control-Allow-Origin: https://beek.co
Access-Control-Allow-Methods: GET
Access-Control-Max-Age: 3000
Access-Control-Allow-Credentials: true
x-amz-meta-md5-hash: 18692618d1f6865694f08fb2dcd12201
Last-Modified: Wed, 15 Feb 2012 03:08:14 GMT
ETag: "18692618d1f6865694f08fb2dcd12201"
Accept-Ranges: bytes
Server: AmazonS3
Vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
Age: 63
X-Cache: Hit from cloudfront
Via: 1.1 284d225e590e6583c457dc0182ee6fe7.cloudfront.net (CloudFront)
X-Amz-Cf-Id: n9NmaT8pwHg5BZmZqoPAxUlGBiLR7BqD5rxodzjfpKi2mFthhGzGyw==
But all the others don't
curl -I -H "Origin: https
://beek.co" http://cdn.example.co/93bd51ac-5a8c-4c08-ac67-42ee5e596477.mp4
HTTP/1.1 200 OK
Content-Type: video/mp4
Content-Length: 44751245
Connection: keep-alive
Date: Thu, 02 Jun 2016 00:40:47 GMT
x-amz-meta-md5-hash: 6d64731504361705258f2b0f9023bd98
Last-Modified: Wed, 16 Mar 2016 20:29:25 GMT
ETag: "6d64731504361705258f2b0f9023bd98"
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Miss from cloudfront
Via: 1.1 4f2b51b0906eb4177f90fe010732e8a3.cloudfront.net (CloudFront)
X-Amz-Cf-Id: QhBT8ejONAUu5oxzvVXtzC0viSLxGRdBk0Rbq6yRdbxs9TTD7abawA==
Bucket is 'example-assets'
Bucket Policy is
{
"Version": "2008-10-17",
"Id": "http referer policy example",
"Statement": [
{
"Sid": "readonly policy",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::example-assets/*"
}
]
}
CORS configuration is
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>http://*</AllowedOrigin>
<AllowedOrigin>https://*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<MaxAgeSeconds>3000</MaxAgeSeconds>
<AllowedHeader>Authorization</AllowedHeader>
</CORSRule>
</CORSConfiguration>
Cloudfront distribution has 'origin' added to whitelist with settings as such. I've tried adding the other 2 as well and it doesn't seem to make any difference.
What am I missing!?
We've run into an issue on an Amazon EC2 instance where we need a later version of glibc.
I understand I need to update Centos (current version is 5.6) to acheive this, and I've tried various approaches to doing this including the one mentioned here http://www.webhostbug.com/upgrade-centos-6-5-7/
and here
upgrade CentOS from 6.5 to 7 in an EC2 Instance
I can get the pre-upgrade assistant to install (I think) but not run
There is also an issue that this is running Rightscale, and I think it's a 32bit host.
I managed to upgrade from 5.4 to 5.6 by editing CentOS-Base.repo and changing all the 5.4s to 5.6 which let me update some with yum update. However I can't seem to upgrade any further with this approach.
I just need to get to a version with glibc version 2.7
Any clues?