Bhushan's questions

My setup is like this

ngnix(aws) -> tomcat server(on the same aws server)

$ nginx -v
nginx version: nginx/1.14.0 (Ubuntu)

$ openssl version
OpenSSL 1.1.0g 2 Nov 2017

$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 18.04.1 LTS
Release: 18.04
Codename: bionic

Content of /etc/nginx/conf.d/myapp.conf

server {
        listen      80;
        server_name myapp.com;
        return 301 https://$server_name$request_uri;
}

server {
        listen                *:443 ;
        ssl on;
        ssl_certificate /tmp/nginx.crt;
        ssl_certificate_key /tmp/nginx.key;
        server_name           myapp.com;
        access_log            /var/log/nginx/myapp.access.log;
        error_log  /var/log/nginx/myapp.error.log;

        location / {
               proxy_pass http://localhost:8764;
        }
}

When I am trying to visit myapp from browser, I am getting ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Someone suggested by I should try to connect it using OpenSSL,

openssl s_client -connect myapp.com:443 
CONNECTED(00000003)
140211097622168:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:769:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 305 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID: 
    Session-ID-ctx: 
    Master-Key: 
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1533215612
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---

Can someone suggest whats the issue here?

I have a service configured with systemctl. This is the config file:

[Unit]
Description=eureka-server
After=syslog.target

[Service]
User=bhushanp
#User=root
ExecStart=/usr/bin/java -jar /home/bhushanp/apps/eureka_server.jar > /var/log/es.log 2>>&1
SuccessExitStatus=143

[Install]
WantedBy=multi-user.target

But its not writing logs to /var/log/es.log file.
Any help is appreciated.

I am using Ubuntu 14.04 and Tomcat7.

For some reason, I needed to upgrade java-7 to java-8. So I installed openjdk-8 and set it default using update-alternatives --config java command. To my surprise, tomcat was still using java7.

To resolve the issue, I modified the /usr/share/tomcat7/bin/setenv.sh file and added following line.

export JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64/

Now tomcat7 is using java-8 but because of above modification in setenv.sh file, I am not able to stop tomcat server using service tomcat7 stop. It shows the [OK] message but tomcat process is still running.

Any suggestions ?

EDIT-1 : I have also noticed that service tomcat7 start is starting the tomcat server but printing below text on console.

* Starting Tomcat servlet engine tomcat7 [fail]

EDIT-2 : I had set JAVA_HOME(which points to Java8) in setenv.sh then service is not working but when I removed JAVA_HOME from setenv.sh and put it in catalina.sh then everything is working as expected.

I want to figure out how many authentication failed or success by processing OpenLDAP(2.4.42)'s log file.

Following is the sample of my OpenLDAP's log.

slapd[5516]: conn=2803 op=3 SRCH base="ou=groups,dc=myOrg,dc=com" scope=2 deref=0 filter="(&(objectClass=posixGroup)(cn=*)
slapd[5516]: conn=2803 op=3 SRCH attr=objectClass cn userPassword gidNumber memberuid modifyTimestamp modifyTimestamp
slapd[5516]: <= bdb_inequality_candidates: (modifyTimestamp) not indexed
slapd[5516]: conn=2803 op=3 SEARCH RESULT tag=101 err=0 nentries=0 text=
slapd[5516]: conn=2803 op=4 SRCH base="dc=myOrg,dc=com" scope=2 deref=0 filter="(&(objectClass=ipService)(cn=*)(ipServicePort=*)(ipServiceProtocol=*))"
slapd[5516]: conn=2803 op=4 SRCH attr=objectClass cn ipServicePort ipServiceProtocol modifyTimestamp
slapd[5516]: conn=2803 op=4 SEARCH RESULT tag=101 err=0 nentries=0 text=
slapd[5516]: conn=2797 fd=37 closed (connection lost)
slapd[5516]: conn=2795 op=23 UNBIND
slapd[5516]: conn=2795 fd=36 closed
slapd[5516]: conn=2804 fd=36 ACCEPT from IP=10.1.1.205:49974 (IP=0.0.0.0:636)
slapd[5516]: conn=2804 fd=36 TLS established tls_ssf=128 ssf=128
slapd[5516]: conn=2804 op=0 BIND dn="" method=128
slapd[5516]: conn=2804 op=0 RESULT tag=97 err=0 text=
slapd[5516]: conn=2804 op=1 SRCH base="ou=people,dc=myOrg,dc=com" scope=2 deref=3 filter="(&(objectClass=*)(uid=xyzUser))"
slapd[5516]: conn=2804 op=1 SRCH attr=uid
slapd[5516]: conn=2804 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[5516]: conn=2804 op=2 BIND dn="uid=xyzUser,ou=people,dc=myOrg,dc=com" method=128
slapd[5516]: conn=2804 op=2 BIND dn="uid=xyzUser,ou=people,dc=myOrg,dc=com" mech=SIMPLE ssf=0
slapd[5516]: conn=2804 op=2 RESULT tag=97 err=0 text=
slapd[5516]: conn=2804 op=3 BIND anonymous mech=implicit ssf=0
slapd[5516]: conn=2804 op=3 BIND dn="" method=128
slapd[5516]: conn=2804 op=3 RESULT tag=97 err=0 text=
slapd[5516]: conn=2804 op=4 SRCH base="ou=people,dc=myOrg,dc=com" scope=2 deref=3 filter="(&(&(&(&(objectClass=myOrgEmployee)(status=TRUE))(webmailAllowed=TRUE))(passwordExpired=FALSE))(uid=xyzUser))"
slapd[5516]: conn=2804 op=4 SRCH attr=uid
slapd[5516]: <= bdb_equality_candidates: (passwordExpired) not indexed
slapd[5516]: conn=2804 op=4 SEARCH RESULT tag=101 err=0 nentries=1 text=

What I want to know that value of conn attribute in log is always going to be unique or not? Because my algorithm is like

1. Search for keyword SEARCH RESULT
2. Get value of attribute conn and op
3. Find for SRCH base same value of conn and op

I am trying to connect Raspberry Pi as a client to OpenVPN server(Ubuntu 14.04.3). Following is my server and client side configuration

# server.conf
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
keepalive 10 120
persist-key
persist-tun
status openvpn-status.log
log-append openvpn.log
verb 5

# client.ovpn
client
dev tun
proto udp
remote 10.1.2.12 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert pi2.crt
key pi2.key
ns-cert-type server
log-append openvpn.log
verb 5

On client side, I get this log "Initialization Sequence Completed." But I can't ping from client to server by ping 10.8.0.1 or vice-versa.

If I change proto tcp on both ends, then it works perfectly fine.

To troubleshoot the problem, I did following things.

1. Tested if my network is capable of handling UDP traffic by

   on server nc -l -u 1194

   on client nc -u 10.1.2.12 1194

   I was able to communicate to server from client and vice-versa.

2. Lower the mtu by adding following configuration in both ends

   tun-mtu 1000 fragment 900 mssfix

3. Changed UDP port to some higher value, like 25000

But still I am not able solve this issue. Any help will be appreciated. Client-Server logs

I have one web application, that is deployed on cloud. Now, this web application needs to access 3 Postgres databases, located in 3 different location(Lets call them, client systems).

So one day, I met with this guy, who is very experienced and senior to me. He gave me following solution.

1. Install OpenVPN on Raspberry Pi
2. Put this Raspberry Pi in the network (behind the firewall, he said) where Postgres database server is installed.
3. Access Postgres databases via VPN from cloud.

Now I am wondering why I need to do this when I can access all 3 databases by just doing port forwarding from client systems.

Am I missing something ?