[ClusterLabs] Setup Apache virtual IP SSL certificate config

John Karippery john.karippery at yahoo.com
Tue Jan 12 05:31:29 EST 2021 

 
Hello, 

I am so exhausted with SSL with pacemaker.. I tried my level best and I did found the solution.


 wget  --no-check-certificate https://localhost/server-status

--2021-01-12 11:25:06--  https://localhost/server-status

Resolving localhost (localhost)... ::1, 127.0.0.1

Connecting to localhost (localhost)|::1|:443... connected.

WARNING: The certificate of 'localhost' is not trusted.

WARNING: The certificate of 'localhost' hasn't got a known issuer.

The certificate's owner does not match hostname 'localhost'

HTTP request sent, awaiting response... 200 OK

Length: 4236 (4.1K) [text/html]

Saving to: 'server-status.3'




server-status.3                         100%[============================================================================>]   4.14K  --.-KB/s    in 0s




2021-01-12 11:25:06 (404 MB/s) - 'server-status.3' saved [4236/4236]


Status.conf


        <Location /server-status>

         SetHandler server-status

         Require local

  

        </Location>



And I tried 

pcs resource create Apache ocf:heartbeat:apache  configfile=/etc/apache2/apache2.conf  statusurl="--no-check-certificate https://localhost/server-status"  op monitor interval=1min




pcs resource create Apache ocf:heartbeat:apache  configfile=/etc/apache2/apache2.conf  statusurl=" https://localhost/server-status"  op monitor interval=1min

And I tried to change config  (ocf/resource.d/heartbeat/tomcat)


isrunning_tomcat()

{

    $WGET --no-check-certificate --tries=20 -O /dev/null $RESOURCE_STATUSURL >/dev/null 2>&1

}








Error I received 


Failed Resource Actions:

* Apache_start_0 on server1 'unknown error' (1): call=401, status=complete, exitreason='Failed to access httpd status page.',

    last-rc-change='Tue Jan 12 11:19:23 2021', queued=1ms, exec=3439ms




Please help me 
   On Tuesday, 27 October, 2020, 04:44:16 pm GMT+1, Timo Schöler <timo at kroenchenstadt.de> wrote:  
 
 On 10/27/20 11:33 AM, John Karippery wrote:

> I have problem on my pacemaker setup while config SSL certificate on my 
> server.

Can you access https://localhost/server-status (which you use to check 
your web server's health) using wget from the same host?

Will it throw an error because of the certificate (chain)? If so, this 
will also be the problem regarding the health check.

wget will ignore certificate woes using the ``--no-check-certificate'' 
option, which you could use to verify it actually is the problem.

Timo

> Before using SSL everything was working fine but as soon as I added the 
> (self-signed) SSL certificate, the cluster won't start the web server again.
> 
> error message is like this.
> 
> |/Failed Resource Actions: * mb-web_start_0 on node01 'unknown error' 
> (1): call=128, status=complete, exitreason='Failed to access httpd 
> status page.', last-rc-change='Mon May 18 12:32:05 2020', queued=0ms, 
> exec=3402ms * mb-web_start_0 on node02 'unknown error' (1): call=130, 
> status=complete, exitreason='Failed to access httpd status page.', 
> last-rc-change='Mon May 18 12:31:35 2020', queued=0ms, exec=3425ms /and 
> I tried to create apache resource in:
> 
> |
> 
> |pcs resource create Website1 ocf:heartbeat:apache 
> configfile=/etc/apache2/apache2.conf 
> statusurl="http://localhost/server-status" op monitor interval=1min|
> 
> |pcs resource create Website1 ocf:heartbeat:apache 
> configfile=/etc/apache2/apache2.conf 
> statusurl="https://localhost/server-status" op monitor interval=1min|
> 
> my Apache server status file
> 
> |cat <<-END >/etc/apache2/status.conf <Location /server-status> 
> SetHandler server-status Order Deny,Allow Deny from all Require local 
> </Location> END|
> 
> Please help me|
> 
> |
> 
> 
> _______________________________________________
> Manage your subscription:
> https://lists.clusterlabs.org/mailman/listinfo/users
> 
> ClusterLabs home: https://www.clusterlabs.org/
> 
_______________________________________________
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/
  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.clusterlabs.org/pipermail/users/attachments/20210112/2684cbba/attachment-0001.htm>

More information about the Users mailing list