I'd try using the name in the certificate instead of localhost On Tue, 2021-01-12 at 10:31 +0000, John Karippery wrote: > > Hello, > > I am so exhausted with SSL with pacemaker.. I tried my level best and > I did found the solution. > > > > wget --no-check-certificate https://localhost/server-status > > > --2021-01-12 11:25:06-- https://localhost/server-status > > > Resolving localhost (localhost)... ::1, 127.0.0.1 > > > Connecting to localhost (localhost)|::1|:443... connected. > > > WARNING: The certificate of 'localhost' is not trusted. > > > WARNING: The certificate of 'localhost' hasn't got a known > > > issuer. > > > The certificate's owner does not match hostname 'localhost' > > > HTTP request sent, awaiting response... 200 OK > > > Length: 4236 (4.1K) [text/html] > > > Saving to: 'server-status.3' > > > server-status.3 > > > 100%[=========================================================== > > > =================>] 4.14K --.-KB/s in 0s > > > 2021-01-12 11:25:06 (404 MB/s) - 'server-status.3' saved > > > [4236/4236] > > Status.conf > > > > <Location /server-status> > > > SetHandler server-status > > > Require local > > > > > > </Location> > > > And I tried > > > pcs resource create Apache ocf:heartbeat:apache > > > configfile=/etc/apache2/apache2.conf statusurl="--no-check- > > > certificate https://localhost/server-status"; op monitor > > > interval=1min > > > pcs resource create Apache ocf:heartbeat:apache > > > configfile=/etc/apache2/apache2.conf statusurl=" > > > https://localhost/server-status"; op monitor interval=1min > > And I tried to change config (ocf/resource.d/heartbeat/tomcat) > > > > isrunning_tomcat() > > > { > > > $WGET --no-check-certificate --tries=20 -O /dev/null > > > $RESOURCE_STATUSURL >/dev/null 2>&1 > > > } > > > > Error I received > > > > Failed Resource Actions: > > > * Apache_start_0 on server1 'unknown error' (1): call=401, > > > status=complete, exitreason='Failed to access httpd status > > > page.', > > > last-rc-change='Tue Jan 12 11:19:23 2021', queued=1ms, > > > exec=3439ms > > > > > > > > Please help me > > On Tuesday, 27 October, 2020, 04:44:16 pm GMT+1, Timo Schöler < > [email protected]> wrote: > > > On 10/27/20 11:33 AM, John Karippery wrote: > > > I have problem on my pacemaker setup while config SSL certificate > on my > > server. > > Can you access https://localhost/server-status (which you use to > check > your web server's health) using wget from the same host? > > Will it throw an error because of the certificate (chain)? If so, > this > will also be the problem regarding the health check. > > wget will ignore certificate woes using the ``--no-check- > certificate'' > option, which you could use to verify it actually is the problem. > > Timo > > > > Before using SSL everything was working fine but as soon as I added > the > > (self-signed) SSL certificate, the cluster won't start the web > server again. > > > > error message is like this. > > > > |/Failed Resource Actions: * mb-web_start_0 on node01 'unknown > error' > > (1): call=128, status=complete, exitreason='Failed to access httpd > > status page.', last-rc-change='Mon May 18 12:32:05 2020', > queued=0ms, > > exec=3402ms * mb-web_start_0 on node02 'unknown error' (1): > call=130, > > status=complete, exitreason='Failed to access httpd status page.', > > last-rc-change='Mon May 18 12:31:35 2020', queued=0ms, exec=3425ms > /and > > I tried to create apache resource in: > > > > | > > > > |pcs resource create Website1 ocf:heartbeat:apache > > configfile=/etc/apache2/apache2.conf > > statusurl="http://localhost/server-status"; op monitor > interval=1min| > > > > |pcs resource create Website1 ocf:heartbeat:apache > > configfile=/etc/apache2/apache2.conf > > statusurl="https://localhost/server-status"; op monitor > interval=1min| > > > > my Apache server status file > > > > |cat <<-END >/etc/apache2/status.conf <Location /server-status> > > SetHandler server-status Order Deny,Allow Deny from all Require > local > > </Location> END| > > > > Please help me| > > > > > | > > > > > > _______________________________________________ > > Manage your subscription: > > https://lists.clusterlabs.org/mailman/listinfo/users > > > > ClusterLabs home: https://www.clusterlabs.org/ > > > _______________________________________________ > Manage your subscription: > https://lists.clusterlabs.org/mailman/listinfo/users > > ClusterLabs home: https://www.clusterlabs.org/ > > _______________________________________________ > Manage your subscription: > https://lists.clusterlabs.org/mailman/listinfo/users > > ClusterLabs home: https://www.clusterlabs.org/ -- Ken Gaillot <[email protected]>
_______________________________________________ Manage your subscription: https://lists.clusterlabs.org/mailman/listinfo/users ClusterLabs home: https://www.clusterlabs.org/
