Actually I wonder whether an encrypted connection form localhost to localhost does make much sense at all.
>>> Ken Gaillot <[email protected]> schrieb am 12.01.2021 um 18:03 in Nachricht <[email protected]>: > I'd try using the name in the certificate instead of localhost > > On Tue, 2021-01-12 at 10:31 +0000, John Karippery wrote: >> >> Hello, >> >> I am so exhausted with SSL with pacemaker.. I tried my level best and >> I did found the solution. >> >> > > wget --no-check-certificate https://localhost/server-status >> > > --2021-01-12 11:25:06-- https://localhost/server-status >> > > Resolving localhost (localhost)... ::1, 127.0.0.1 >> > > Connecting to localhost (localhost)|::1|:443... connected. >> > > WARNING: The certificate of 'localhost' is not trusted. >> > > WARNING: The certificate of 'localhost' hasn't got a known >> > > issuer. >> > > The certificate's owner does not match hostname 'localhost' >> > > HTTP request sent, awaiting response... 200 OK >> > > Length: 4236 (4.1K) [text/html] >> > > Saving to: 'server-status.3' >> > > server-status.3 >> > > 100%[=========================================================== >> > > =================>] 4.14K --.-KB/s in 0s >> > > 2021-01-12 11:25:06 (404 MB/s) - 'server-status.3' saved >> > > [4236/4236] >> >> Status.conf >> >> > > <Location /server-status> >> > > SetHandler server-status >> > > Require local >> > > >> > > </Location> >> >> >> And I tried >> > > pcs resource create Apache ocf:heartbeat:apache >> > > configfile=/etc/apache2/apache2.conf statusurl="--no-check- >> > > certificate https://localhost/server-status"; op monitor >> > > interval=1min >> > > pcs resource create Apache ocf:heartbeat:apache >> > > configfile=/etc/apache2/apache2.conf statusurl=" >> > > https://localhost/server-status"; op monitor interval=1min >> >> And I tried to change config (ocf/resource.d/heartbeat/tomcat) >> >> > > isrunning_tomcat() >> > > { >> > > $WGET --no-check-certificate --tries=20 -O /dev/null >> > > $RESOURCE_STATUSURL >/dev/null 2>&1 >> > > } >> >> >> >> Error I received >> >> > > Failed Resource Actions: >> > > * Apache_start_0 on server1 'unknown error' (1): call=401, >> > > status=complete, exitreason='Failed to access httpd status >> > > page.', >> > > last-rc-change='Tue Jan 12 11:19:23 2021', queued=1ms, >> > > exec=3439ms >> > > >> > > >> >> Please help me >> >> On Tuesday, 27 October, 2020, 04:44:16 pm GMT+1, Timo Schöler < >> [email protected]> wrote: >> >> >> On 10/27/20 11:33 AM, John Karippery wrote: >> >> > I have problem on my pacemaker setup while config SSL certificate >> on my >> > server. >> >> Can you access https://localhost/server-status (which you use to >> check >> your web server's health) using wget from the same host? >> >> Will it throw an error because of the certificate (chain)? If so, >> this >> will also be the problem regarding the health check. >> >> wget will ignore certificate woes using the ``--no-check- >> certificate'' >> option, which you could use to verify it actually is the problem. >> >> Timo >> >> >> > Before using SSL everything was working fine but as soon as I added >> the >> > (self-signed) SSL certificate, the cluster won't start the web >> server again. >> > >> > error message is like this. >> > >> > |/Failed Resource Actions: * mb-web_start_0 on node01 'unknown >> error' >> > (1): call=128, status=complete, exitreason='Failed to access httpd >> > status page.', last-rc-change='Mon May 18 12:32:05 2020', >> queued=0ms, >> > exec=3402ms * mb-web_start_0 on node02 'unknown error' (1): >> call=130, >> > status=complete, exitreason='Failed to access httpd status page.', >> > last-rc-change='Mon May 18 12:31:35 2020', queued=0ms, exec=3425ms >> /and >> > I tried to create apache resource in: >> > >> > | >> > >> > |pcs resource create Website1 ocf:heartbeat:apache >> > configfile=/etc/apache2/apache2.conf >> > statusurl="http://localhost/server-status"; op monitor >> interval=1min| >> > >> > |pcs resource create Website1 ocf:heartbeat:apache >> > configfile=/etc/apache2/apache2.conf >> > statusurl="https://localhost/server-status"; op monitor >> interval=1min| >> > >> > my Apache server status file >> > >> > |cat <<-END >/etc/apache2/status.conf <Location /server-status> >> > SetHandler server-status Order Deny,Allow Deny from all Require >> local >> > </Location> END| >> > >> > Please help me| >> >> > >> > | >> > >> > >> > _______________________________________________ >> > Manage your subscription: >> > https://lists.clusterlabs.org/mailman/listinfo/users >> > >> > ClusterLabs home: https://www.clusterlabs.org/ >> > >> _______________________________________________ >> Manage your subscription: >> https://lists.clusterlabs.org/mailman/listinfo/users >> >> ClusterLabs home: https://www.clusterlabs.org/ >> >> _______________________________________________ >> Manage your subscription: >> https://lists.clusterlabs.org/mailman/listinfo/users >> >> ClusterLabs home: https://www.clusterlabs.org/ > -- > Ken Gaillot <[email protected]> > > _______________________________________________ > Manage your subscription: > https://lists.clusterlabs.org/mailman/listinfo/users > > ClusterLabs home: https://www.clusterlabs.org/ _______________________________________________ Manage your subscription: https://lists.clusterlabs.org/mailman/listinfo/users ClusterLabs home: https://www.clusterlabs.org/
