SSL configuration

[amb...@key.me]

Hello,

After following the below steps I can login to rundeck GUI with https.

http://rundeck.org/2.6.1/administration/configuring-ssl.html

However, my command line tools don't work.  Here is what I see. I am also doing port forwarding from 4443 to 443 using iptables. I have this line in rundeck.config.properties file with - grails.serverURL=https://ec2-XXXXXX.compute-1.amazonaws.com:443 and framework.properties file with port 4443. The command line tools worked fine before I switched to SSL and port forwarding 80 to 4440.

rd-project -a create -p Production -v

com.dtolabs.rundeck.core.cli.project.ProjectToolException: com.dtolabs.rundeck.core.CoreException: Error making server request to https://ec2-xxxxxxxx.com:4443: Error occurred while trying to authenticate to server: Connection refused

at com.dtolabs.rundeck.core.cli.project.ProjectTool.executeAction(ProjectTool.java:171)

at com.dtolabs.rundeck.core.cli.project.ProjectTool.run(ProjectTool.java:117)

at com.dtolabs.rundeck.core.cli.project.ProjectTool.main(ProjectTool.java:104)

Caused by: com.dtolabs.rundeck.core.CoreException: Error making server request to https://ec2-xxxxxxx.com:4443: Error occurred while trying to authenticate to server: Connection refused

at com.dtolabs.client.services.ServerService.makeRundeckRequest(ServerService.java:205)

at com.dtolabs.client.services.ServerService.makeRundeckRequest(ServerService.java:144)

at com.dtolabs.client.services.RundeckAPICentralDispatcher.createProject(RundeckAPICentralDispatcher.java:1839)

at com.dtolabs.rundeck.core.cli.project.CreateAction.exec(CreateAction.java:142)

at com.dtolabs.rundeck.core.cli.project.ProjectTool.executeAction(ProjectTool.java:169)

... 2 more

Caused by: com.dtolabs.client.utils.HttpClientException: Error occurred while trying to authenticate to server: Connection refused

at com.dtolabs.client.utils.BaseFormAuthenticator.authenticate(BaseFormAuthenticator.java:299)

at com.dtolabs.client.utils.BaseHttpClientChannel.doAuthentication(BaseHttpClientChannel.java:128)

at com.dtolabs.client.utils.HttpClientChannel.makeRequest(HttpClientChannel.java:325)

at com.dtolabs.client.services.ServerService.makeRundeckRequest(ServerService.java:201)

... 6 more

Caused by: java.net.ConnectException: Connection refused

at java.net.PlainSocketImpl.socketConnect(Native Method)

at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339)

at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200)

at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)

at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)

at java.net.Socket.connect(Socket.java:579)

at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:637)

at sun.security.ssl.SSLSocketImpl.<init>(SSLSocketImpl.java:469)

at sun.security.ssl.SSLSocketFactoryImpl.createSocket(SSLSocketFactoryImpl.java:140)

at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(SSLProtocolSocketFactory.java:81)

at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(SSLProtocolSocketFactory.java:126)

at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:706)

at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:386)

at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:170)

at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396)

at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:324)

at com.dtolabs.client.utils.BaseFormAuthenticator.authenticate(BaseFormAuthenticator.java:287)

... 9 more

Thanks!!

[dagu...@simplifyops.com]

Hi, 

Can you try not doing port forwarding and keeping the port as 4443

Best!

[amb...@key.me]

It used to work before I did the port forwarding I think. 

port forwarding is a requirement, is it possible to run cli tools with port forwarding on? Is there anything in config files I need to change?

[dagu...@simplifyops.com]

Hi,

Usually the grails.serverURL (in rundeck-config.properties) needs to be the same value as framework.server.url (in framework.properties). The CLI tools use username/password authentication and there can be a URL redirect that occurs.

Best

[amb...@key.me]

Setting the same value for grails.serverURL and framework.server.url, the cli tools work but I can't login to the GUI now. 

Here are my settings. 

with below values GUI login does not work (I can hit the login page but with admin username and password it ends up with 'Page not available') but CLI tools work

rundeck-config.properties:grails.serverURL= https://ec2-XXXXX:4443

framework.properties:framework.server.hostname = ec2-XXXX

framework.properties:framework.server.url = https://ec2-XXXX:4443

GUI works but CLI does not

rundeck-config.properties:grails.serverURL= https://ec2-XXXXX:443

framework.properties:framework.server.hostname = ec2-XXXX

framework.properties:framework.server.url = https://ec2-XXXX:4443

Please advise. Thanks!!

On Monday, December 14, 2015 at 1:10:43 PM UTC-5, amb...@key.me wrote:

[amb...@key.me]

This is resolved!! I had to open up port 4443 along with port 443 in the ec2 security group.

On Monday, December 14, 2015 at 1:10:43 PM UTC-5, amb...@key.me wrote: