SSL /w st2auth fails completely
123 views
Skip to first unread message
Ilsa Loving
Jun 21, 2017, 6:49:26 PM6/21/17
to StackStorm
Hi all,
I've just performed a fresh install of StackStorm v2.3 onto a Centos 7.2 machine, and I am having an absurd amount of difficulty getting authentication going. I think it maybe multiple separate problems but I don't know enough about the system to even know where to look.
As far as I can tell, I've installed everything successfully, with everything using default settings. First I used the self-signed cert as part of the docs, then when I was happy the thing even launched, I switched to our own certs. It starts up, the GUI starts up, so far so good.
So I try to adjust the flatfile backend to use SSL instead of unencrypted (in prep for LDAP later), and authentication just fails completely. When I try to log in, at first nothing happens at all. Then if I click connect again on the web page, it tells me that nginx is unable to connect to st2auth. No errors in any of the ST2 log files, but nginx has a 'connection reset by peer' error in it's logs.
I have also tried "curl -X POST -k https://myhost.example.com/auth/v1/tokens" as per the authentication documentation, and after about a minute or so I get
"<html>
<head><title>504 Gateway Time-out</title></head>
<body bgcolor="white">
<center><h1>504 Gateway Time-out</h1></center>
<hr><center>nginx/1.10.2</center>
</body>
</html>"
I have disabled selinux and the firewall just to make sure they weren't interfering... still no good. st2auth /w SSL is flat out broken without even the slightest hint as to what could be wrong.
Prior to the above, I was trying to get the community LDAP plugin working, but no matter what I do it acts as if it's not even trying to connect to connect to the LDAP server. I'm wondering if the issues are related, so I wanted to try to solve this first before I wasted any more time on the ldap module.
One thing I did that is slightly different from the installation guide, was I used the nginx that was part of the EPEL repository rather than pull the latest and greatest from the nginx repo, as the documentation says >=1.7.5 is required, and EPEL has 1.10.2.
Any help would be appreciated.
I've just performed a fresh install of StackStorm v2.3 onto a Centos 7.2 machine, and I am having an absurd amount of difficulty getting authentication going. I think it maybe multiple separate problems but I don't know enough about the system to even know where to look.
As far as I can tell, I've installed everything successfully, with everything using default settings. First I used the self-signed cert as part of the docs, then when I was happy the thing even launched, I switched to our own certs. It starts up, the GUI starts up, so far so good.
So I try to adjust the flatfile backend to use SSL instead of unencrypted (in prep for LDAP later), and authentication just fails completely. When I try to log in, at first nothing happens at all. Then if I click connect again on the web page, it tells me that nginx is unable to connect to st2auth. No errors in any of the ST2 log files, but nginx has a 'connection reset by peer' error in it's logs.
I have also tried "curl -X POST -k https://myhost.example.com/auth/v1/tokens" as per the authentication documentation, and after about a minute or so I get
"<html>
<head><title>504 Gateway Time-out</title></head>
<body bgcolor="white">
<center><h1>504 Gateway Time-out</h1></center>
<hr><center>nginx/1.10.2</center>
</body>
</html>"
I have disabled selinux and the firewall just to make sure they weren't interfering... still no good. st2auth /w SSL is flat out broken without even the slightest hint as to what could be wrong.
Prior to the above, I was trying to get the community LDAP plugin working, but no matter what I do it acts as if it's not even trying to connect to connect to the LDAP server. I'm wondering if the issues are related, so I wanted to try to solve this first before I wasted any more time on the ldap module.
One thing I did that is slightly different from the installation guide, was I used the nginx that was part of the EPEL repository rather than pull the latest and greatest from the nginx repo, as the documentation says >=1.7.5 is required, and EPEL has 1.10.2.
Any help would be appreciated.
Stephen Eaton
Oct 27, 2017, 5:16:54 AM10/27/17
to StackStorm
did you have any joy with this or the community LDAP? I'm just starting this myself
Reply all
Reply to author
Forward
0 new messages