Aug 19 2023
To simultaneously update Server IP for all phones in ViCiDial, please log in to your MySQL (or PhpMyAdmin, if available) and run the following SQL statements:
|
1 |
update phones set server_ip ='1.1.1.1'; |
where instead of “1.1.1.1” specify your Vicidial Server IP.
Check also How to update passwords in bulk in ViciDial
Aug 09 2023
I tried to configure Laravel mail client with secure connection via TLS to my email server but in email client I got:
Unable to connect with STARTTLS: stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed.
At the same time on my email server in /var/log/maillog I observed the following:
Aug 8 10:05:46 mail postfix/submission/smtpd[30830]: connect from unknown[111.211.48.11]
Aug 8 10:05:46 mail postfix/submission/smtpd[30830]: SSL_accept error from unknown[111.211.48.11]: 0
Aug 8 10:05:46 mail postfix/submission/smtpd[30830]: warning: TLS library problem: 30830:error:14094415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired:s3_pkt.c:1493:SSL alert number 45:
Aug 8 10:05:46 mail postfix/submission/smtpd[30830]: lost connection after STARTTLS from unknown[111.211.48.11]
Aug 8 10:05:46 mail postfix/submission/smtpd[30830]: disconnect from unknown[111.211.48.11]
But Letsencrypt certificate was up to date. Continue reading
Jun 16 2023
You can use your favourite text editor to create a combined full-chain pem certificate. The most important here is the order.
The correct order in a .crt file will be the following: Continue reading
Jun 16 2023
Full-chain pfx certificate can be created by the one of the following methods
Continue reading
Jun 16 2023
The error Unable to verify the first certificate occurs in Postman cloud agent because it does not have Trusted Root certificates storage with intermediate and root CA certificates thus cannot verify client → intermediate → root CA chain. Azure Application Gateway does not have Trusted Root certificates storage as well so the error occurs under these conditions. Continue reading
May 19 2023
I use HAProxy to do SSL offloading for a WordPress site. Frontend is on 80 and 443 with redirect HAProxy redirect HTTP to HTTPS using
redirect scheme https code 301 if !{ ssl_fc }
Redirection is working well when the page is accessed on port 80.
However the pages loads incomplete and looking in the console of Firefox/Chrome it can be seen that “mixed mode content” is blocked by the browser. Some stylesheets, scripts an images are still accessed over http instead of https.
301 is permanent redirection, so why is this happening? The browser should not even try http because it should be aware of the permanent redirection. And besides that, even when http is used accidentally, it should still be redirect to https instead. Continue reading
May 05 2023
The setup I need to build with HAProxy is the high availability solution consisting of http (http to https redirection must be configured in HAProxy) and https frontends with two backends. Backend servers have HTTPS enabled so HAProxy must establish HTTPS connection to backend servers. We have four backend servers and we want first two servers serve one specific app (/app path) and the other two – all other requests so we need path-based routing in HAProxy. In addition, there are multiple domains that must be served by backend servers (and HAProxy).
As we need path-based routing, HAProxy must operate in http mode (on the 7th level) allowing it to examine contents of HTTP headers and extract Host and Path headers. Later, the incoming request must be sent to a proper backend based on the Path header and connection to backend server must be established via HTTPS. As multiple domains must be served by HAProxy and backends we need to install multiple certificates in HAProxy and enable Server Name Indication (SNI) with backend servers.
Here is how configure HAProxy in that way step by step. Continue reading
Apr 26 2023
In case you try to import your website configuration on another IIS and get this error message while you don’t have “mysite” deployed on the new IIS it means that there is a website with the same ID already exists on the new IIS. The solution to Failed to add duplicate collection element error in this case is also simple: Continue reading
Apr 26 2023
When using multiple IIS server in a Load Balanced Environment it will be alot of work to create all your website twice with the same settings on each webserver. Therefor it is possible to export and import your configuration from one IIS webserver to the other.
When you create a website in IIS a unique application pool will also be created and used by this website, that’s why you need to import these application pools first on the second webserver before importing the website(s). Continue reading
Apr 19 2023
Sometimes it’s important to set proper timezone on the server and recently I’ve got this task: set proper timezone automatically based on the server’s location in Azure Cloud. Moreover, I needed timezone to be set automatically by Terraform upon virtual machine creation. In my case I had Ubuntu VMs in Azure and here is the simple and elegant solution I came with: Continue reading
