2024-11-20

haproxy-3.0.6 failed to chroot, explained by Gemini Code Assist

 

haproxy-2.6.6 was able to run with user root

but haproxy-3.0.6 hit error:

haproxy[384105]: [ALERT] (384105) : [/usr/local/sbin/haproxy.main()] Cannot chroot(/opt/haproxy/chroot).

The fact that HAProxy 2.6.6 ran as root while HAProxy 3.0.6 fails with a chroot error when run as root indicates a key difference: HAProxy 2.6.6 was not actually using chroot, even if the directive was present in the configuration file. Running as root bypasses the chroot setup because root has access to the entire filesystem. The chroot directive was effectively being ignored.

With HAProxy 3.0.6, the chroot is being correctly enforced. Since the chroot environment (/opt/haproxy/chroot) is likely missing the necessary files for HAProxy to run (its binary, libraries, configuration, etc.), it fails to start.

Here's what to do:

  1. Confirm chroot necessity: Do you actually need chroot? If not, remove the chroot /opt/haproxy/chroot line from your /etc/haproxy/haproxy.cfg. This is often the simplest and best solution.

  2. If chroot is required:

    • Populate the chroot environment: Copy the necessary files into /opt/haproxy/chroot. This includes the HAProxy binary, required libraries (use ldd /usr/local/sbin/haproxy to find them), your haproxy.cfg file, and any other files HAProxy needs (e.g., certificates). Remember, the paths inside the chroot must match the paths HAProxy expects. So, if a library is normally in /lib64/, it needs to be in /opt/haproxy/chroot/lib64/.
    • Permissions: Even as root, ensure the files within /opt/haproxy/chroot have the correct permissions for the user HAProxy runs as within the chroot.
  3. Alternatives: Consider alternatives to chroot, such as Docker or systemd's isolation features, which are easier to manage and often provide better security.

The key takeaway: your HAProxy 2.6.6 was likely not using chroot at all, even if the directive was present in the configuration. The root user bypassed the chroot restriction. Now, with 3.0.6, the chroot is being enforced, hence the error. Either populate the chroot or, better yet, remove the chroot directive if it's not essential.













2024-10-29

Spring Boot 2 to 3

 

JPA

"Auditable"

with @MappedSuperclass

Fixed by 

replace package:
javax.persistence

by package:
jakarta.persistence







2024-10-18

Maven build script JDK version error

 
Issue:

[ERROR] Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:3.13.0:compile (default-compile) on project tn-hp-inc-gts-e4h-ws-keycloak-sample: Compilation failure
[ERROR] /C:/[Project]/SpringBootApplication.java:[4,32] cannot access org.springframework.boot.SpringApplication
[ERROR]   bad class file: [.m2]\repository\org\springframework\boot\spring-boot\3.3.1\spring-boot-3.3.1.jar(org/springframework/boot/SpringApplication.class)
[ERROR]     class file has wrong version 61.0, should be 52.0
[ERROR]     Please remove or make sure it appears in the correct subdirectory of the classpath.





Resolved by configured to Execution Environment.
Instead of Alternate JRE from reference URL, as if project been shared by a team via Git/SVN, which develop at different environments.








Reference URL:



If running from Eclipse (e.g. Maven commands), you need to be using the right JDK version for Run As -> Maven. Ensure that your JRE version is selected appropriately under the JRE tab:









Maven structure - year '22

 Maven structure


https://stackoverflow.com/questions/73652655/microservices-and-maven-structure








2024-10-15

Eclipse Version: 2024-09 (4.33.0) - Downloading external resources is disabled

 


Downloading external resources is disabled. pom.xml /your-project line 3 Language Servers

Solved by below:

https://stackoverflow.com/a/77973991











2024-10-09

Backup WiFi

 




Reference URL : https://winaero.com/backup-and-restore-wireless-network-profiles-in-windows-10/

Backup

mkdir C:\Billson\WiFi
netsh wlan export profile key=clear folder=C:\Billson\WiFi

Restore

Please refer to the URL above








Processes/Files that locking USB external HDD to be ejected and safely removed from laptop.

 




Image PID Type Handle Name
svchost.exe (LocalSystemNetworkRestricted -p) 18036 File D:\System Volume Information\tracking.log
svchost.exe (LocalSystemNetworkRestricted -p) 18036 File D:\$Extend\$ObjId:$O:$INDEX_ALLOCATION

20241009T125929+0800






2024-10-04

Eclipse Java Maven Project doesn't download Maven Dependencies

 

Run As > Maven Install

To trigger Eclipse download Maven Project Dependencies.















2024-07-25

Java - Error: Unable to access jarfile

 


Error: Unable to access jarfile


changed
from java -jar abc.jar com.test.Main
to java -cp abc.jar com.test.Main













2024-07-24

Spring Boot build install failed with error: Unable to find a single main class from the following candidates.

 




Caused by: java.lang.IllegalStateException: Unable to find a single main class from the following candidates



For my case, resolved by Maven clean goal.

Should be causing by multiple @SpringBootApplication in target folder.



Run As > Maven clean




2024-07-22

Java SimpleDateTime pattern

 







yyyy-MM-dd'T'HH:mm:ss.SSSXXX
2024-07-22T13:26:31.934+08:00




2024-07-03

Logrotate failed because parent directory has insecure permissions (It's world writable or writable by group which is not "root")

 

Error:

error: skipping "output.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.



Googled: Set "su" directive in config file to tell logrotate which user/group should be used for rotation.


Reference URL: https://www.suse.com/support/kb/doc/?id=000017263

su user group

in logrotate config file




/var/log/tomcat5/base/*.txt {
    su tomcat tomcat
    notifempty
    copytruncate
    weekly
    rotate 52
    compress
    missingok
}

/var/log/tomcat5/base/catalina.out {
    su tomcat tomcat
    notifempty
    copytruncate
    weekly
    rotate 52
    compress
    missingok
}


2024-07-02

jaxb2-maven-plugin 2.5.0 package javax.xml.bind.annotation does not exist

 





Not working

<!--

[ERROR]

.../generated/AcademicTitleCode.java:[11,33]

package javax.xml.bind.annotation does not exist

-->

<dependency>

<groupId>jakarta.xml.bind</groupId>

<artifactId>jakarta.xml.bind-api</artifactId>

<!--

<version>4.0.0</version>

-->

</dependency>

<dependency>

<groupId>com.sun.xml.bind</groupId>

<artifactId>jaxb-impl</artifactId>

<!--

<version>4.0.0</version>

<scope>runtime</scope>

-->

</dependency>

<!--

<dependency>

<groupId>org.glassfish.jaxb</groupId>

<artifactId>jaxb-runtime</artifactId>

<version>4.0.0</version>

</dependency>

-->


Resolved by:

<!--

https://github.com/FasterXML/jackson-modules-base/discussions/239

-->

<!-- https://mvnrepository.com/artifact/javax.xml.bind/jaxb-api -->

<dependency>

<groupId>javax.xml.bind</groupId>

<artifactId>jaxb-api</artifactId>

<version>2.3.1</version>

</dependency>







2024-06-21

Java Adoptium - JDK & JRE

 

https://github.com/microsoft/winget-pkgs/issues/67708

EclipseAdoptium.Temurin - Split into .jdk and .jre #67708
Closed
russellbanks opened this issue on Jul 27, 2022 · 10 comments


The EclipseAdoptium.Temurin packages are currently split as two separate packages: EclipseAdoptium.Temurin and EclipseAdoptium.TemurinJRE. I feel like it would be beneficial if, for clarity, the packages matched more like the ojdkbuild packages on here. (Shown below)









2024-06-14

Multi-Domain (SAN/UCC) SSL certificates





Reference URL:
 
What is a Multi-Domain Wildcard SSL Certificate?
A multi-domain wildcard SSL certificate is the perfect solution for situations where you need to secure multi-level subdomains. It allows encrypting multiple levels of subdomains with one certificate. Like the wildcard certificate, it can work whether the sites are on the same or separate servers.

----------



With a wildcard SSL certificate, the solution is a bit simpler. You can purchase 7 wildcard SSL certificates, to protect:

*.domain.com
*. blog.domain.com
*.preview.domain.com
*.project1.preview.domain.com
*.project2.preview.domain.com
*.project3.preview.domain.com
*.project4.preview.domain.com

That’s still a lot of certificates to purchase and manage. A multi-domain wildcard SSL certificate allows you to purchase a single SSL certificate, and add the above 7 sites as SANs (subject alternative names) to the SSL certificate. This allows you to save a lot of money and hassle by purchasing and installing a single SSL certificate.

Bottom line: If you have multiple levels of subdomains, a multi-domain wildcard SSL certificate is your best option!

----------

Choose Multi-Domain Wildcard SSL Certificate If You Want to...
Secure your website using impenetrable 256-bit symmetric encryption strength
Secure up to 250 fully qualified domain names
Secure unlimited sub-domains
Have unlimited server licenses
Save money, time and efforts
Streamline your SSL management
Authenticate your site using domain or organization validation

----------

SAN (Subject Alternative Names) is the previous keyword i found:

to hv
*.youtube.com
supported in
*.google.com ssl

----------

this round i found:

Multi-Domain (SAN/UCC) SSL certificates

is the one with SAN supported
They’re also called Unified Communications SSL certificates


----------

2024-05-23

Systemctl add new service.

 

Create the background service file


[Unit] Description=my-service nginx example # You may want to start after your network is ready After=network-online.target Wants=network-online.target [Service] ExecStart=/usr/bin/env docker run --name nginx --rm -p 8080:80 docker.io/nginx:alpine Restart=Always PIDFile=/tmp/my_service_pid [Install] WantedBy=network-online.target



How to create a systemd service


# Create the service file vim /etc/systemd/system/my-service.service # (if you change an existent file, you must reload the daemon config) # Reload daemon config systemctl daemon-reload # Enable systemctl enable my-service.service # Start systemctl start my-service.service # (if you need to restart) # Restart systemctl restart my-service.service









multi-user.target.wants



/etc/systemd/system/multi-user.target.wants/

You can see some link files of unit services and some directories of the “wants” of a target. For example, what the multi-user target wants to be loaded when the boot procedure reaches its level, is listed in the directory with name /etc/systemd/system/multi-user.target.wants/.




As you can see it doesn’t contain only services but also other targets which are also collections of services.

Let’s make a service unit with the name connection.service.

# vim connection.service

and type the following (hit “i” for insert mode), save it, and exit (with “esc” and “:wq!” ) :

[Unit]
Description = making network connection up
After = network.target

[Service]
ExecStart = /root/scripts/conup.sh

[Install]
WantedBy = multi-user.target





2024-05-14

iText write to outputstream




You should change the declaration of out to be of type ByteArrayOutputStream rather than just OutputStream. Then you can call ByteArrayOutputStream.toByteArray() to get the bytes, and construct a ByteArrayInputStream wrapping that.

As an aside, I wouldn't catch Exception like that, and I'd use a try-with-resources statement to close the document, assuming it implements AutoCloseable. It's also a good idea to follow Java naming conventions. So for example, you might have:

public InputStream createPdf() throws IOException {
    ByteArrayOutputStream out = new ByteArrayOutputStream();            
    try (Document doc = new Document(PageSize.A4, 50, 50, 50, 50)) {
        PdfWriter writer = PdfWriter.getInstance(doc, out);
        doc.open();
        PdfPTable table = new PdfPTable(1);
        PdfPCell cell = new PdfPCell(new Phrase("First PDF"));
        cell.setBorder(Rectangle.NO_BORDER);
        cell.setRunDirection(PdfWriter.RUN_DIRECTION_LTR);
        table.addCell(cell);
        doc.add(table);
    }
    return new ByteArrayInputStream(out.toByteArray());
}






-----------------------------


/**
 * 
 */
package test.com.report.daily;

import static org.junit.jupiter.api.Assertions.*;

import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
import java.util.Calendar;

import org.apache.commons.lang3.StringUtils;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import com.itextpdf.kernel.geom.PageSize;
import com.itextpdf.kernel.pdf.PdfDocument;
import com.itextpdf.kernel.pdf.PdfReader;
import com.itextpdf.kernel.pdf.PdfWriter;
import com.itextpdf.kernel.pdf.canvas.parser.PdfTextExtractor;
import com.itextpdf.layout.Document;
import com.itextpdf.layout.element.Paragraph;
import com.itextpdf.layout.element.Text;



/**
 * @author Billson C
 *
 */
class TestByteArrayOf_iTextPdfToFile
{
private static final Logger _LOG = LoggerFactory.getLogger(TestByteArrayOf_iTextPdfToFile.class);

String pathRoot = "C:\\samples\\";

@BeforeAll
static void setUpBeforeClass() throws Exception {
}

@AfterEach
void tearDown() throws Exception {
}

String pathSeperator = "/";
DateFormat _DTF = new SimpleDateFormat("HHmm");

@Test
void test() throws IOException {

String currentPathFolder = null;
String currentPathFile = null;
String currentTimingGenerated = _DTF.format(Calendar.getInstance().getTime());

currentPathFolder = StringUtils.join(pathRoot, pathSeperator, currentTimingGenerated, pathSeperator
// , currentPortLocationCode
);

Files.createDirectories(Paths.get(currentPathFolder));

String dash = "-";

String filename = StringUtils.join("bytearray-of-itext-pdf-to-file", ".", "pdf");

String content = StringUtils.join("The filename of this file is: ", filename);

currentPathFile = StringUtils.join(currentPathFolder, pathSeperator, filename);

File fPdf = new File(currentPathFile);

try (FileOutputStream fosPdf = new FileOutputStream(fPdf);) {

byte[] aryByte = _getAryByteOfPdf(content);

fosPdf.write(aryByte);

// outputStream.writeTo(fosPdf);

} catch (Exception e) {
_LOG.error("Error while test|{}", e.getMessage(), e);
}

assertTrue(fPdf.exists());
// TO DO: suppose to check file content equal to filename

String contentFromPdf = PdfTextExtractor.getTextFromPage(new PdfDocument(new PdfReader(fPdf)).getFirstPage());

_LOG.debug("contentFromPdf|{}", contentFromPdf);

assertEquals(content, contentFromPdf);

}

/**
* @param content
*/
protected byte[] _getAryByteOfPdf(String content) {
try (ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
PdfWriter pdfWriter = new PdfWriter(outputStream);
// PdfWriter pdfWriter = new PdfWriter(currentPathFile);
Document document = new Document(new PdfDocument(pdfWriter
// new PdfWriter("./hello-pdf.pdf")
), PageSize.A4.rotate())) {

document.add(new Paragraph(new Text(content)));
document.close();

return outputStream.toByteArray();
} catch (Exception e) {
e.printStackTrace();
return null;
}
}

}