By using AWS re:Post, you agree to the Terms of Use
Unanswered Questions
Sort by most recent

Browse through the questions and answers listed below or filter and sort to narrow down your results.

Django Daphne Websocket Access Denied

We need to establish a "Web socket connection" to our AWS servers using Django, Django channels, Redis, and Daphne Nginx Config. Currently local and on-premises config is configured properly and needs help in configuring the same communication with the staging server. We tried adding the above config to our servers but got an error of access denied with response code 403 from the server for web socket request. below is the **Nginx config** for staging ``` server { listen 80; server_name domain_name.com domain_name_2.com; root /var/www/services/project_name_frontend/; index index.html; location ~ ^/api/ { rewrite ^/api/(.*) /$1 break; proxy_pass http://unix:/var/www/services/enerlly_backend/backend/backend.sock; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_read_timeout 30; proxy_connect_timeout 30; proxy_send_timeout 30; send_timeout 30; proxy_redirect ~^/(.*) $scheme://$host/api/$1; } location /ws { try_files $uri @proxy_to_ws; } location @proxy_to_ws { proxy_pass http://127.0.0.1:8001; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_redirect off; } location ~ ^/admin/ { proxy_pass http://unix:/var/www/services/project_name_backend/backend/backend.sock; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_read_timeout 30; proxy_connect_timeout 30; proxy_send_timeout 30; send_timeout 30; proxy_redirect off; } location /staticfiles/ { alias /var/www/services/project_name_backend/backend/staticfiles/; } location /mediafiles/ { alias /var/www/services/project_name_backend/backend/mediafiles/; } location / { try_files $uri /index.html; } } ``` and **Systemctl service** to execute Django Daphne service ``` [Unit] Description=Backend Project Django WebSocket daemon After=network.target [Service] User=root Group=www-data WorkingDirectory=/var/www/services/project_name_backend ExecStart=/home/ubuntu/project_python_venv/bin/python /home/ubuntu/project_python_venv/bin/daphne -b 0.0.0.0 -p 8001 project_name_backend.prod_asgi:application [Install] WantedBy=multi-user.target ``` **Below is the Load Balancer security group config inbound rules** ![Enter image description here](/media/postImages/original/IMN2LT2BlTSmK0PHEAu5dwHQ) **Listner Config for Load Balancer** ![Enter image description here](/media/postImages/original/IMxBGKpaJOSrSsOQyn5FEt-Q) ![Enter image description here](/media/postImages/original/IMktSIYK0ZSOy8GzYyR-DI_w)
0
answers
0
votes
2
views
asked a minute ago

Inplace upgrade from Aurora MySQL 5.7 to 8.0 fails during downtime phase

Hello folks. I made a clone of our Aurora mysql 5.7 production DB to test the in place upgrade to 8.0. The first attempt failed with some easy to fix precheck errors. After fixing those, the actual upgrade could proceed. However the whole procedure ends with ``` Database cluster is in a state that cannot be upgraded: Engine bootstrap failed with no mysqld process running ``` Looking in the `mysql-error-running.log` file I could find this: ``` 2022-09-27T09:55:08.981013Z 2 [ERROR] [MY-012064] [InnoDB] Column datatype mismatch for col: collection_end (dict0upgrade.cc:249) 2022-09-27T09:55:08.981174Z 2 [ERROR] [MY-012066] [InnoDB] Column precision type mismatch(i.e NULLs, SIGNED/UNSIGNED etc) for col: collection_end (dict0upgrade.cc:303) 2022-09-27T09:55:08.981288Z 2 [ERROR] [MY-012070] [InnoDB] Column collection_end for table: `mysql`.`rds_global_status_history_old` mismatches with InnoDB Dictionary (dict0upgrade.cc:403) 2022-09-27T09:55:08.981412Z 2 [ERROR] [MY-010767] [Server] Error in fixing SE data for mysql.rds_global_status_history_old (table.cc:1820) 2022-09-27T09:55:08.987904Z 2 [ERROR] [MY-012064] [InnoDB] Column datatype mismatch for col: collection_end (dict0upgrade.cc:249) 2022-09-27T09:55:08.988062Z 2 [ERROR] [MY-012066] [InnoDB] Column precision type mismatch(i.e NULLs, SIGNED/UNSIGNED etc) for col: collection_end (dict0upgrade.cc:303) 2022-09-27T09:55:08.988183Z 2 [ERROR] [MY-012070] [InnoDB] Column collection_end for table: `mysql`.`rds_global_status_history` mismatches with InnoDB Dictionary (dict0upgrade.cc:403) 2022-09-27T09:55:08.988315Z 2 [ERROR] [MY-010767] [Server] Error in fixing SE data for mysql.rds_global_status_history (table.cc:1820) 2022-09-27T09:55:09.006829Z 2 [ERROR] [MY-012064] [InnoDB] Column datatype mismatch for col: Timestamp (dict0upgrade.cc:249) 2022-09-27T09:55:09.007004Z 2 [ERROR] [MY-012066] [InnoDB] Column precision type mismatch(i.e NULLs, SIGNED/UNSIGNED etc) for col: Timestamp (dict0upgrade.cc:303) 2022-09-27T09:55:09.007137Z 2 [ERROR] [MY-012070] [InnoDB] Column Timestamp for table: `mysql`.`proxies_priv` mismatches with InnoDB Dictionary (dict0upgrade.cc:403) 2022-09-27T09:55:09.007277Z 2 [ERROR] [MY-010767] [Server] Error in fixing SE data for mysql.proxies_priv (table.cc:1820) 2022-09-27T09:55:12.756364Z 2 [Warning] [MY-010778] [Server] Parsing 'mysql.rds_collect_global_status_history' routine body failed. Creating routine without parsing routine body (routine.cc:425) 2022-09-27T09:55:12.765899Z 2 [Warning] [MY-010778] [Server] Parsing 'mysql.rds_set_gsh_collector' routine body failed. Creating routine without parsing routine body (routine.cc:425) 2022-09-27T09:55:12.766429Z 2 [Warning] [MY-010778] [Server] Parsing 'mysql.rds_set_gsh_rotation' routine body failed. Creating routine without parsing routine body (routine.cc:425) 2022-09-27T09:55:13.177268Z 0 [ERROR] [MY-010022] [Server] Failed to Populate DD tables. (mysqld.cc:7130) 2022-09-27T09:55:13.177566Z 0 [ERROR] [MY-010119] [Server] Aborting (mysqld.cc:3031) ``` None of the mentioned error causing tables / columns are under our control. How can this be fixed? Thanks!
0
answers
0
votes
1
views
asked 2 minutes ago

DMARC policy violation using Amazon SES

Hello, I've setup everything as in getting started articles for Amazon SES, but I still getting errors like these - The messages violates the DMARC policy of addhub.com. I'm using ...@addhub.com as FROM and mail-1.addhub.com as MAIL FROM. Both addhub.com and mail-1.addhub.com have SPF records including - amazonses.com. My DMARC record for addhub.com is - v=DMARC1; p=quarantine; rua=mailto:...@addhub.com. If you check one of the reports I provided below, it writes that second record failed, that IP doesn't belong to Amazon. Could you explain why is that and how to solve it? ``` <?xml version="1.0" encoding="UTF-8" ?> <feedback> <report_metadata> <org_name>google.com</org_name> <email>noreply-dmarc-support@google.com</email> <extra_contact_info>https://support.google.com/a/answer/2466580</extra_contact_info> <report_id>...</report_id> <date_range> <begin>...</begin> <end>...</end> </date_range> </report_metadata> <policy_published> <domain>addhub.com</domain> <adkim>r</adkim> <aspf>r</aspf> <p>quarantine</p> <sp>quarantine</sp> <pct>100</pct> </policy_published> <record> <row> <source_ip>93.188.3.35</source_ip> <count>2</count> <policy_evaluated> <disposition>none</disposition> <dkim>pass</dkim> <spf>fail</spf> </policy_evaluated> </row> <identifiers> <header_from>addhub.com</header_from> </identifiers> <auth_results> <dkim> <domain>addhub.com</domain> <result>pass</result> <selector>...</selector> </dkim> <dkim> <domain>amazonses.com</domain> <result>pass</result> <selector>...</selector> </dkim> <spf> <domain>mail-1.addhub.com</domain> <result>softfail</result> </spf> </auth_results> </record> <record> <row> <source_ip>23.251.240.4</source_ip> <count>1</count> <policy_evaluated> <disposition>none</disposition> <dkim>pass</dkim> <spf>pass</spf> </policy_evaluated> </row> <identifiers> <header_from>addhub.com</header_from> </identifiers> <auth_results> <dkim> <domain>addhub.com</domain> <result>pass</result> <selector>...</selector> </dkim> <dkim> <domain>amazonses.com</domain> <result>pass</result> <selector>...</selector> </dkim> <spf> <domain>mail-1.addhub.com</domain> <result>pass</result> </spf> </auth_results> </record> </feedback> ```
0
answers
0
votes
3
views
asked 23 minutes ago

Not using "noexec" with "/run" mount, on EC2 Ubuntu 22.04.1 LTS

I believe this *might* be a security issue, as [this happened in 2014](https://www.tenable.com/plugins/nessus/73180), but would rather not pay $29 for "Premium Support". It looks like the `initramfs` is not always mounting the `/run` partition as `noexec`. A stock `Ubuntu 22.04` install shows the `noexec` mount option is present ([source](https://askubuntu.com/a/1432445/924107)), so I suspect one of the AWS modifications has affected this? I can check four EC2 servers that are running `Ubuntu 22.04.1 LTS`, three of them upgraded from `Ubuntu 20.04.5`, the other started new a few weeks ago... oddly, two of the upgraded servers have kept the `noexec`. ``` # New server # Launched: Sep 02 2022 # AMI name: ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20220609 mount | grep '/run ' tmpfs on /run type tmpfs (rw,nosuid,nodev,size=803020k,nr_inodes=819200,mode=755,inode64) uname -a Linux HostB 5.15.0-1020-aws #24-Ubuntu SMP Thu Sep 1 16:04:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux ``` ``` # Upgraded server # Launched: Apr 25 2022 # AMI name: ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20211129 mount | grep '/run ' tmpfs on /run type tmpfs (rw,nosuid,nodev,size=94812k,nr_inodes=819200,mode=755,inode64) uname -a Linux HostA 5.15.0-1020-aws #24-Ubuntu SMP Thu Sep 1 16:04:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux ``` ``` # Upgraded server # Launched: Nov 16 2021 # AMI name: ubuntu/images/hvm-ssd/ubuntu-xenial-16.04-amd64-server-20180522 mount | grep '/run ' tmpfs on /run type tmpfs (rw,nosuid,nodev,noexec,relatime,size=47408k,mode=755,inode64) uname -a Linux HostC 5.15.0-1020-aws #24-Ubuntu SMP Thu Sep 1 16:04:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux ``` ``` # Upgraded server # Launched: Feb 10 2017 # AMI name: ubuntu/images/hvm-ssd/ubuntu-xenial-16.04-amd64-server-20170113 mount | grep '/run ' tmpfs on /run type tmpfs (rw,nosuid,nodev,noexec,relatime,size=202012k,mode=755,inode64) uname -a Linux HostD 5.15.0-48-generic #54-Ubuntu SMP Fri Aug 26 13:26:29 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux ```
0
answers
0
votes
6
views
asked an hour ago

Unable to execute HTTP request: Connect to sts.us-east-1.amazonaws.com:443 [sts.us-east-1.amazonaws.com/209.54.177.185] failed: Connect timed out

Sometimes I am getting the below error from sts while API call. I am not able to find the root cause of this error. ``` Unable to execute HTTP request: Connect to sts.us-east-1.amazonaws.com:443 [sts.us-east-1.amazonaws.com/209.54.177.185] failed: Connect timed out ``` Stack Trace JSON ``` { "message": "Unable to execute HTTP request: Connect to sts.us-east-1.amazonaws.com:443 [sts.us-east-1.amazonaws.com/209.54.177.185] failed: Connect timed out", "source": "JavaSDK", "stackTrace": "software.amazon.awssdk.core.exception.SdkClientException$BuilderImpl.build(SdkClientException.java:102)", "cause": { "message": "Connect to sts.us-east-1.amazonaws.com:443 [sts.us-east-1.amazonaws.com/209.54.177.185] failed: Connect timed out", "source": "JavaSDK", "stackTrace": "org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:151)", "cause": { "message": "Connect timed out", "source": "JavaSDK", "stackTrace": "java.base/sun.nio.ch.NioSocketImpl.timedFinishConnect(NioSocketImpl.java:546)\njava.base/sun.nio.ch.NioSocketImpl.connect(NioSocketImpl.java:597)", "cause": null, "applicationFailureInfo": { "type": "java.net.SocketTimeoutException", "nonRetryable": false, "details": null } }, "applicationFailureInfo": { "type": "org.apache.http.conn.ConnectTimeoutException", "nonRetryable": false, "details": null } }, "applicationFailureInfo": { "type": "software.amazon.awssdk.core.exception.SdkClientException", "nonRetryable": false, "details": null } } ```
0
answers
0
votes
4
views
asked 3 hours ago