openKM 6.3.4 - firewall requirements

Problems with installing OpenKM? No problemo, the solution is closer than you think.
Forum rules
Please, before asking something see the documentation wiki or use the search feature of the forum. And remember we don't have a crystal ball or mental readers, so if you post about an issue tell us which OpenKM are you using and also the browser and operating system version. For more info read How to Report Bugs Effectively.
Post Reply
id501
Fresh Boarder
Fresh Boarder
Posts: 2
Joined: Mon Feb 18, 2019 10:23 am

openKM 6.3.4 - firewall requirements

Post by id501 » Mon Feb 18, 2019 11:02 am

Hello,

I'm trying to install openKM 6.3.4 in a controlled environment where the outside connections are filtered by our firewall.
Can we have the full network requirements to do that? IP/ port to be allowed by networking ?

For the moment we have these 3 URLs allowed on port 443

telnet sourceforge.net 443
telnet download.openkm.com 443
telnet update.openkm.com 443

But the logs still shows this (which was indicated by another user as an error from firewall blocking something)

Code: Select all

2019-02-14 05:01:01,980 [    main] INFO  com.openkm.installer.Main - Running in Linux: 0.6.0-CE (build: 8fa3bfb)
2019-02-14 05:01:01,984 [    main] INFO  com.openkm.installer.Main - Linux distro: rhel (Red Hat Enterprise Linux Server - 7.6)
2019-02-14 05:01:18,063 [    main] INFO  com.openkm.installer.Main - Local host: l21m23114668001 (10.215.129.207)
2019-02-14 05:01:18,063 [    main] INFO  com.openkm.installer.Main - Java version: 1.8.0_171
2019-02-14 05:01:18,069 [    main] INFO  com.openkm.installer.Main - Free disk size: 65.0 GB
2019-02-14 05:01:18,076 [    main] INFO  com.openkm.installer.Main - RAM size: 15.7 GB
2019-02-14 05:01:18,076 [    main] INFO  com.openkm.installer.Main - CPU cores: 4
2019-02-14 05:01:18,222 [    main] INFO  com.openkm.installer.Main - Current directory: /opt/openkm
2019-02-14 05:01:18,222 [    main] INFO  com.openkm.installer.Main - Warning: no port check
2019-02-14 05:01:51,238 [    main] INFO  com.openkm.installer.Main - Install version: 6.3.4
2019-02-14 05:02:07,948 [    main] INFO  com.openkm.installer.b.c - Detected network interface: eth0
2019-02-14 05:02:07,949 [    main] INFO  com.openkm.installer.b.c - Interface address: /fe80:0:0:0:20d:3aff:fe23:5fff%eth0
2019-02-14 05:02:07,949 [    main] INFO  com.openkm.installer.b.c - Interface address: /10.***.***.***
2019-02-14 05:02:07,950 [    main] INFO  com.openkm.installer.b.c - MAC address: 00:0D:3A:23:5F:FF
2019-02-14 05:02:08,295 [    main] INFO  com.openkm.installer.b - ### BEGIN INSTALL ###
2019-02-14 05:02:08,296 [    main] INFO  com.openkm.installer.Main - Downloading Tomcat: 7.0.61
2019-02-14 05:02:08,818 [    main] INFO  com.openkm.installer.Main - ERROR: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
2019-02-14 05:02:08,820 [    main] ERROR com.openkm.installer.Main - sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
	at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1964)
	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:328)
	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322)
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1614)
	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
	at sun.security.ssl.Handshaker.process_record(Handshaker.java:987)
	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
	at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:394)
	at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353)
	at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:134)
	at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353)
	at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380)
	at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
	at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184)
	at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88)
	at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
	at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
	at com.openkm.installer.b.h.a(SourceFile:1065)
	at com.openkm.installer.Main.a(SourceFile:214)
	at com.openkm.installer.Main.main(SourceFile:90)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)
	at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
	at sun.security.validator.Validator.validate(Validator.java:260)
	at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
	at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
	at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596)
	... 22 common frames omitted
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
	at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
	at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)
	... 28 common frames omitted

pavila
Moderator
Moderator
Posts: 3066
Joined: Tue Dec 11, 2007 6:02 pm
Location: Alicante, Spain
Contact:

Re: openKM 6.3.4 - firewall requirements

Post by pavila » Fri Feb 22, 2019 6:30 pm

Just tested the installer from https://sourceforge.net/projects/openkm/files/common/ and works fine.

Regards.

id501
Fresh Boarder
Fresh Boarder
Posts: 2
Joined: Mon Feb 18, 2019 10:23 am

Re: openKM 6.3.4 - firewall requirements

Post by id501 » Tue Feb 26, 2019 10:57 pm

I just tested with the files from your link and the installer just tries to connect to sourceforge to download Tomcat and it fails.

Code: Select all

[root@ip-172-31-17-97 openkm]# ls -ltr
total 429484
-rw-r--r--. 1 root root 241684671 Mar  5  2018 Extras.zip
-rw-r--r--. 1 root root  95754244 Mar  6  2018 Tomcat-7.0.61.zip
-rw-r--r--. 1 root root  96267585 Mar  6  2018 Tomcat-8.5.24.zip
-rw-r--r--. 1 root root   6076909 Feb 26 09:55 OKMInstaller.jar
[root@ip-172-31-17-97 openkm]# java -jar OKMInstaller.jar
Running in Linux: 0.9.9-CE (build: 3b5aae9)
Linux distro: rhel (Red Hat Enterprise Linux Server - 7.5)
Local host: ip-172-31-17-97.eu-central-1.compute.internal (172.31.17.97)
Java version: 1.8.0_201
Free disk size: 7.8 GB
RAM size: 990.1 MB
CPU cores: 1
Supported databases: [h2, hsqldb, mariadb, mysql, oracle, postgresql, sqlserver]
Current directory: /opt/openkm

Database [h2]: mysql
Database host [localhost]: 52.59.249.58
Database name [okmdb]: okmdb
Database user [openkm]: okm
Database password [kOjO5h7TT36n]: pass123
---------------------------
- Database: mysql
- Database host: 52.59.249.58
- Database name: okmdb
- Database user: okm
- Database password: pass123
- Install version: 6.3.6
---------------------------
Start install process? [y/N]: y
ERROR: Connect to netix.dl.sourceforge.net:443 [netix.dl.sourceforge.net/87.121.121.2] failed: Connection timed out (Connection timed out)
That happens although Tomcat is in the current directory.


This is the log

Code: Select all

2019-02-26 22:51:11,742 [    main] INFO  com.openkm.installer.Main - Running in Linux: 0.9.9-CE (build: 3b5aae9)
2019-02-26 22:51:11,744 [    main] INFO  com.openkm.installer.Main - Linux distro: rhel (Red Hat Enterprise Linux Server - 7.5)
2019-02-26 22:51:11,784 [    main] INFO  com.openkm.installer.Main - Local host: ip-172-31-17-97.eu-central-1.compute.internal (172.31.17.97)
2019-02-26 22:51:11,784 [    main] INFO  com.openkm.installer.Main - Java version: 1.8.0_201
2019-02-26 22:51:11,875 [    main] INFO  com.openkm.installer.Main - Free disk size: 7.8 GB
2019-02-26 22:51:11,877 [    main] INFO  com.openkm.installer.Main - RAM size: 990.1 MB
2019-02-26 22:51:11,877 [    main] INFO  com.openkm.installer.Main - CPU cores: 1
2019-02-26 22:51:11,878 [    main] INFO  com.openkm.installer.Main - Supported databases: [h2, hsqldb, mariadb, mysql, oracle, postgresql, sqlserver]
2019-02-26 22:51:11,878 [    main] INFO  com.openkm.installer.Main - Current directory: /opt/openkm
2019-02-26 22:51:42,562 [    main] INFO  com.openkm.installer.Main - Install version: 6.3.6
2019-02-26 22:51:42,991 [    main] INFO  com.openkm.installer.b.c - Detected network interface: eth0
2019-02-26 22:51:42,991 [    main] INFO  com.openkm.installer.b.c - Interface address: /fe80:0:0:0:44c:d2ff:fec8:a99e%eth0
2019-02-26 22:51:42,991 [    main] INFO  com.openkm.installer.b.c - Interface address: /172.31.17.97
2019-02-26 22:51:42,992 [    main] INFO  com.openkm.installer.b.c - MAC address: 06:4C:D2:C8:A9:9E
2019-02-26 22:51:43,344 [    main] INFO  com.openkm.installer.b - ### BEGIN INSTALL ###
2019-02-26 22:51:43,344 [    main] INFO  com.openkm.installer.Main - Downloading Tomcat: 8.5.24
2019-02-26 22:53:52,137 [    main] INFO  com.openkm.installer.Main - ERROR: Connect to netix.dl.sourceforge.net:443 [netix.dl.sourceforge.net/87.121.121.2] failed: Connection timed$
2019-02-26 22:53:52,139 [    main] ERROR com.openkm.installer.Main - Connect to netix.dl.sourceforge.net:443 [netix.dl.sourceforge.net/87.121.121.2] failed: Connection timed out (C$
org.apache.http.conn.HttpHostConnectException: Connect to netix.dl.sourceforge.net:443 [netix.dl.sourceforge.net/87.121.121.2] failed: Connection timed out (Connection timed out)
        at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:151)
        at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353)
What I am missing, is there another parameter for the install to know that it should take files from current directory?

I see that OKMInstaller.jar has been recently updated (from the location you suggested)... Maybe this new version does not take into account the local files?

jllort
Moderator
Moderator
Posts: 10707
Joined: Fri Dec 21, 2007 11:23 am
Location: Sineu - ( Illes Balears ) - Spain
Contact:

Re: openKM 6.3.4 - firewall requirements

Post by jllort » Fri Mar 01, 2019 7:24 pm

The error indicates you are not able to connect with sourceforge. I suggest consider reading manual installation if you do not success on get Internet connection opened https://docs.openkm.com/kcenter/view/ok ... ebian.html

Post Reply