Page 1 of 1

openKM 6.3.4 - firewall requirements

PostPosted:Mon Feb 18, 2019 11:02 am
by id501
Hello,

I'm trying to install openKM 6.3.4 in a controlled environment where the outside connections are filtered by our firewall.
Can we have the full network requirements to do that? IP/ port to be allowed by networking ?

For the moment we have these 3 URLs allowed on port 443

telnet sourceforge.net 443
telnet download.openkm.com 443
telnet update.openkm.com 443

But the logs still shows this (which was indicated by another user as an error from firewall blocking something)
Code: Select all
2019-02-14 05:01:01,980 [    main] INFO  com.openkm.installer.Main - Running in Linux: 0.6.0-CE (build: 8fa3bfb)
2019-02-14 05:01:01,984 [    main] INFO  com.openkm.installer.Main - Linux distro: rhel (Red Hat Enterprise Linux Server - 7.6)
2019-02-14 05:01:18,063 [    main] INFO  com.openkm.installer.Main - Local host: l21m23114668001 (10.215.129.207)
2019-02-14 05:01:18,063 [    main] INFO  com.openkm.installer.Main - Java version: 1.8.0_171
2019-02-14 05:01:18,069 [    main] INFO  com.openkm.installer.Main - Free disk size: 65.0 GB
2019-02-14 05:01:18,076 [    main] INFO  com.openkm.installer.Main - RAM size: 15.7 GB
2019-02-14 05:01:18,076 [    main] INFO  com.openkm.installer.Main - CPU cores: 4
2019-02-14 05:01:18,222 [    main] INFO  com.openkm.installer.Main - Current directory: /opt/openkm
2019-02-14 05:01:18,222 [    main] INFO  com.openkm.installer.Main - Warning: no port check
2019-02-14 05:01:51,238 [    main] INFO  com.openkm.installer.Main - Install version: 6.3.4
2019-02-14 05:02:07,948 [    main] INFO  com.openkm.installer.b.c - Detected network interface: eth0
2019-02-14 05:02:07,949 [    main] INFO  com.openkm.installer.b.c - Interface address: /fe80:0:0:0:20d:3aff:fe23:5fff%eth0
2019-02-14 05:02:07,949 [    main] INFO  com.openkm.installer.b.c - Interface address: /10.***.***.***
2019-02-14 05:02:07,950 [    main] INFO  com.openkm.installer.b.c - MAC address: 00:0D:3A:23:5F:FF
2019-02-14 05:02:08,295 [    main] INFO  com.openkm.installer.b - ### BEGIN INSTALL ###
2019-02-14 05:02:08,296 [    main] INFO  com.openkm.installer.Main - Downloading Tomcat: 7.0.61
2019-02-14 05:02:08,818 [    main] INFO  com.openkm.installer.Main - ERROR: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
2019-02-14 05:02:08,820 [    main] ERROR com.openkm.installer.Main - sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
	at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1964)
	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:328)
	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322)
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1614)
	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
	at sun.security.ssl.Handshaker.process_record(Handshaker.java:987)
	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
	at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:394)
	at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353)
	at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:134)
	at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353)
	at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380)
	at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
	at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184)
	at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88)
	at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
	at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
	at com.openkm.installer.b.h.a(SourceFile:1065)
	at com.openkm.installer.Main.a(SourceFile:214)
	at com.openkm.installer.Main.main(SourceFile:90)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)
	at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
	at sun.security.validator.Validator.validate(Validator.java:260)
	at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
	at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
	at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596)
	... 22 common frames omitted
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
	at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
	at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)
	... 28 common frames omitted

Re: openKM 6.3.4 - firewall requirements

PostPosted:Fri Feb 22, 2019 6:30 pm
by pavila
Just tested the installer from https://sourceforge.net/projects/openkm/files/common/ and works fine.

Regards.

Re: openKM 6.3.4 - firewall requirements

PostPosted:Tue Feb 26, 2019 10:57 pm
by id501
I just tested with the files from your link and the installer just tries to connect to sourceforge to download Tomcat and it fails.
Code: Select all
[root@ip-172-31-17-97 openkm]# ls -ltr
total 429484
-rw-r--r--. 1 root root 241684671 Mar  5  2018 Extras.zip
-rw-r--r--. 1 root root  95754244 Mar  6  2018 Tomcat-7.0.61.zip
-rw-r--r--. 1 root root  96267585 Mar  6  2018 Tomcat-8.5.24.zip
-rw-r--r--. 1 root root   6076909 Feb 26 09:55 OKMInstaller.jar
[root@ip-172-31-17-97 openkm]# java -jar OKMInstaller.jar
Running in Linux: 0.9.9-CE (build: 3b5aae9)
Linux distro: rhel (Red Hat Enterprise Linux Server - 7.5)
Local host: ip-172-31-17-97.eu-central-1.compute.internal (172.31.17.97)
Java version: 1.8.0_201
Free disk size: 7.8 GB
RAM size: 990.1 MB
CPU cores: 1
Supported databases: [h2, hsqldb, mariadb, mysql, oracle, postgresql, sqlserver]
Current directory: /opt/openkm

Database [h2]: mysql
Database host [localhost]: 52.59.249.58
Database name [okmdb]: okmdb
Database user [openkm]: okm
Database password [kOjO5h7TT36n]: pass123
---------------------------
- Database: mysql
- Database host: 52.59.249.58
- Database name: okmdb
- Database user: okm
- Database password: pass123
- Install version: 6.3.6
---------------------------
Start install process? [y/N]: y
ERROR: Connect to netix.dl.sourceforge.net:443 [netix.dl.sourceforge.net/87.121.121.2] failed: Connection timed out (Connection timed out)
That happens although Tomcat is in the current directory.


This is the log
Code: Select all
2019-02-26 22:51:11,742 [    main] INFO  com.openkm.installer.Main - Running in Linux: 0.9.9-CE (build: 3b5aae9)
2019-02-26 22:51:11,744 [    main] INFO  com.openkm.installer.Main - Linux distro: rhel (Red Hat Enterprise Linux Server - 7.5)
2019-02-26 22:51:11,784 [    main] INFO  com.openkm.installer.Main - Local host: ip-172-31-17-97.eu-central-1.compute.internal (172.31.17.97)
2019-02-26 22:51:11,784 [    main] INFO  com.openkm.installer.Main - Java version: 1.8.0_201
2019-02-26 22:51:11,875 [    main] INFO  com.openkm.installer.Main - Free disk size: 7.8 GB
2019-02-26 22:51:11,877 [    main] INFO  com.openkm.installer.Main - RAM size: 990.1 MB
2019-02-26 22:51:11,877 [    main] INFO  com.openkm.installer.Main - CPU cores: 1
2019-02-26 22:51:11,878 [    main] INFO  com.openkm.installer.Main - Supported databases: [h2, hsqldb, mariadb, mysql, oracle, postgresql, sqlserver]
2019-02-26 22:51:11,878 [    main] INFO  com.openkm.installer.Main - Current directory: /opt/openkm
2019-02-26 22:51:42,562 [    main] INFO  com.openkm.installer.Main - Install version: 6.3.6
2019-02-26 22:51:42,991 [    main] INFO  com.openkm.installer.b.c - Detected network interface: eth0
2019-02-26 22:51:42,991 [    main] INFO  com.openkm.installer.b.c - Interface address: /fe80:0:0:0:44c:d2ff:fec8:a99e%eth0
2019-02-26 22:51:42,991 [    main] INFO  com.openkm.installer.b.c - Interface address: /172.31.17.97
2019-02-26 22:51:42,992 [    main] INFO  com.openkm.installer.b.c - MAC address: 06:4C:D2:C8:A9:9E
2019-02-26 22:51:43,344 [    main] INFO  com.openkm.installer.b - ### BEGIN INSTALL ###
2019-02-26 22:51:43,344 [    main] INFO  com.openkm.installer.Main - Downloading Tomcat: 8.5.24
2019-02-26 22:53:52,137 [    main] INFO  com.openkm.installer.Main - ERROR: Connect to netix.dl.sourceforge.net:443 [netix.dl.sourceforge.net/87.121.121.2] failed: Connection timed$
2019-02-26 22:53:52,139 [    main] ERROR com.openkm.installer.Main - Connect to netix.dl.sourceforge.net:443 [netix.dl.sourceforge.net/87.121.121.2] failed: Connection timed out (C$
org.apache.http.conn.HttpHostConnectException: Connect to netix.dl.sourceforge.net:443 [netix.dl.sourceforge.net/87.121.121.2] failed: Connection timed out (Connection timed out)
        at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:151)
        at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353)
What I am missing, is there another parameter for the install to know that it should take files from current directory?

I see that OKMInstaller.jar has been recently updated (from the location you suggested)... Maybe this new version does not take into account the local files?

Re: openKM 6.3.4 - firewall requirements

PostPosted:Fri Mar 01, 2019 7:24 pm
by jllort
The error indicates you are not able to connect with sourceforge. I suggest consider reading manual installation if you do not success on get Internet connection opened https://docs.openkm.com/kcenter/view/ok ... ebian.html