• openKM 6.3.4 - firewall requirements

  • Problems with installing OpenKM? No problemo, the solution is closer than you think.
Problems with installing OpenKM? No problemo, the solution is closer than you think.
Forum rules: Please, before asking something see the documentation wiki or use the search feature of the forum. And remember we don't have a crystal ball or mental readers, so if you post about an issue tell us which OpenKM are you using and also the browser and operating system version. For more info read How to Report Bugs Effectively.
 #47517  by id501
 
Hello,

I'm trying to install openKM 6.3.4 in a controlled environment where the outside connections are filtered by our firewall.
Can we have the full network requirements to do that? IP/ port to be allowed by networking ?

For the moment we have these 3 URLs allowed on port 443

telnet sourceforge.net 443
telnet download.openkm.com 443
telnet update.openkm.com 443

But the logs still shows this (which was indicated by another user as an error from firewall blocking something)
Code: Select all
2019-02-14 05:01:01,980 [    main] INFO  com.openkm.installer.Main - Running in Linux: 0.6.0-CE (build: 8fa3bfb)
2019-02-14 05:01:01,984 [    main] INFO  com.openkm.installer.Main - Linux distro: rhel (Red Hat Enterprise Linux Server - 7.6)
2019-02-14 05:01:18,063 [    main] INFO  com.openkm.installer.Main - Local host: l21m23114668001 (10.215.129.207)
2019-02-14 05:01:18,063 [    main] INFO  com.openkm.installer.Main - Java version: 1.8.0_171
2019-02-14 05:01:18,069 [    main] INFO  com.openkm.installer.Main - Free disk size: 65.0 GB
2019-02-14 05:01:18,076 [    main] INFO  com.openkm.installer.Main - RAM size: 15.7 GB
2019-02-14 05:01:18,076 [    main] INFO  com.openkm.installer.Main - CPU cores: 4
2019-02-14 05:01:18,222 [    main] INFO  com.openkm.installer.Main - Current directory: /opt/openkm
2019-02-14 05:01:18,222 [    main] INFO  com.openkm.installer.Main - Warning: no port check
2019-02-14 05:01:51,238 [    main] INFO  com.openkm.installer.Main - Install version: 6.3.4
2019-02-14 05:02:07,948 [    main] INFO  com.openkm.installer.b.c - Detected network interface: eth0
2019-02-14 05:02:07,949 [    main] INFO  com.openkm.installer.b.c - Interface address: /fe80:0:0:0:20d:3aff:fe23:5fff%eth0
2019-02-14 05:02:07,949 [    main] INFO  com.openkm.installer.b.c - Interface address: /10.***.***.***
2019-02-14 05:02:07,950 [    main] INFO  com.openkm.installer.b.c - MAC address: 00:0D:3A:23:5F:FF
2019-02-14 05:02:08,295 [    main] INFO  com.openkm.installer.b - ### BEGIN INSTALL ###
2019-02-14 05:02:08,296 [    main] INFO  com.openkm.installer.Main - Downloading Tomcat: 7.0.61
2019-02-14 05:02:08,818 [    main] INFO  com.openkm.installer.Main - ERROR: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
2019-02-14 05:02:08,820 [    main] ERROR com.openkm.installer.Main - sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
	at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1964)
	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:328)
	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322)
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1614)
	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
	at sun.security.ssl.Handshaker.process_record(Handshaker.java:987)
	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
	at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:394)
	at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353)
	at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:134)
	at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353)
	at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380)
	at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
	at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184)
	at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88)
	at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
	at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
	at com.openkm.installer.b.h.a(SourceFile:1065)
	at com.openkm.installer.Main.a(SourceFile:214)
	at com.openkm.installer.Main.main(SourceFile:90)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)
	at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
	at sun.security.validator.Validator.validate(Validator.java:260)
	at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
	at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
	at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596)
	... 22 common frames omitted
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
	at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
	at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)
	... 28 common frames omitted
 #47540  by id501
 
I just tested with the files from your link and the installer just tries to connect to sourceforge to download Tomcat and it fails.
Code: Select all
[root@ip-172-31-17-97 openkm]# ls -ltr
total 429484
-rw-r--r--. 1 root root 241684671 Mar  5  2018 Extras.zip
-rw-r--r--. 1 root root  95754244 Mar  6  2018 Tomcat-7.0.61.zip
-rw-r--r--. 1 root root  96267585 Mar  6  2018 Tomcat-8.5.24.zip
-rw-r--r--. 1 root root   6076909 Feb 26 09:55 OKMInstaller.jar
[root@ip-172-31-17-97 openkm]# java -jar OKMInstaller.jar
Running in Linux: 0.9.9-CE (build: 3b5aae9)
Linux distro: rhel (Red Hat Enterprise Linux Server - 7.5)
Local host: ip-172-31-17-97.eu-central-1.compute.internal (172.31.17.97)
Java version: 1.8.0_201
Free disk size: 7.8 GB
RAM size: 990.1 MB
CPU cores: 1
Supported databases: [h2, hsqldb, mariadb, mysql, oracle, postgresql, sqlserver]
Current directory: /opt/openkm

Database [h2]: mysql
Database host [localhost]: 52.59.249.58
Database name [okmdb]: okmdb
Database user [openkm]: okm
Database password [kOjO5h7TT36n]: pass123
---------------------------
- Database: mysql
- Database host: 52.59.249.58
- Database name: okmdb
- Database user: okm
- Database password: pass123
- Install version: 6.3.6
---------------------------
Start install process? [y/N]: y
ERROR: Connect to netix.dl.sourceforge.net:443 [netix.dl.sourceforge.net/87.121.121.2] failed: Connection timed out (Connection timed out)
That happens although Tomcat is in the current directory.


This is the log
Code: Select all
2019-02-26 22:51:11,742 [    main] INFO  com.openkm.installer.Main - Running in Linux: 0.9.9-CE (build: 3b5aae9)
2019-02-26 22:51:11,744 [    main] INFO  com.openkm.installer.Main - Linux distro: rhel (Red Hat Enterprise Linux Server - 7.5)
2019-02-26 22:51:11,784 [    main] INFO  com.openkm.installer.Main - Local host: ip-172-31-17-97.eu-central-1.compute.internal (172.31.17.97)
2019-02-26 22:51:11,784 [    main] INFO  com.openkm.installer.Main - Java version: 1.8.0_201
2019-02-26 22:51:11,875 [    main] INFO  com.openkm.installer.Main - Free disk size: 7.8 GB
2019-02-26 22:51:11,877 [    main] INFO  com.openkm.installer.Main - RAM size: 990.1 MB
2019-02-26 22:51:11,877 [    main] INFO  com.openkm.installer.Main - CPU cores: 1
2019-02-26 22:51:11,878 [    main] INFO  com.openkm.installer.Main - Supported databases: [h2, hsqldb, mariadb, mysql, oracle, postgresql, sqlserver]
2019-02-26 22:51:11,878 [    main] INFO  com.openkm.installer.Main - Current directory: /opt/openkm
2019-02-26 22:51:42,562 [    main] INFO  com.openkm.installer.Main - Install version: 6.3.6
2019-02-26 22:51:42,991 [    main] INFO  com.openkm.installer.b.c - Detected network interface: eth0
2019-02-26 22:51:42,991 [    main] INFO  com.openkm.installer.b.c - Interface address: /fe80:0:0:0:44c:d2ff:fec8:a99e%eth0
2019-02-26 22:51:42,991 [    main] INFO  com.openkm.installer.b.c - Interface address: /172.31.17.97
2019-02-26 22:51:42,992 [    main] INFO  com.openkm.installer.b.c - MAC address: 06:4C:D2:C8:A9:9E
2019-02-26 22:51:43,344 [    main] INFO  com.openkm.installer.b - ### BEGIN INSTALL ###
2019-02-26 22:51:43,344 [    main] INFO  com.openkm.installer.Main - Downloading Tomcat: 8.5.24
2019-02-26 22:53:52,137 [    main] INFO  com.openkm.installer.Main - ERROR: Connect to netix.dl.sourceforge.net:443 [netix.dl.sourceforge.net/87.121.121.2] failed: Connection timed$
2019-02-26 22:53:52,139 [    main] ERROR com.openkm.installer.Main - Connect to netix.dl.sourceforge.net:443 [netix.dl.sourceforge.net/87.121.121.2] failed: Connection timed out (C$
org.apache.http.conn.HttpHostConnectException: Connect to netix.dl.sourceforge.net:443 [netix.dl.sourceforge.net/87.121.121.2] failed: Connection timed out (Connection timed out)
        at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:151)
        at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353)
What I am missing, is there another parameter for the install to know that it should take files from current directory?

I see that OKMInstaller.jar has been recently updated (from the location you suggested)... Maybe this new version does not take into account the local files?

About Us

OpenKM is part of the management software. A management software is a program that facilitates the accomplishment of administrative tasks. OpenKM is a document management system that allows you to manage business content and workflow in a more efficient way. Document managers guarantee data protection by establishing information security for business content.