cat book.txt | pv -L 100k | nc -l 3005
понедельник, 12 декабря 2016 г.
вторник, 6 декабря 2016 г.
clojure milliseconds to date or time
(.toLocalDate (.atZone (Instant/ofEpochMilli 1481042602526) (ZoneId/systemDefault)))
(.toLocalTime (.atZone (Instant/ofEpochMilli 1481042602526) (ZoneId/systemDefault)))
воскресенье, 30 октября 2016 г.
enable automount for RHEL 7 and FreeIPA
sudo ipa-client-automount --server=ipasrv01.mydomain.com
sudo authconfig --enablemkhomedir --update
sudo authconfig --enablemkhomedir --update
среда, 26 октября 2016 г.
clojure remote repl
In order to debug remote app we can start it with remote repl, if version of clojure 1.8+
java -Dclojure.server.repl="{:address \"0.0.0.0\" :port 5555 :accept clojure.core.server/repl}" -jar mywebapp.jar
вторник, 25 октября 2016 г.
Kerberos SPNEGO Checksum failed problem
I made SPNEGO authentication for my web apps. During development I met a problem authenticating users using keytab file for HTTP services:
Caused by: org.ietf.jgss.GSSException: Failure unspecified at GSS-API level (Mechanism level: Checksum failed)
I've found solution how to resolve a problem. I've used RHEL 7 on servers and clients, and FreeIPA as a KDC/LDAP server:
1. Open /etc/krb5.conf on web app server and add into section [libdefaults] one line
Caused by: org.ietf.jgss.GSSException: Failure unspecified at GSS-API level (Mechanism level: Checksum failed)
I've found solution how to resolve a problem. I've used RHEL 7 on servers and clients, and FreeIPA as a KDC/LDAP server:
1. Open /etc/krb5.conf on web app server and add into section [libdefaults] one line
[libdefaults]
default_tkt_enctypes = arcfour-hmac-md5
This is most important thing. This line resolves "Checksum failed" problem
2. On a client:
kinit username
Password for username@MYSERVICE.COM:
after successful authentication in Kerberos domain we can access Kerberized web apps using curl:
curl -v -k --negotiate -u : --cacert /etc/ipa/ca.crt https://myservice.com:8090/krb
3. In FireFox, print about:config in address bar -> I promise -> then find
network.negotiate-auth.delegation-uris value http://,https://
network.negotiate-auth.trusted-uris value .myservice.comвторник, 27 сентября 2016 г.
Clojure ClassCastException error
If error occured like this Caused by: java.lang.ClassCastException: bla.bla.bla cannot be cast to [Lbla.bla.bla it means that you need (into-array [bla.bla.bla]) or (into-array BlaClass [])
четверг, 24 марта 2016 г.
import openssl keys to JKS
#convert ca chain from PEM to DER
openssl x509 -outform der -in ca-chain.cert.pem -out ca.cert.der
#convert server cert and server private key to pkcs12 storage
openssl pkcs12 -export -in ./hostname.cert.pem -inkey ./hostname.key.pem -out ./hostname.p12 -name mywebservice -passin pass:Secret13 -passout pass:Secret13
#import server cert and private key from pkcs12 to JKS
keytool -importkeystore -srckeystore ./hostname.p12 -srcstoretype PKCS12 -srcstorepass Secret13 -alias mywebservice -deststorepass Secret13 -destkeypass Secret13 -destkeystore server-keystore.jks
#import ca chain
keytool -import -v -trustcacerts -alias ca-cert -file ca.cert.der -keystore ./server-keystore.jks -keypass Secret13
воскресенье, 17 января 2016 г.
include java sources to clojure project
1. Make src-java dir in a root folder of project.
2. Put usual java classes to src-java/ folder
3. Add following lines to the project.clj in root or in uberjar profile.
That's it!
2. Put usual java classes to src-java/ folder
3. Add following lines to the project.clj in root or in uberjar profile.
:java-source-paths ["src-java/"] :prep-tasks ["javac" "compile"]
That's it!
суббота, 9 января 2016 г.
convert pem to jks (java keystore)
after letsencrypt finish we must convert our keys to jks.
here is some instructions:
here is some instructions:
openssl pkcs12 -export -in server-cert.pem -inkey server-private.pem -out server.p12 -name localhost -CAfile ca.pem -caname root
keytool -importkeystore -deststorepass passw12 -destkeypass passw12 -destkeystore server.jks -srckeystore server.p12 -srcstoretype PKCS12 -srcstorepass passw12 -alias localhost
Подписаться на:
Сообщения (Atom)