Category Archives: linux

PingFederate NGINX Reverse Proxy Issues

While configuring NGINX as a reverse proxy for a PingFederate cluster, I kept running into an issue where the PF nodes would reject my authentication requests with the following error:

DEBUG [com.pingidentity.pf.adapters.referenceid.PickupHandler] Auth failed: javax.security.auth.login.LoginException: Multiple adapter instances are configured, ping.instanceId header is required

It turns out that NGINX strips away headers that include invalid characters, in this case “ping.instanceId” contains a period, and is thus an “invalid header” according to NGINX. The fix for this was to add the following to the NGINX server configuration, under the PF cluster server section:

ignore_invalid_headers off;

Dealing with Nexenta HA Plugin Issues

Earlier today I was testing out the Nexenta HA Plugin. I created an additional volume on my Nexenta cluster, and then went to the plugin volume page, which showed me the error:

Cannot get cluster/volume info: Cannot introspect object com.nexenta.nms(/Root/NetworkStorageService): org.freedesktop.DBus.Error.NoReply: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.”

So I tried to re-initialize the cluster, which resulted in the error:

“Configuration save returned an error: no introspection data available for method ‘create’ in object ‘/Root/RsfCluster’, and object is not cast to any interface”

The fix for this was to restart the services on both of my head nodes.

Run the command: svcadm -v disable nm{s,v,cd} nbs nmdtrace dbus rmvolmgr

Then run: svcs nm{s,v,cd} nbs nmdtrace dbus rmvolmgr until all services show as disabled.

Then run: svcadm -v enable nm{s,v,cd} nbs nmdtrace dbus rmvolmgr

Then run: svcs nm{s,v,cd} nbs nmdtrace dbus rmvolmgr until all services show as online.

Make sure you do this on both head nodes.

You should be able to re-use your HA plugin and set everything up!

Hope this helps someone.

What A Ride It’s Been, and What An Adventure It Will Be

Me with a few extra pounds and some facial hair.
Me with a few extra pounds and some facial hair.

Hello Everyone! It has been well over a year since I have posted to this blog, and for that I’m not sure if I want to apologize. We all know that people get so caught up in their own lives, that it can be sometimes difficult to keep up with others.

For the past year, I have been living in Austin TX working at HostGator as a Security Administrator. I have truly enjoyed working at HostGator, and have benefited from it more than I could have asked to. My last day at HostGator is on the 23rd (This Thursday), as I pursue other opportunities in my life. (More below.)

HostGator
HostGator

I am about to embark on one of the largest adventures so far in my life, as I have accepted a new position in Los Angeles, California working at Dreamhost as a Systems Administrator. I’m really excited about this, and I feel confident that I am ready to take on any challenges I may encounter.

Dreamhost - My New Employer in Los Angeles California
Dreamhost - My New Employer in Los Angeles California

I’ve also recently adopted a puppy, named JJ. He is a Lab/Retriever mix, and he’s a bundle of fun.

JJ
JJ

 

 

I’m sort of ready for the drive to LA, not entirely looking forward to the 20 hour drive, but we shall see how I do.

Until next time.

-Kyle

How To Choose The Right Hosting For Your Project

Choosing The Right Hosting For Your Project
Choosing The Right Hosting For Your Project

Recently, I answered a question on the website “Quora“, about how to “Estimate web hosting expenses for a project.” The answer I supplied was so detailed, I felt the need to re-write it for a blog post to share with the world.

Your hosting expenses all depend on what type of hosting you choose to use.

If you can, setup some Cloud Servers, in a highly redundant configuration using something along the lines of HAProxy, or any other solution you find appropriate.

You may be able to save money by offloading some of the traffic to a CDN (Images, CSS, File Downloads, Profile Pictures, etc)

I recommend checking out Amazon S3 with CloudFront or Cloud Files from Rackspace. Both have a great API (Although S3 has more features, and I highly recommend it)

If you decide to use Virtual Servers (“Cloud” Servers), ensure you perform all the optimizations you can, as best as you can. When it comes to virtual servers, thankfully have the ability to change the amount of RAM allocated to your server, which coincides with your CPU allocation, as well as your port speed ( A 256MB Cloud Server may have a 10Mbit Connection, whereas you should be able to get a Gigabit out of a 16 GB Cloud Server, in theory)

If you choose to use something like Cloud Sites, then your main factors are Bandwidth, and “Compute Cycles”, which I can’t get into legally (NDAs), but basically it’s how much CPU usage your site uses, based off of the traffic. You get the equivalent of what they say is a “2.8 GHZ Dual Core Server” (If I recall correctly) with Cloud Sites.

However, once again, I HIGHLY recommend setting up your own virtual servers. They are more cost effective, secure, and you can predict your usage easier (Avg. Bandwidth, CPU Usage, RAM, etc)

If you don’t control your servers, you leave your websites security, and performance in the hands of a team that has hundreds of thousands of other websites they’re also worrying about.

If you have questions, feel free to reach out to me! I specialize in this area, and through my company I can offer services setting/maintaining/consulting.

The Circus, Site Changes, Life

The Circus
The Circus

Yesterday, Quentin and I went to the circus (with his mother and sister of course). It was okay, however seeing the elephants being poked and prodded (especially after googling circus elephant abuse) was kind of hard. Nothing overly special.

I don’t know how many of you actually follow me blog, but I have been moving it around and tweaking it a bit, as well as securing it. I felt that, after all the security flaws that WordPress has had, and the servers that have been hacked, that hardening my servers a bit would be smart. So, as a result the site is now hosted on my Chicago server, until I get a better/bigger Slice.

In Life news, my first day at RackSpace is tomorrow. However, the first day of work is at the headquarters (Datapoint), not where I will actually be working (Downtown). This means I am equally excited for both Monday and Tuesday.

Thanks for listening, see you again soon!