[chef] Re: Re: <Errno::ECONNRESET: Connection reset by peer - SSL_connect> when chef-server-ctl test

[Dmitrii Golub < >]

Funny thing

:/etc$ ps ax | grep nginx

 7352 ?        Ss     1:18 runsv nginx

 7353 ?        S      0:26 svlogd -tt /var/log/chef-server/nginx

26862 pts/0    T      0:00 sudo vim /var/opt/chef-server/nginx/etc/chef_https_lb.conf

26863 pts/0    T      0:00 vim /var/opt/chef-server/nginx/etc/chef_https_lb.conf

32048 ?        Ss     0:00 /opt/chef-server/embedded/sbin/nginx -c /var/opt/chef-server/nginx/etc/nginx.conf

32050 pts/0    S+     0:00 grep --color=auto nginx

As you can see there are no master nginx process. I didm' t notice this as problem, however, when I reboot instance everything works again:

:~$ ps ax | grep nginx 

  755 ?        Ss     0:00 runsv nginx

  766 ?        S      0:00 svlogd -tt /var/log/chef-server/nginx

  768 ?        Ss     0:00 nginx: master process /opt/chef-server/embedded/sbin/nginx -c /var/opt/chef-server/nginx/etc/nginx.conf

  814 ?        S      0:03 nginx: worker process                                                            

  815 ?        S      0:00 nginx: cache manager process                                                     

 1577 pts/1    S+     0:00 grep --color=auto nginx

So I suppose, that it's error in initial chef recipe, in nginx section, it doesn't start nginx.

Any way thanks for help

On Jun 28, 2013, at 1:46 PM, Dmitrii Golub < "> > wrote:

Really there are no certificates installed

:~$ openssl s_client -connect ip-10-0-1-86:443

CONNECTED(00000003)

write:errno=104

---

no peer certificate available

---

No client certificate CA names sent

---

SSL handshake has read 0 bytes and written 226 bytes

---

New, (NONE), Cipher is (NONE)

Secure Renegotiation IS NOT supported

Compression: NONE

Expansion: NONE

---

Nginx config use two:

ssl_certificate /var/opt/chef-server/nginx/ca/ip-10-0-1-86.crt;

ssl_certificate_key /var/opt/chef-server/nginx/ca/ip-10-0-1-86.key;

I am not good in certificates, really. As I understand openssl can't find peer certificate. Where it's locates and how to make linux use it by default. Moreover, other clients should use that custom certificate. Right?

Things become hard

On Jun 27, 2013, at 9:41 PM, Daniel Condomitti < "> > wrote:

Try `openssl s_client -connect ip-10-0-1-86:443` and curl http://ip-10-0-1-86:443/clients' to see if it's actually just serving HTTP (non-TLS/SSL traffic) on port 443.

On Thursday, June 27, 2013 at 12:49 AM, Dmitrii Golub wrote:

Hello

After successfull chef installation on AWS Ubuntu 12.04 (default instance), chef version chef-server_11.0.8-1.ubuntu.12.04_amd64.deb

When I run 

sudo chef-server-ctl test

Receive error <Errno::ECONNRESET: Connection reset by peer - SSL_connect> (full error listing: https://gist.github.com/Houdini/5868356)

I noticed that error is in file 

/opt/chef-server/embedded/service/chef-pedant/lib/pedant/opensource/platform.rb:81:in `create_client'

I added puts there, and url is "https://ip-10-0-1-86/clients" that actually is localhost.

And really:

curl https://ip-10-0-1-86/clients
curl: (35) Unknown SSL protocol error in connection to ip-10-0-1-86:443 

Any ideas how to fix it?

Thanks