Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Getting Invalid Host header #9092

Open
abhishekjaiswal06 opened this issue May 5, 2021 · 7 comments
Open

Getting Invalid Host header #9092

abhishekjaiswal06 opened this issue May 5, 2021 · 7 comments

Comments

@abhishekjaiswal06
Copy link

Getting error while setup consoleme as a docker container whereas able to setup locally.Below are container logs. Please assist.

raise EndpointConnectionError(endpoint_url=request.url, error=e)
botocore.exceptions.EndpointConnectionError: Could not connect to the endpoint URL: "http://CONSOLEME-DYNAMODB:8005/"

"error": "Unable to retrieve Dynamic Config from Redis"

Note: SG is open and aws credential setup is file.
@castrapel
Copy link
Contributor

Can you provide step-by-step instructions to help us replicate this issue? Please also let us know what OS and hardware you are using.

@abhishekjaiswal06
Copy link
Author

abhishekjaiswal06 commented May 12, 2021
edited
Loading

I am following the steps as per mentioned in https://hawkins.gitbook.io/consoleme/quick-start/docker.
I am using EC2 Amazon Linux 2. Below are some dependencies and their version available on the server.

git --version
git version 2.23.4
docker --version
Docker version 20.10.4, build d3cb89e
docker-compose --version
docker-compose version 1.29.1, build c34c88b2

@castrapel
Copy link
Contributor

Thanks @abhishekjaiswal06. I wouldn't recommend using Docker on EC2. Docker is used to get ConsoleMe running on your local machine. But On EC2, you can use real DynamoDB, and Redis either installed natively or through Elasticcache.

The easiest way to deploy is through Terraform. If possible, please try to deploy with our Terraform module.

But if you'd like to set ConsoleMe up manually, you'll need to get Redis set up. You can install Redis locally, or use Elasticache to host Redis. If you use Elasticache for Redis, you will need to modify ConsoleMe's configuration and give it the cluster information. The configuration used by default for Docker deploys is here. You'll want to read up on how ConsoleMe figures out what its configuration is, and how to customize it with these docs.

For DynamoDB: Create the DynamoDB tables in AWS. The required tables are defined in terraform here, and there's a script that can help with creating them here.

What are your thoughts?

@abhishekjaiswal06
Copy link
Author

One quick question, we don't have AWS organization and would like to have multiple account sync up in our master account consoleme. is it possible ? or we need AWS organization for our scenario

@castrapel
Copy link
Contributor

castrapel commented May 13, 2021
edited
Loading

Hi @abhishekjaiswal06 yes it is possible, but you have to tell ConsoleMe what accounts to sync in Dynamic Configuration or Local configuration. Instructions for local configuration are here. Dynamic configuration is pretty similar, just put those configuration values at https://<YOUR_CM_DOMAIN>/config . If you have Celery running, the cache_cloud_accounts runs every hour, so it will pick up your accounts, and then ~ 30 minutes later, other celery tasks will attempt to synchronize resources from all of these accounts. You can also SSH on an instance and run these celery tasks manually.

In order to sync resources, ConsoleMe on your central/"master" account should be able to assume a ConsoleMe role in your other accounts (We call your other accounts spoke accounts). Each of your spoke accounts should have a role with the same name (like ConsoleMe). It should allow ConsoleMeInstanceProfile on your central account to assume role. Permissions that your spoke roles need are documented here. You'll need to change your configuration if you haven't already done so, to tell ConsoleMe what role to assume on your other accounts. This configuration key (policies.role_name) is talked about here.

Thank you.

@abhishekjaiswal06
Copy link
Author

Hi,
I am getting below error while redirecting SSO aunthentication to consoleme load balancer.

Traceback (most recent call last):
File "/root/env/lib/python3.8/site-packages/tornado/web.py", line 1679, in _execute
self.check_xsrf_cookie()
File "/root/env/lib/python3.8/site-packages/tornado/web.py", line 1519, in check_xsrf_cookie
raise HTTPError(403, "'_xsrf' argument missing from POST")
tornado.web.HTTPError: HTTP 403: Forbidden ('_xsrf' argument missing from POST)

Can you assist ?

@castrapel
Copy link
Contributor

castrapel commented Jun 7, 2021
edited
Loading

Hi @abhishekjaiswal06 , this error indicates that someone made a POST request to a consoleme endpoint without the _xsrf token, which is used to prevent XSRF/CSRF vulnerabilities. Is there anything in the logs around that error to indicate what endpoint was used?

For testing, you can disable XSRF protection by setting tornado.xsrf to false in your ConsoleMe configuration. But please do not run this configuration permanently. For example:

tornado:
  address: localhost
  debug: false
  port: 8081
  xsrf: false

To learn more about XSRF/CSRF, read this: https://owasp.org/www-community/attacks/csrf

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@castrapel @abhishekjaiswal06