Enable https,


#1

I installed GlobaLeaks following the documentation
wget https://deb.globaleaks.org/install-globaleaks.sh
chmod +x install-globaleaks.sh
./install-globaleaks.sh
my verson Ubuntu 16.04.3 LTS Kernel 4.4.0-109

I can not manage to configure https, I get this error when I check the hostname.
"Warning! The platform does not seem to be reachable with the hostname configured"
i access the globaleaks with my browser at url:
http://ip (or http://nome.dominio.it) http://ip/admin but not access the url https://ip and https://localhost (on browser my linux box)
PLEASE HELP ME, I WONT ENABLE HTTPS

this the log in debug mode:

tail -f /var/globaleaks/log/globaleaks.log
2018-01-16 13:02:08+0100 [-] Main loop terminated.
2018-01-16 13:02:08+0100 [-] Server Shut Down.
2018-01-16 13:05:10+0100 [-] Log opened.
2018-01-16 13:05:10+0100 [-] twistd 16.0.0 (/usr/bin/python 2.7.12) starting up.
2018-01-16 13:05:10+0100 [-] reactor class: twisted.internet.epollreactor.EPollReactor.
2018-01-16 13:05:10+0100 [-] switching group privileges since 0 to 132
2018-01-16 13:05:10+0100 [-] switching user privileges since 0 to 123
2018-01-16 13:05:10+0100 [-] [E] Found an already initialized database version: 38
2018-01-16 13:05:10+0100 [-] [E] Performing data update
2018-01-16 13:05:10+0100 [-] [D] Query [sync_clean_untracked_files] executed in 3.4ms
2018-01-16 13:05:11+0100 [-] [D] Query [sync_refresh_memory_variables] executed in 48.1ms
2018-01-16 13:05:11+0100 [-] Site starting on 8082
2018-01-16 13:05:11+0100 [-] Starting factory <twisted.web.server.Site instance at 0x7f56fdcbc518>
2018-01-16 13:05:11+0100 [-] Site starting on 8083
2018-01-16 13:05:11+0100 [-] Site starting on 80
2018-01-16 13:05:11+0100 [-] [I] Starting process monitor
2018-01-16 13:05:11+0100 [-] GlobaLeaks is now running and accessible at the following urls:
2018-01-16 13:05:11+0100 [-] - [LOCAL HTTP] --> http://127.0.0.1:8082
2018-01-16 13:05:11+0100 [-] - [LOCAL HTTP] --> http://127.0.0.1:8083
2018-01-16 13:05:11+0100 [-] - [REMOTE HTTP] --> http://nome.dominio.it
2018-01-16 13:05:11+0100 [-] - [REMOTE Tor]: --> http://pbqppuwyrt5ghrfk.onion
2018-01-16 13:05:11+0100 [-] [I] Not launching workers
2018-01-16 13:05:11+0100 [-] [D] Query [maybe_launch_https_workers] executed in 39.5ms
2018-01-16 13:05:12+0100 [-] [D] Fetching list of Tor exit nodes
2018-01-16 13:05:12+0100 [-] [D] Query [receiverfile_planning] executed in 3.5ms
2018-01-16 13:05:12+0100 [-] Starting factory <txsocksx.client.SOCKS5ClientFactory instance at 0x7f56fced6ab8>
2018-01-16 13:05:12+0100 [-] [D] Fetching latest GlobaLeaks version from repository
2018-01-16 13:05:12+0100 [-] Starting factory <txsocksx.client.SOCKS5ClientFactory instance at 0x7f56fced6758>
2018-01-16 13:05:12+0100 [-] [D] Query [generate] executed in 6.9ms
2018-01-16 13:05:12+0100 [-] [D] Query [get_mails_from_the_pool] executed in 8.7ms
2018-01-16 13:05:12+0100 [-] [D] Query [delete_sent_mails] executed in 2.4ms
2018-01-16 13:05:12+0100 [-] [D] Query [cert_expiration_checks] executed in 3.7ms
2018-01-16 13:05:12+0100 [-] [D] Query [get_onion_service_info] executed in 4.9ms
2018-01-16 13:05:12+0100 [-] [D] Successfully connected to Tor control port
2018-01-16 13:05:12+0100 [-] [I] Setting up existing onion service pbqppuwyrt5ghrfk.onion
2018-01-16 13:05:12+0100 [TorControlProtocol,client] Created onion-service at pbqppuwyrt5ghrfk.onion
2018-01-16 13:05:12+0100 [TorControlProtocol,client] Created 'pbqppuwyrt5ghrfk.onion', waiting for descriptor uploads.
2018-01-16 13:05:14+0100 [-] Stopping factory <txsocksx.client.SOCKS5ClientFactory instance at 0x7f56fced6758>
2018-01-16 13:05:14+0100 [-] [D] Query [evaluate_update_notification] executed in 5.6ms
2018-01-16 13:05:14+0100 [-] [D] The newest version in the repository is: 2.72.30
2018-01-16 13:05:15+0100 [-] [D] Retrieved a list of 867 exit nodes
2018-01-16 13:05:15+0100 [-] Stopping factory <txsocksx.client.SOCKS5ClientFactory instance at 0x7f56fced6ab8>
2018-01-16 13:05:17+0100 [-] [D] Query [receiverfile_planning] executed in 3.1ms
2018-01-16 13:05:17+0100 [-] [D] Query [generate] executed in 6.5ms
2018-01-16 13:05:17+0100 [-] [D] Query [get_mails_from_the_pool] executed in 3.4ms
2018-01-16 13:05:17+0100 [-] [D] Query [delete_sent_mails] executed in 3.5ms
2018-01-16 13:05:22+0100 [-] [D] Query [receiverfile_planning] executed in 3.3ms
2018-01-16 13:05:22+0100 [-] [D] Query [generate] executed in 6.0ms
2018-01-16 13:05:22+0100 [-] [D] Query [get_mails_from_the_pool] executed in 4.3ms
2018-01-16 13:05:22+0100 [-] [D] Query [delete_sent_mails] executed in 2.4ms


#2

Hello,
by connecting to the http://pbqppuwyrt5ghrfk.onion and checking it’s public hostname segnalazioni.asmenet.it it seems that port 80 is answering correctly, but port 443 for HTTPS is simply not giving any answer:
$ curl -v -k https://segnalazioni.asmenet.it

  • Rebuilt URL to: https://segnalazioni.asmenet.it/
  • Trying 62.77.55.52…
  • TCP_NODELAY set
  • Connected to segnalazioni.asmenet.it (62.77.55.52) port 443 (#0)
  • ALPN, offering h2
  • ALPN, offering http/1.1
  • Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
  • successfully set certificate verify locations:
  • CAfile: /etc/ssl/cert.pem
    CApath: none
  • TLSv1.2 (OUT), TLS handshake, Client hello (1):

Are there any firewall in front of that machine that are maybe preventing internet to connect to the globaleaks software running on the server?


#3

Have you followed the instructions in https://docs.globaleaks.org/en/latest/FirstConfigurationGuide.html and https://docs.globaleaks.org/en/latest/ConfigurationGuide.html#configure-https?


#4

thanks for you replay,

my linux box have the Desktop Environment , i open the browser and put on
https://localhost but not work
https://127.0.0.1 but not work
https://192.168.1.10 but not work.

so there is some problem on port 443 that does not respond from local, without firewall

please help me.

iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination


#5

Can you check with the following command if there’s some other process listening on HTTPS port 443, and report back the output here?

netstat -ntlp


#6

netstat -ntlp

Connessioni Internet attive (solo server)
Proto CodaRic CodaInv Indirizzo locale Indirizzo remoto Stato PID/Program name
tcp 0 0 127.0.0.1:9050 0.0.0.0:* LISTEN 971/tor
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 5502/python
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 5502/python
tcp 0 0 127.0.0.1:8082 0.0.0.0:* LISTEN 5502/python
tcp 0 0 127.0.0.1:8083 0.0.0.0:* LISTEN 5502/python
tcp 0 0 127.0.1.1:53 0.0.0.0:* LISTEN 946/dnsmasq
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 912/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 789/cupsd
tcp6 0 0 :::22 :::* LISTEN 912/sshd
tcp6 0 0 ::1:631 :::* LISTEN 789/cupsd


#7

mmmm strange… GlobaLeaks “python” process is running on that port.

Has the configuration for HTTPS been properly done and confirmed for that public hostname?

Can we have a look with screenshots of the configuration of the section documented here https://docs.globaleaks.org/en/latest/ConfigurationGuide.html#configure-https ?


#8

It would be also useful to get the full data dump of logs /var/globaleaks/log/globaleaks.log, if you want also to share it privately to support@hermescenter.org to have a look and fix the issue


#9

thanks Fabio,
i have send the log at support@hermescenter.org .
my linux box is ubuntu 14.0x updated to version 16.04.3
Thank you


#10

thanks Fabio,
i have send the log at support@hermescenter.org .
my linux box is ubuntu 14.0x updated to version 16.04.3
Thank you


#11

Didn’t received, retry sending it again, or otherwise attach it to the forum post if there’s no confidentiality issues.


#12

Hello,
i have resend the email::grinning:

sender: fwppe@…

Thanks


#13

mmmmmumble, no way, there’s no email, neither in spam folder, try to my own email fabio.pietrosanti@hermescenter.org


#14

ok, i have resend email.
sender: fwppe@ and univocooo@

thanks


#15

Hello Fabio,
the problem reported is not blocking, if you proceed with the creation of a ssl certificate of letsencryp the procedure ends successfully.
Thank you all


#16

cool, happy that it has been fixed!


#17

I just ran an update this afternoon, before that, I was getting a error, that “[captioned]”
Screenshot%20(161)

When I click Proceed, I get "[captioned]’
Screenshot%20(162)

The DNS is already pointed
In my messages, I get the notification

Version: 3.6.13

requests.exceptions.ConnectionError A Connection error occurred.

Traceback (most recent call last):

File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 601, in urlopen
chunked=chunked)

File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 346, in _make_request
self._validate_conn(conn)

File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 852, in _validate_conn
conn.connect()

File “/usr/lib/python3/dist-packages/urllib3/connection.py”, line 326, in connect
ssl_context=context)

File “/usr/lib/python3/dist-packages/urllib3/util/ssl_.py”, line 329, in ssl_wrap_socket
return context.wrap_socket(sock, server_hostname=server_hostname)

File “/usr/lib/python3.6/ssl.py”, line 407, in wrap_socket
_context=self, _session=session)

File “/usr/lib/python3.6/ssl.py”, line 817, in init
self.do_handshake()

File “/usr/lib/python3.6/ssl.py”, line 1077, in do_handshake
self._sslobj.do_handshake()

File “/usr/lib/python3.6/ssl.py”, line 689, in do_handshake
self._sslobj.do_handshake()

OSError: [Errno 0] Error

During handling of the above exception, another exception occurred:

Traceback (most recent call last):

File “/usr/lib/python3/dist-packages/requests/adapters.py”, line 440, in send
timeout=timeout

File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 639, in urlopen
_stacktrace=sys.exc_info()[2])

File “/usr/lib/python3/dist-packages/urllib3/util/retry.py”, line 357, in increment
raise six.reraise(type(error), error, _stacktrace)

File “/usr/lib/python3/dist-packages/six.py”, line 692, in reraise
raise value.with_traceback(tb)

File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 601, in urlopen
chunked=chunked)

File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 346, in _make_request
self._validate_conn(conn)

File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 852, in _validate_conn
conn.connect()

File “/usr/lib/python3/dist-packages/urllib3/connection.py”, line 326, in connect
ssl_context=context)

File “/usr/lib/python3/dist-packages/urllib3/util/ssl_.py”, line 329, in ssl_wrap_socket
return context.wrap_socket(sock, server_hostname=server_hostname)

File “/usr/lib/python3.6/ssl.py”, line 407, in wrap_socket
_context=self, _session=session)

File “/usr/lib/python3.6/ssl.py”, line 817, in init
self.do_handshake()

File “/usr/lib/python3.6/ssl.py”, line 1077, in do_handshake
self._sslobj.do_handshake()

File “/usr/lib/python3.6/ssl.py”, line 689, in do_handshake
self._sslobj.do_handshake()

urllib3.exceptions.ProtocolError: (‘Connection aborted.’, OSError(0, ‘Error’))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):

File “/usr/lib/python3/dist-packages/twisted/internet/defer.py”, line 1386, in _inlineCallbacks
result = g.send(result)

File “/usr/lib/python3/dist-packages/globaleaks/handlers/admin/https.py”, line 550, in post
tos_url = letsencrypt.get_boulder_tos(Settings.acme_directory_url, accnt_key)

File “/usr/lib/python3/dist-packages/globaleaks/utils/letsencrypt.py”, line 38, in get_boulder_tos
return create_v2_client(directory_url, accnt_key).directory.meta.terms_of_service

File “/usr/lib/python3/dist-packages/globaleaks/utils/letsencrypt.py”, line 31, in create_v2_client
directory = messages.Directory.from_json(net.get(directory_url).json())

File “/usr/lib/python3/dist-packages/acme/client.py”, line 1097, in get
self._send_request(‘GET’, url, **kwargs), content_type=content_type)

File “/usr/lib/python3/dist-packages/acme/client.py”, line 1046, in _send_request
response = self.session.request(method, url, *args, **kwargs)

File “/usr/lib/python3/dist-packages/requests/sessions.py”, line 520, in request
resp = self.send(prep, **send_kwargs)

File “/usr/lib/python3/dist-packages/requests/sessions.py”, line 630, in send
r = adapter.send(request, **kwargs)

File “/usr/lib/python3/dist-packages/requests/adapters.py”, line 490, in send
raise ConnectionError(err, request=request)

requests.exceptions.ConnectionError: (‘Connection aborted.’, OSError(0, ‘Error’))


#18

@jestboniface: is there any firewall between the server and internet? is it possible that this firewall is blocking outgoing connections?


#19

No, there isn’t any firewall


#20

@jestboniface: is the domain someking special?

can you pass it to me here or privately?