Closed tbennett6421 closed 4 years ago
We wouldn't recommend using latest. We're still adding additional features and making changes that might require modifications to the docker compose. It's best to have your compose manually configured to the specific container version that compose is intended for.
Okay. I tried
image: securityriskadvisors/vectr_tomcat:5.6.3
and brought the solution down and back up, it didn't say tomcat was up to date so I assume it tried to pull that version, but the vectr instance still shows the old version.
ubuntu@host:/opt/vectr/vectr-deploy/app$ sudo docker-compose -f docker-compose.yml -f devSsl.yml -p vectr up -d
vectr_mongo is up-to-date
Creating vectr_tomcat ...
Creating vectr_tomcat ... done
Is there some command I need to run to start the upgrade, or do I need to download the zip from git and attempt to deploy a new vectr and export/import our existing data?
https://github.com/SecurityRiskAdvisors/VECTR/releases/tag/ce-5.6.3
Ah wait, I see a migration process in the docs, for 5.4 upwards. Let me try that out and report back
Yeah, you'll need to follow those instructions. To clarify we don't currently use the "latest" tag as some containers do. Using "latest" won't return any container images and won't work. If we decide to change this in the future we'll update our documentation accordingly.
Let us know if you need any help with the 5.4 migration.
hmm, It looks like I'm getting a CAS error. I dropped my ssl.key
and ssl.crt
into <VECTR_DEPLOY_DIR>/user/certs
# export PRI=user/certs/ssl.key
# export PUB=user/certs/ssl.crt
# file $PRI
user/certs/ssl.key: ASCII text
# openssl rsa -in $PRI -text | head
RSA Private-Key: (4096 bit, 2 primes)
modulus:
00:c3:ea:e5:bc:a5:ca:6c:fd:94:ca:fe:5e:f4:80:
33:87:88:be:ac:1e:4c:c2:8b:90:c5:5d:cc:a5:12:
# file $PUB
user/certs/ssl.crt: PEM certificate
# openssl x509 -in $PUB -text | head
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
14:f9:a3:52:7d:c3:74:e4:c6:70:48:1b:76:c3:aa:90:45:f4:a5:e6
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, ST = PA, L = Philadelphia, O = SRA, OU = VECTR, CN = ca, emailAddress = certs@example.com
Validity
Not Before: Mar 11 15:43:20 2020 GMT
Not After : Mar 9 15:43:20 2030 GMT
# openssl rsa -noout -modulus -in $PRI | openssl sha1
(stdin)= 86e0caf0984009281a7cef8bb65ad82b89f3d41a
# openssl x509 -noout -modulus -in $PUB | openssl sha1
(stdin)= 86e0caf0984009281a7cef8bb65ad82b89f3d41a
# cat $PRI | head -n 2
-----BEGIN PRIVATE KEY-----
MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDD6uW8pcps/ZTK
# cat $PUB | head -n 2
-----BEGIN CERTIFICATE-----
MIIGgDCCBGigAwIBAgIUFPmjUn3DdOTGcEgbdsOqkEX0peYwDQYJKoZIhvcNAQEL
Since the issuer is Issuer: C = US, ST = PA, L = Philadelphia, O = SRA, OU = VECTR, CN = ca, emailAddress = certs@example.com
Do I need to add something to the env to configure it properly.
For reference vectrRootCA.key does not appear to be encrypted.
cat user/certs/vectrRootCA.key
-----BEGIN RSA PRIVATE KEY-----
Application not authorized is often caused by a load balancer or hostname issue. Is your .env file configured to reflect the hostname and port you're navigating to?
VECTR_HOSTNAME
, VECTR_PORT
are correct, and there is no load-balancer in place.
VECTR_HOSTNAME
is vectr.example.com
VECTR_PORT
is 443
ssl.crt
has a CN=vectr.example.com
and a SAN entry for dns:vectr.example.com
Browsing to https://vectr.example.com
See this comment for potential fixes.
https://github.com/SecurityRiskAdvisors/VECTR/issues/74#issuecomment-661874588
If you're still having issues email us at vectrops@securityriskadvisors.com for further assistance.
I sent you guys an email.
Greetings,
Looking at the upgrade notes here: https://docs.vectr.io/Upgrading-an-existing-VECTR-installation/
I notice my vectr_tomcat pulls latest. When bringing docker down and back up it doesn't seem to pull the latest version.
My question is chould I change
image: vectr_tomcat:latest
to one of the following, and issuedocker down
/docker up
image: securityriskadvisors/vectr_tomcat:5.5.7
orimage: securityriskadvisors/vectr_tomcat:latest
See the following docker-compose.yml