Jump to content


  • Posts

  • Joined

  • Last visited

  • Days Won


trx last won the day on December 21 2017

trx had the most liked content!

Profile Information

  • Gender

Recent Profile Visitors

1,460 profile views

trx's Achievements


Newbie (1/14)

  • First Post Rare
  • Collaborator Rare
  • Conversation Starter Rare
  • Week One Done Rare
  • One Month Later Rare

Recent Badges



  1. Unfortunately it didn't fix my problem. We use currently an let's Encrypt certificate that will be updated regularly. The issue started probably since the last update, but unfortunately we also updated the PlasticSCM server in that go Thanks
  2. Hi, Since a recent PlaticSCM server update, we are not able to connect with our Linux Clients to the self hosted Team Edition Server. All the Windows Clients work perfectly only Linux Clients are affected (tested on multiple machines) a cm repository returns: Error: The remote certificate was rejected by the provided RemoteCertificateValidationCallback. Log output is: 2021-10-01 14:14:38,972 user INFO Channel - Rejected certificate validation info: Sender: Certificate: SHA1: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX MD5: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Subject: CN=our.domain.name Issuer: CN=R3, O=Let's Encrypt, C=US Expiration: 11/29/2021 7:44:23 AM Version: 3 Chain: Policy: Revocation mode: NoCheck Revocation flags: ExcludeRoot Verification flags: NoFlag Verification time: 10/1/2021 2:14:38 PM SslPolicyErrors: RemoteCertificateChainErrors 2021-10-01 14:14:38,975 user DEBUG ConnectClientSsl - Connect exception: System.IO.IOException. Message: The authentication or decryption has failed. 2021-10-01 14:14:38,975 user ERROR PlasticPipe - Error happened trying to SSL to ssl://our.domain.name:8088. The authentication or decryption has failed. 2021-10-01 14:14:38,976 user ERROR PlasticPipe - Failed to negotiate remoting SSL with ssl://our.domain.name:8088. Will try starting a TCP connection then switching to SSL 2021-10-01 14:14:38,976 user DEBUG Channel - Purging connection to ssl://our.domain.name:8088 2021-10-01 14:14:38,990 user DEBUG ConnectionCreator - Create connection to ssl://our.domain.name:8088 took 13 ms seems like a certficiate ChainError, but it worked till the recent update. Thanks Fabian
  3. Hi, Unfortunately I already deleted and re-replicated the repo and the issue disappeared, so I'll see it when we migrate the real thing if there are any issues ^^ Thanks! Fabian
  4. Hi! I'm currently looking into migrating our self hosted Plastic Server from MySQL to a Jet database. Of course I currently test the migration on a testing machine (which has some replicated repos on it). I'm using the web-gui interface. Now it gets stuck on this error: The migration progress has failed: Unable to copy the repository database rep_34: Table 'rep_34.reviewcomment' doesn't exist when I try to restart the migration process this message pops up: The migration progress has failed: Unable to copy the repositories database: Could not map file And I have to delete all the migrated repo folders first before i can try it again (don't know if this is on purpose) Additionally I have some questions regarding the migration: 1. We have some big Repos (100GB+) I've read on http://blog.plasticscm.com/2018/06/story-of-jet-fast-repo-storage.html that they may cause problems? I've not had the possibility to test it yet on the testing machine because of the above mentioned error. 2. Is there any hardware specification changes regarding mysql/jet (More RAM etc.)? Thanks! Best Fabian
  5. Sure A few small considerations before you start: I've only tested it for Ubuntu 16.04 LTS (but should work for any linux nginx and plasticSCM support) Try it out in testing environment first (as usual) Make sure you have an ssl certificate (a signed certificate from a ca is usually the better way than a self-signed, it can prevent a lot of annoying troubles) make sure you have the port you want to use open in your firewall (I forgot that so many times ) If your plastic server is on the same machine as nginx you need to of course choose another port than the one from the webadmin server (7178) If you have apache or any other webserver running on your machine you probably want to decide if nginx or apache listens to the standard ports (80,443 etc.) I dont have apache so i can't tell you, but there are a lot of instructions online how to do it. Just to make sure, the ssl communication is only between the user (browser) and the nginx server, nginx proxy passes to webadmin server via http. As long as both are on the same server its not huge security problem. NGINX (https://nginx.org/en/) So i don't want to go too deep into nginx as it would be a long story for itself but anyways a few small steps if you haven't set up nginx and ssl yet: if you haven't, Install nginx on your server (ubuntu: apt-get install nginx, any other see: https://nginx.org/en/linux_packages.html) for the basics: https://nginx.org/en/docs/beginners_guide.html (try out the basics first before you implement ssl to see if everything works) SSL configuration in nginx is a bit tricky: I used https://mozilla.github.io/server-side-tls/ssl-config-generator/ for the basic configuration you may have to prepare your ssl certificate for the use in nginx (your CA will usually provide instructions on how to do it) When you have set up nginx now comes the easy part: location / { proxy_pass http://localhost:7178; } will forward the incoming request to your local running plasticSCM webadmin gui. I have not set any header_set as it seems to work that way. my nginx configuration: server { listen 80 default_server; listen [::]:80 default_server; ## replace that with your incomcoming domain or ip server_name my.domain.name; # Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response. return 301 https://$host$request_uri; } server { ## I use here another port, as I already used the 443 port listen 443 ssl http2; listen [::]:443 ssl http2; ## replace that with your incomcoming domain or ip server_name my.domain.name; # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate ssl_certificate path/to/ssl-bundle.crt; ssl_certificate_key path/to/my_domain_name.key; ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; #ssl_session_tickets off; # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits ssl_dhparam /etc/nginx/ssl/dhparam.pem; # intermediate configuration. tweak to your needs. ssl_protocols TLSv1.2; ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; ssl_prefer_server_ciphers on; # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months) add_header Strict-Transport-Security max-age=15768000; # OCSP Stapling --- # fetch OCSP records from URL in ssl_certificate and cache them ssl_stapling on; ssl_stapling_verify on; ## verify chain of trust of OCSP response using Root CA and Intermediate certs ssl_trusted_certificate path/to/ssl_trusted_cert_bundle.key; location / { proxy_pass http://localhost:7178; } ## This does not work yet as i can not set any base path in the plasticSCM webadmin server # # location /plastic { # proxy_pass http://localhost:7178; # } ## } I use a dedicated ssl port for the webadmin as i already use the 443 port for other services, and because you cannot set any base path in the webadmin server i cannot use any sub locations. If you use the standard 443 port I highly recommend you to use the http to https redirect (at the beginning of the file) to prevent any unsecured http connection on port 80. hope that helps best Fabian
  6. Okay! I was able to make it work I was trying to use a sub location (servername.com/plasticscm/) with the standard https port, but without the possibility to set a base path in the plastic webadmin it didn't work. Now I'm using a different port and it seems to work. thanks anyway
  7. Hi As far is I know the webadmin page cannot be accessed via https / ssl yet. As I'm currently running my plasticscm on an linux server with nginx handling all incoming requests (and requires ssl for all ports) i was trying to get access the webadmin via a proxy forwarding. (internally nginx connects normally in non-ssl way the webadmin-server) Unfortunately the webadmin server does not accept this somehow (get a 404). I assume the webadmin server blocks proxy requests but it could also be that my nginx config is not properly set up. Or do i have to wait until the webadmin supports ssl-certificates? best Fabian
  8. So i got it running now! Had to change two things: It seems, that it is not working with TLSv1.2 or TLSv1.1. I added TLSv1 to the ssl_protocols in nginx and I suddenly got a 404 error on connection (So I knew at least i got a connection to the server). The second part was that the hostname in the plasticSCM jira settings had a path after the port (https://xxx.xxxxx.xx:443/jira) so I moved the /jira to the REST URL (/jira/rest/api/2/). Seems like the path after the port is ignored or cut away. And voilà it worked. Thanks again!
  9. Unfortunately it didn't work, but at least i get now an error: An existing connection was forcibly closed by the remote host. Could it be that is has something to do that as we have the jira server behind an nginx reverse proxy that has pretty straight security rules for ssl/tls connections (only allows TLSv1.2)? plastic20170807-15.log.txt
  10. Attached the file with header and json response best fabian jiraAPIStatus.txt
  11. Here you go: Thank you for the quick reply, best Fabian plastic20170804-15.log.txt jira.conf
  12. Hi! I try to establish a connection to Jira (self hosted) via an ssl connection via the 443 port I always get an error: Test Connection failed. Please Review the entered values. the plastic log only shows me these message: 2017-08-04 13:39:20,805 ERROR jiraextensionrest - Could not get the statuses from the JIRA server: The underlying connection was closed: An unexpected error occurred on a send. 2017-08-04 13:39:20,805 DEBUG jiraextensionrest - Stack trace: at System.Net.HttpWebRequest.GetResponse() at Codice.Client.IssueTracker.Jira.JiraRestClient.GetResponse(HttpWebRequest request) at Codice.Client.IssueTracker.Jira.JiraRestClient.GetStatuses() I'm pretty sure the host settings and rest of the settings are correct, as i can get access via the api through a browser or curl (also ssl). the host name goes something like this : https://my.jiraserverdomainname.com:443/jira plastic version: jira version: 7.3.2 Thank you Fabian
  13. Is there any news or time-frame when plasticSCM will support ubuntu 16.04 new apt-get version?
  • Create New...