Regigate appliance tech

From regify WIKI
Jump to navigation Jump to search

Debugging regigate

Set regigate debug level in HA mode

$ vim /d1/etc/rfmilter/route-1/conf.json

Change "logLevel" to be "verb" instead of "info" and save. Now restart rfmilter using

$ svc -t /service/rfmilter1-1/

You can inspect the log now using:

$ tail -f /d1/log/rfmilter/debug-1.log

Please, don't forget to reset log level to "info" after you fixed your issues.

Set regigate debug level in normal mode

$ vim /etc/rfmilter/route-1/conf.json

Change "logLevel" to be "verb" instead of "info" and save. Now restart rfmilter using

$ svc -t /service/rfmilter-1/

You can inspect the log now using:

$ tail -f /var/log/rfmilter/debug-1.log

Please, don't forget to reset log level to "info" after you fixed your issues.

Test valid provider connection

There are several tests available for you:

 $ curl -k https://regify.company.com:9001/
 curl: (7) Failed connect to regify.company.com:9001; No route to host

The above result means, firewall not setup correctly or wrong regigate IP entered at provider, which equals firewall not set up.

 $ curl -k https://regify.company.com:9001/
 curl: (35) error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert 

Above you can see an SSL handshake error because of certificate issue. Maybe the cert from regigate needs to get signed again by the regify provider.

As a final test for full functionality, you can do this (for HA mode, you have to replace /etc with /d1/etc):

$ curl -k --key /etc/rfmilter/route-1/client.key -E /etc/rfmilter/route-1/client.crt https://regify.company.com:9001/
{"status":"INVALID","code":2,"desc":"","version":"4.0.10.5814"}

The return of a valid JSON encoded string (even if it says invalid) points you to a working regigate connection.

Generic questions

I can't paste the signed certificate / the rules / user lists?

Please note the following hints in order to paste:

  • If you paste the cert/rules/list and ctrl+d does not work, try pressing the enter key first and then ctrl.d.
  • Be sure to copy directly from PuTTY to the browser window and back.
  • Every intermediate software is not allowed to add other line-breaks. If you need to use an external editor in between, please make sure he is not adding or changing the line-breaks.