Trying to start up my fistl little amber project in production mode like so
AMBER_ENV=production amber watch, I get that error.
The project works in development mode, all it does just pulls a random row from DB, and displays the result.
Fairly sure this is something with my setup, and probably because I'm doing it wrong.
I would appreciate any help
Goal:
I'm basically trying to figure out how to deploy to non-aws/do server ( on my own home "cloud")
I followed the video deployment tutorial for digital ocean and ran into some issues. But that's for another ticket.
AMBER_ENV=production amber watchExpected behavior:
It should start up ( it works just fine on my Macbook both in dev and in prod)
Actual behavior:
I get
```shell
10:03:17 Watcher | (INFO) Watching 17 files (server reload)...
10:03:17 Watcher | (INFO) Building project Cuot...
10:03:28 Watcher | (INFO) Terminating app Cuot...
10:03:28 Watcher | (INFO) Starting Cuot...
10:03:28 NodeJS | (INFO) Installing dependencies...
10:03:28 NodeJS | (INFO) Watching public directory
Unsupported cipher algorithm "aes-256-cbc" (ArgumentError)
from /usr/share/crystal/src/openssl/cipher.cr:12:12 in 'initialize'
from /usr/share/crystal/src/openssl/cipher.cr:8:3 in 'new'
from lib/amber/src/amber/support/message_encryptor.cr:51:7 in 'decrypt'
from lib/amber/src/amber/support/message_encryptor.cr:24:9 in 'verify_and_decrypt'
from lib/amber/src/amber/support/file_encryptor.cr:10:7 in 'read'
from lib/amber/src/amber/support/file_encryptor.cr:19:18 in 'read_as_string'
from lib/amber/src/amber/support/file_encryptor.cr:18:5 in 'read_as_string'
from lib/amber/src/amber/environment/loader.cr:16:9 in 'settings_content'
from lib/amber/src/amber/environment/loader.cr:9:26 in 'settings'
from lib/amber/src/amber.cr:24:3 in 'settings'
from config/initializers/database.cr:3:38 in '__crystal_main'
from /usr/share/crystal/src/crystal/main.cr:11:3 in '_crystal_main'
from /usr/share/crystal/src/crystal/main.cr:112:5 in 'main_user_code'
from /usr/share/crystal/src/crystal/main.cr:101:7 in 'main'
from /usr/share/crystal/src/crystal/main.cr:135:3 in 'main'
from __libc_start_main
from _start
from ???
up to date in 18.495s```
Trying it out on Ubuntu 16.04 VM ( works on my osx)
Crystal 0.24.2 [4f9ed8d03] (2018-03-08)
Amber CLI (amberframework.org) - v0.7.2
Here is output from openssl
shell
Cipher commands (see the `enc' command for more details)
aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb
aes-256-cbc aes-256-ecb base64 bf
bf-cbc bf-cfb bf-ecb bf-ofb
camellia-128-cbc camellia-128-ecb camellia-192-cbc camellia-192-ecb
camellia-256-cbc camellia-256-ecb cast cast-cbc
cast5-cbc cast5-cfb cast5-ecb cast5-ofb
des des-cbc des-cfb des-ecb
des-ede des-ede-cbc des-ede-cfb des-ede-ofb
des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb
des-ofb des3 desx rc2
rc2-40-cbc rc2-64-cbc rc2-cbc rc2-cfb
rc2-ecb rc2-ofb rc4 rc4-40
seed seed-cbc seed-cfb seed-ecb
seed-ofb
Hi @konung Interesting issue, I think this looks like a crystal-issue, although I guess maybe we're using some non-standard cipher algorithm
/cc @elorest
I followed the video deployment tutorial for digital ocean and ran into some issues. But that's for another ticket.
Yeah, that video is a bit outdated, we changed some things :sweat_smile:
We already have some open tickets about updating current documentation :+1:
Thanks for looking into it.
So this is related to the version of Openssl as well.
ON my mac where it all works, I have Openssl 1.1.1-dev
Where is my openssl on ubuntu was 1.0.2g ( which is the default one avaible from via apt )
So I downloaded and compiled latest opensssl, and it worked like a charm.
Here is the snippet:
sudo -s
cd /usr/local/src && apt install gcc make -y
wget https://www.openssl.org/source/openssl-1.1.1-pre4.tar.gz && tar xzvf openssl-1.1.1-pre4.tar.gz && cd openssl-1.1.1-pre4
./config -Wl,--enable-new-dtags,-rpath,'$(LIBRPATH)'
make
make install
reboot
openssl version
sudo -s
nano /etc/ld.so.conf
include /usr/local/openssl/lib
ldconfig
@konung @faustinoaq aes-256-cbc is a very supported algorithm currently used as a recommended cypher for tls. It's also used by rails encryption. I actually just gave a talk on this at the ruby meetup this week. https://github.com/elorest/image_encrypter
I find it interesting that the cypher in question is actually listed in your available ciphers above. I'm currently running amber on on 2 macs and a couple linux computers without getting this issue.
How did you install openssl? You might need to brew install it on a mac as it's built in version might not have shared libs available. I've run into that issue with rails before.
Have you tried updating the open ssl package on the Ubuntu machine? And upgrade could correct the issue
Good point. I didn't notice you were on ubuntu.
@konung If you want to use openssl with programming ruby, go, python, crystal etc you have to install openssl-dev
sudo apt-get install openssl-dev
@konung This doesn't relate to your openssl problem, but there's no need to run amber watch in production. This stackoverflow question/answer has details on how to build and run your app in production mode (once you get the openssl issue figured out).
@robacarp Awesome. That was one of the things I was looking for! ( Would be a good to have a section like that in the deployment parts of the Guides I think. Something along the line, deploying with Nginx, load balancing & scaling)
@eliasjpr Good idea, but I'm using the latest one already (that's available via apt-get 1.0.2g). This is a brand new VM with Ubuntu 16.04.4 LTS . And all the packages updated and upgraded. I was able to compile several Rubies ( 2.4.2 & 2.5.1) with rbenv without any issues ( they also depend on openssl)
@elorest Great suggestion, but the package is actually libssl-dev ( not openssl-dev), and I have it installed ( It's a requirement for ruby-build as well). But If I get the latest one dev package from the openssl website and make install, amber starts up fine. However, it breaks my rbenv setup. So I need to try to play with versions and see which one works better. the latest stable one from the website is 1.1.0 ( I need to try that) and Ubutntu has Openssl 1.0.2g. The one that worked for my amber setup was Openssl 1.1.1-pre4
Thank you!
@konung are you good so we can close this issue?
Yep.
Thank you, everyone, for your time!