Tranquil IT Forum

Hello,
as a regular Wapt user, I recently noticed that installing Wapt on a new machine (via GPO with waptdeploy) no longer works.
It's difficult to say precisely which version (I'd say 1.6, but I also migrated from Debian to Stretch around the same time).
I upgraded Wapt to 1.7.3.3,
following the documentation here: https://www.wapt.fr/fr/doc/wapt-common- ... s-not-work.

As a result,
I recreated my GPOs (just in case, with the latest version of waptdeploy) for startup and shutdown to install Wapt.
I already had a GPO for network waiting, which is set up beforehand.
Waptdeploy works if run locally from the command line after defining a proxy in Internet Explorer with *.mylocaldomain as the proxy exception.
I created a GPO that defines these settings in Internet Explorer.
Wapt still won't install. In gpresult, the GPOs aren't being rejected.
I also tried specifying the server address in the GPO, using both HTTP and HTTPS, but there was no change.
When I shut down the computer, I get the following message:

trying http://wapt.mondomainlocal/wapt/waptagent.exe
wapt agent path c:\window\temp\waptagent.exe
wget new waptagent from http://wapt.mondomainlocal/wapt/waptagent.exe
trying to reach http://wapt.mondomainlocal/wapt/waptagent.exe...
Reachable, downloading...
Error trying to get http://wapt.mondomainlocal/wapt/waptagent.exe :Unable to download "http://wapt.mondomainlocal/wapt/waptagent.exe",
HTTP status: 503.

Error 503 seems to indicate that the server cannot access the request.
Do you have any ideas?

Hello,
I continued my investigation. The nginx service seems to be the culprit. I modified it to be in debug mode for errors.

Here's what I get when attempting to deploy from a workstation via GPO:

2019/02/27 10:11:29 [debug] 9003#9003: *3695 recv() not ready (11: Resource temporarily unavailable)

I should mention that the server is far from being overloaded. The wapt web pages work perfectly, and waptdeploy, launched locally with the hash, correctly retrieves waptagent.exe and runs the installation to completion. I suspect a modification of the configuration files during a Debian upgrade.
I haven't seen any major changes compared to what's indicated in the documentation:
https://www.wapt.fr/fr/doc/wapt-configu ... ring-nginx

Here is my config file /etc/nginx/sites-enabled/site-enabled/wapt.conf

server {


listen 80;

listen 443 ssl;
server_name _;

ssl_certificate "/opt/wapt/waptserver/ssl/cert.pem";
ssl_certificate_key "/opt/wapt/waptserver/ssl/key.pem";
ssl_protocols TLSv1.2;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_staplingon;
ssl_stapling_verify on;
ssl_session_cache none;
ssl_session_tickets off;

gzip_min_length 1000;
gzip_buffers 4 8k;
gzip_http_version 1.0;
gzip_disable "msie6";
gzip_types text/plain text/css application/json;
gzip_vary on;

indexindex.html;

location /static {
alias "/opt/wapt/waptserver/static";
}

location ~ ^/wapt.* {
proxy_set_header Cache-Control "store, no-cache, must-revalidate, post-check=0, pre-check=0";
proxy_set_header Pragma "no-cache";
proxy_set_header Expires "Sun, 19 Nov 1978 05:00:00 GMT";
root "/var/www";
}

location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

client_max_body_size 4096m;
client_body_timeout 1800;


location /add_host_kerberos {
return 403;
}


location ~ ^/(api/v3/upload_packages|api/v3/upload_hosts/|upload_waptsetup) {
proxy_pass http://127.0.0.1:8080;
client_max_body_size 4096m;
client_body_timeout 1800;
}

location /wapt-host/Packages {
return 403;
}
location / {
proxy_pass http://127.0.0.1:8080;
}

location /socket.io {
proxy_http_version 1.1;
proxy_bufferingoff;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_pass http://127.0.0.1:8080/socket.io;
}
}

and the file /etc/nginx/nginx.conf

user www-data;
worker_processes self;
pid /run/nginx.pid;
worker_rlimit_nofile 32768;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
}
http {
sendfileon;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log debug;
gzip on;
gzip_disable "msie6";
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;

If an nginx specialist happens to be around, I'd appreciate their advice...

waptdeploy is not following HTTP redirects; this may be the source of the problem.

You should either switch to HTTPS for your repository configuration on clients (repo_url=https://...)
or explicitly specify the download URL to waptdeploy:

`waptdeploy ... --waptsetupurl=https://wapt.mylocaldomain/

Good morning,
Thank you for your reply, but I have already tried those solutions.
Currently, in system shutdown GPO, I have this as an argument for waptdeploy (adding the arguments one by one without change)