Should point to a running camunda engine

satyaram413 · March 11, 2021, 1:48pm

I have recently deployed my microservice which has camunda engine rest dependency on a Kubernetes cluster, pod is running fine, and I am able to login via the camunda portal (https://xyz.com/camunda/app/welcome/default/#!/login). I am able to get the group of a user, using the camunda-engine rest api https://xyz.com/engine-rest/identity/groups?userId=admin.

Somehow when i try to deploy bpmn using Camunda Modeler, and enter the endpoint which looks like this, (https://xyz.com/engine-rest/deployment/create) I get to see “Camunda Engine should be running at this endpoint”. I am able to get the users inside a group using a rest api, then why not deploy using Camunda Modeler?

Please help me

camunda_sailor · March 11, 2021, 5:56pm

You should just put https://…/engine-rest and nothing else, so remove “/deployment/create” from the url you have and try again

satyaram413 · March 12, 2021, 6:41am

But that doesn’t really work, it should deployment/create, that is what really works. I found the issue, it’s because I am using HTTPS here, in postman, I am able to call engine-rest APIs because I have disabled SSL there so that kinda works. but for the Camunda modeler, there isn’t an option to disable it.

MaximMonin · March 12, 2021, 7:38pm

Camunda Modeller can works throught https. It uses Chrome browser settings while connecting to rest-endpoint
If ssl certificate is self signed, then you should place rootCA certificate to Trusted certificate list in your browser.

fateme · June 23, 2022, 3:09pm

@MaximMonin can you explain your solution please. I have the same problem. How can I access to rootCA certificate?

MaximMonin · June 23, 2022, 5:23pm

github.com

MaximMonin/camunda-plugins/blob/master/ssl.sh

#!/bin/bash

mkdir cfg/ssl
openssl genrsa -out cfg/ssl/rootcamundaCA.key 2048
openssl req -x509 -new -nodes -key cfg/ssl/rootcamundaCA.key -sha256 -days 3650 -out cfg/ssl/rootcamundaCA.crt \
 -subj "/C=UA/ST=Dev/L=Dev/O=YourEnt/OU=IT/CN=camundaCA"

openssl req -new -newkey rsa:2048 -nodes -out cfg/ssl/camunda.csr -keyout cfg/ssl/camunda.key \
 -subj "/C=UA/ST=Dev/L=Dev/O=YourEnt/OU=IT/CN=camunda"
openssl x509 -req -days 3650 -in cfg/ssl/camunda.csr -CA cfg/ssl/rootcamundaCA.crt -CAkey cfg/ssl/rootcamundaCA.key -CAcreateserial -out cfg/ssl/camunda.crt -extfile cfg/v3.cnf

openssl pkcs12 -export -in cfg/ssl/camunda.crt -inkey cfg/ssl/camunda.key -out cfg/ssl/camunda.p12 -name tomcat
openssl dhparam -dsaparam -out cfg/ssl/dhparam.pem 4096
chmod 644 cfg/ssl/camunda.p12

Check certificate generation script and nginx config in this project

github.com

MaximMonin/camunda-plugins/blob/master/cfg/camunda-dev.conf

upstream camunda_cluster {
     least_conn;
     server camunda-engine1:8080;
     server camunda-engine2:8080;
}
upstream camunda_web {
     server camunda-engine1:8080;
     server camunda-engine2:8080;
}

log_format upstream_time '$remote_addr - $remote_user [$time_local] '
                         '"$request" $status $body_bytes_sent '
                         '"$http_referer" "$http_user_agent"'
                         'rt=$request_time uct="$upstream_connect_time" uht="$upstream_header_time" urt="$upstream_response_time"';

server {
   listen 443 http2 ssl;

   access_log /var/log/nginx/access.log upstream_time;

This file has been truncated. show original

fateme · June 28, 2022, 1:42pm

Thanks a lot, my problem was solved by restoring the default.yaml configuration file to default

system · January 30, 2024, 12:56pm