How to Check SSL Ciphers
How to Check SSL Ciphers If you have enabled SSL on Sisense side, the Nginx controller will be deployed in the default namespace. To check the currently configured ciphers run the following command and check the "nginx.ingress.kubernetes.io/ssl-ciphers:" row: kubectl -n sisense describe ingress Name: sisense-ingress Labels: app=api-gateway app.kubernetes.io/managed-by=Helm chart=api-gateway-2024.2.077 release=sisense sisense-version=2024.2.077 Namespace: sisense Address: Ingress Class: <none> Default backend: <default> TLS: sisense-tls terminates Rules: Host Path Backends ---- ---- -------- paragoninsgroup.sisense.com / api-gateway-external:8456 (10.42.140.227:8456) Annotations: kubernetes.io/ingress.class: nginx kubernetes.io/tls-acme: true meta.helm.sh/release-name: sisense meta.helm.sh/release-namespace: sisense nginx.ingress.kubernetes.io/configuration-snippet: more_clear_headers Server; nginx.ingress.kubernetes.io/proxy-body-size: 0m nginx.ingress.kubernetes.io/proxy-read-timeout: 300 nginx.ingress.kubernetes.io/ssl-ciphers: ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS:!AESCCM nginx.ingress.kubernetes.io/ssl-prefer-server-ciphers: true To decrypt the full list of the currently used ciphers use the string from the mentioned row with the following command: openssl ciphers -v 'ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS:!AESCCM' | column -t Output Example: ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD ECDH-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(256) Mac=AEAD ECDH-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(256) Mac=AEAD ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD ECDH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(128) Mac=AEAD ECDH-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(128) Mac=AEAD DH-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH/DSS Au=DH Enc=AESGCM(256) Mac=AEAD DH-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH/RSA Au=DH Enc=AESGCM(256) Mac=AEAD DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD DH-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH/DSS Au=DH Enc=AESGCM(128) Mac=AEAD DH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH/RSA Au=DH Enc=AESGCM(128) Mac=AEAD DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384 ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384 ECDHE-RSA-AES256-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1 ECDHE-ECDSA-AES256-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1 ECDH-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AES(256) Mac=SHA384 ECDH-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256) Mac=SHA384 ECDH-RSA-AES256-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(256) Mac=SHA1 ECDH-ECDSA-AES256-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256) Mac=SHA1 DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256 DH-RSA-AES256-SHA256 TLSv1.2 Kx=DH/RSA Au=DH Enc=AES(256) Mac=SHA256 DH-DSS-AES256-SHA256 TLSv1.2 Kx=DH/DSS Au=DH Enc=AES(256) Mac=SHA256 DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 DH-RSA-AES256-SHA SSLv3 Kx=DH/RSA Au=DH Enc=AES(256) Mac=SHA1 DH-DSS-AES256-SHA SSLv3 Kx=DH/DSS Au=DH Enc=AES(256) Mac=SHA1 ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256 ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256 ECDHE-RSA-AES128-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1 ECDHE-ECDSA-AES128-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1 ECDH-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AES(128) Mac=SHA256 ECDH-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128) Mac=SHA256 ECDH-RSA-AES128-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(128) Mac=SHA1 ECDH-ECDSA-AES128-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128) Mac=SHA1 DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256 DH-RSA-AES128-SHA256 TLSv1.2 Kx=DH/RSA Au=DH Enc=AES(128) Mac=SHA256 DH-DSS-AES128-SHA256 TLSv1.2 Kx=DH/DSS Au=DH Enc=AES(128) Mac=SHA256 DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1 DH-RSA-AES128-SHA SSLv3 Kx=DH/RSA Au=DH Enc=AES(128) Mac=SHA1 DH-DSS-AES128-SHA SSLv3 Kx=DH/DSS Au=DH Enc=AES(128) Mac=SHA1 AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD AES256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA256 AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 AES128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA256 AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1 Check out this related content: Academy course Sisense DocumentationConfiguring/Adjusting Readiness Probes for Containers
Readiness probes are critical in container orchestration to ensure that containers are ready to handle traffic before they are included in service load balancing. If a container fails readiness probes due to insufficient thresholds, adjusting these parameters can help. This guide explains how to modify readiness probe settings to accommodate containers with longer startup times.
Health and Maintenance of Sisense Environment
Overview: Keeping your Sisense environment healthy and up to date is essential to a successful Sisense instance. This article contains general information about Sisense deployment and maintenance. Please reference the linked articles for additional information. Topics: Clean installation Upgrade Migration Clean installation When first deploying Sisense it is important to review the Installation guide and ensure any prerequisite programs are installed. Keep in mind that Sisense depends on particular Sisense roles and features which are discussed below. Technical Requirements: .NET Framework 4.6.1 (as of Sisense Version 7.3) Visual C++ Redistributable Packages Java Runtime Environment The software components above along with Windows roles and features responsible for running IIS will be installed automatically within Sisense installation. Installing Sisense Minimum Requirements For organizations that do not allow their server to access the internet can use the offline installer process. Installing Sisense Offline For additional information about keeping your Sisense environment clean and performing well, please refer to this article: Performance Issues Troubleshooting Upgrade Each version includes new features and enhancements as well as other improvements. Please read our release notes and check if there are any breaking changes in the version you are upgrading to. We strongly recommend upgrading a staging environment first so you can know how the upgrade will affect your users and your configuration before upgrading your production environment. Make sure to back up your current instance before the upgrade. Feel free to contact your Customer Success Manager (CSM) or our Sisense Support team if any additional consultation is needed. Upgrading Sisense Backing up Sisense Release Notes Migration Occasionally you come across a situation when you need to migrate Sisense to a different server (for example moving from Windows Server 2012 to Windows Server 2016). In general, Sisense consists of 2 parts: Back-End: The Back-end includes your ElastiCubes - where all of the data to analyze is stored Front-End: Front-end that includes dashboards and system configuration. Each each component can be migrated in several ways. For more information please reference the following article and follow the instructions specific to your Sisense version. Please contact your CSM if Sisense migration will make you go over limit on server licenses. Migrating SisenseShow the installation logs during silent installation
In case if you need to see the logs in the CMD during the Sisense installation you can run the following command: set logpath=%temp%\install.log start "" /wait "PathTo\SisenseInstall.exe" -q -username=bla -password=bla -l "%logpath%" type "%logpath%"Relocating /var/lib/docker directory
Docker uses /var/lib/docker to store images, containers, and local named volumes. Deleting this can result in data loss and possibly stop the engine from running. However in case if it is needed to free some space on the root volume, it is possible to relocate this directory to another partition or drive. This tutorial describes two ways on how to move the /var/lib/docker directory in Linux.
