Project

General

Profile

Bug #4174

Accessing cn.dataone.org through http causes redirect to https of specific machine hostname

Added by Dave Vieglais about 11 years ago. Updated about 11 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Skye Roseboom
Category:
d1_cn_buildout
Target version:
-
Start date:
Due date:
% Done:

100%

Milestone:
None
Product Version:
*
Story Points:
Sprint:

Description

When accessing cn.dataone.org, the browser picks up the hostname in the response and uses the specific host name instead of the generic cn.dataone.org.

This means that subsequent requests will be against a specific CN which may not be participating in the environment at a future point in time.

The simple solution appears to be setting ServerName in the apache config files to be "cn.dataone.org" instead of the specific host name. However this will need to be tested across services, especially the identity management portal to ensure operation is as expected after the change.


Related issues

Duplicates Infrastructure - Bug #4113: CN http redirect uses specific hostname instead of RR Closed

Associated revisions

Revision 39ef1dd2
Added by Chris Jones about 11 years ago

For Apache configurations on the CNs, use the cn.router.hostname value rather than the cn.hostname value. This allows the HTTP to HTTPS redirect to work correctly. All other services still get configured with cn.hostname.
Refs and closes #4174 , #4113

Revision 12924
Added by Chris Jones about 11 years ago

For Apache configurations on the CNs, use the cn.router.hostname value rather than the cn.hostname value. This allows the HTTP to HTTPS redirect to work correctly. All other services still get configured with cn.hostname.
Refs and closes #4174 , #4113

Revision 12924
Added by Chris Jones about 11 years ago

For Apache configurations on the CNs, use the cn.router.hostname value rather than the cn.hostname value. This allows the HTTP to HTTPS redirect to work correctly. All other services still get configured with cn.hostname.
Refs and closes #4174 , #4113

History

#1 Updated by Skye Roseboom about 11 years ago

  • Category changed from d1_mercury to d1_cn_buildout

#2 Updated by Skye Roseboom about 11 years ago

  • Assignee changed from Skye Roseboom to Robert Waltz

Robert - do you know where in our apache config the hostname variable is set? I can do testing but not familiar with current apache config with respect to hostname and RR.

Maybe this is a problem with the rewrite rules?

I see same issues with http -- request cn.dataone.org/cn/v1/node -- displays same issue.

#3 Updated by Skye Roseboom about 11 years ago

  • Subject changed from Accessing cn.dataone.org through web browser ties to specific cn not the RR DNS entry to Accessing cn.dataone.org through http causes redirect to https of specific machine hostname

#4 Updated by Dave Vieglais about 11 years ago

Further inspection suggests that this is only a problem when accessing the CNs through a HTTP url. using HTTPS works as expected.

Hence it is unlikely to be resolved by the HostName setting. More likely something to do with the redirect from HTTP to HTTPS.

#5 Updated by Skye Roseboom about 11 years ago

looks like: /etc/apache2/sites-available/cn-ssl is the place for configuration of this. need to check it out.

robert - correct me if that looks wrong!

#6 Updated by Skye Roseboom about 11 years ago

  • Assignee changed from Robert Waltz to Skye Roseboom

Grabbing this issue back from you Robert. Going to look into what can be done in cn-ssl.

When I have a solution, will definately ask for a review and we can look to integrate into the buildout project.

#7 Updated by Ben Leinfelder about 11 years ago

In the cn-ssl, this block needs to use the RR hostname instead of the SERVER_NAME:


DocumentRoot /var/www
ServerName SERVER_NAME

    Redirect permanent / https://SERVER_NAME/

You can look this up in the debian postinst:

db_get dataone-cn-os-core/cn.router.hostname
HOSTNAME=$RET

#8 Updated by Chris Jones about 11 years ago

  • Status changed from New to Closed

I've updated the postinst to use cn.router.hostname in the Apache cn-ssl config file. I've also manually changed this on the 3 production CNs, and have issued /etc/init.d/apache2 reload on UCSB and UNM. The reload on ORC (in the round robin) will happen upon upgrade this week.

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 14.8 MB)