Bug #4174
Accessing cn.dataone.org through http causes redirect to https of specific machine hostname
100%
Description
When accessing cn.dataone.org, the browser picks up the hostname in the response and uses the specific host name instead of the generic cn.dataone.org.
This means that subsequent requests will be against a specific CN which may not be participating in the environment at a future point in time.
The simple solution appears to be setting ServerName in the apache config files to be "cn.dataone.org" instead of the specific host name. However this will need to be tested across services, especially the identity management portal to ensure operation is as expected after the change.
Related issues
Associated revisions
History
#1 Updated by Skye Roseboom over 10 years ago
- Category changed from d1_mercury to d1_cn_buildout
#2 Updated by Skye Roseboom over 10 years ago
- Assignee changed from Skye Roseboom to Robert Waltz
Robert - do you know where in our apache config the hostname variable is set? I can do testing but not familiar with current apache config with respect to hostname and RR.
Maybe this is a problem with the rewrite rules?
I see same issues with http -- request cn.dataone.org/cn/v1/node -- displays same issue.
#3 Updated by Skye Roseboom over 10 years ago
- Subject changed from Accessing cn.dataone.org through web browser ties to specific cn not the RR DNS entry to Accessing cn.dataone.org through http causes redirect to https of specific machine hostname
#4 Updated by Dave Vieglais over 10 years ago
Further inspection suggests that this is only a problem when accessing the CNs through a HTTP url. using HTTPS works as expected.
Hence it is unlikely to be resolved by the HostName setting. More likely something to do with the redirect from HTTP to HTTPS.
#5 Updated by Skye Roseboom over 10 years ago
looks like: /etc/apache2/sites-available/cn-ssl is the place for configuration of this. need to check it out.
robert - correct me if that looks wrong!
#6 Updated by Skye Roseboom over 10 years ago
- Assignee changed from Robert Waltz to Skye Roseboom
Grabbing this issue back from you Robert. Going to look into what can be done in cn-ssl.
When I have a solution, will definately ask for a review and we can look to integrate into the buildout project.
#7 Updated by Ben Leinfelder over 10 years ago
In the cn-ssl, this block needs to use the RR hostname instead of the SERVER_NAME:
DocumentRoot /var/www
ServerName SERVER_NAME
Redirect permanent / https://SERVER_NAME/
You can look this up in the debian postinst:
db_get dataone-cn-os-core/cn.router.hostname
HOSTNAME=$RET
#8 Updated by Chris Jones over 10 years ago
- Status changed from New to Closed
I've updated the postinst to use cn.router.hostname in the Apache cn-ssl config file. I've also manually changed this on the 3 production CNs, and have issued /etc/init.d/apache2 reload on UCSB and UNM. The reload on ORC (in the round robin) will happen upon upgrade this week.
