Demo Discussion
Forum Config Examples Contributions Vulnerabilities
  Discussion forum about ELOG, Page 126 of 806  Not logged in ELOG logo
 Find |  Login |  Help 
 Full | Summary | Threaded | Hide attachments  Show only new entries    6444 Entries 
Goto page Previous  1, 2, 3 ... 125, 126, 127 ... 804, 805, 806   Next  
ID Date Icon Author Author Email Category OS ELOG Version Subject
  68835   Fri Aug 17 22:07:41 2018 Reply Andrew Wadeawade@caltech.eduQuestionLinux | Other3.1.2Re: Reverse proxy of Elog using Docker and Nginx?

Yes, I tried setting the URL parameter to the url used by the proxy.  It goes to the correct address but that landing is the login page.

Andrew

Stefan Ritt wrote:

Have you tried the "URL = ..." statement? This determines you elog redirects if you log in. If you reach elog through a proxy, the URL is a different one that if you access it directly. In your case the proxy URL might be necessary.

Stefan

Andrew Wade wrote:

I've been trying to configured a Synology NAS to run my personal elog with a reverse proxy to the outside world.  The best way seems to be running Elog in a Docker instance and then running a separate connected Docker running a nginx-proxy (in this case jwilder/nginx-proxy). This second container manages the certificates to letsencrypt and mapping URL requests to relevant containers so that connection is secured properly.  

It worked great in the initial test. However, I have an issue with authentication.  When I password protect the elog it goes to a login page.  When I give an correct password it loops back to the login page (incidentally when I give an incorrect password it gives an 'Invalid user name or password!' warning).  So I know that its getting the correct password but there is some issue that is resetting or ignoring the authentication.  I am never able to actually get to the protected content. 

Does anyone have any experience in using Nginx to setup a secure reverse proxy? Any insights into why this would mess with the authentication of elog?

 

Side note: I have tried using Apache to do the same and authentication worked fine.  But the pre-canned jwilder/nginx-proxy docker manages all the certificates automatically and seamlessly and allows me to have multiple services running on the same outward facing port on my router.  There is no equivalent (as far as I know) that uses Apache for proxying with letsencrypt​.

 

 

  68834   Thu Aug 16 13:33:39 2018 Question Gino Guenzburgergino.guenzburger@empa.chQuestionWindows3.1.3Changing of entries after expired time restriction by synchronisation

I'm working on setting up an elog as lab-journal in our group with the following set-up:

  • The elog is running on a server, with no back-end access for the users.
  • Multiple people will use it, all loging in with the same user-name and password.
  • The entries submitted to the log-book can only be edited for 24hours, as defined by the "Restrict edit time= 24" setting in the configuration file.

Now I encountered the following problem in my set-up: Entries that do not have attachments can be changed after these 24hours have passed, by the following set-up: If a user (in the current case me during testing) sets up a local elog on his computer and activates the synchronisation with the elog on the server, he can switch off the time-restriction for editing on his local elog, and if he synchronises the two log-books, the changed entry from the local elog will overwrite the original one from the server-elog.

Obviously this is not very desirable. Therefore I wanted to ask, whether anyone sees a possibility to prevent the editing of entries, which are older than the restricted edit time. A specific function or a change in the synchronisation behaviour would of course be the completest solution, but in my case the problem would also be solved if I could just prohibit the synchronisation. It is not needed, so no harm will be done if it is not possible.

 

  68833   Tue Aug 14 06:04:53 2018 Reply Stefan Rittstefan.ritt@psi.chQuestionLinux | Other3.1.2Re: Reverse proxy of Elog using Docker and Nginx?

Have you tried the "URL = ..." statement? This determines you elog redirects if you log in. If you reach elog through a proxy, the URL is a different one that if you access it directly. In your case the proxy URL might be necessary.

Stefan

Andrew Wade wrote:

I've been trying to configured a Synology NAS to run my personal elog with a reverse proxy to the outside world.  The best way seems to be running Elog in a Docker instance and then running a separate connected Docker running a nginx-proxy (in this case jwilder/nginx-proxy). This second container manages the certificates to letsencrypt and mapping URL requests to relevant containers so that connection is secured properly.  

It worked great in the initial test. However, I have an issue with authentication.  When I password protect the elog it goes to a login page.  When I give an correct password it loops back to the login page (incidentally when I give an incorrect password it gives an 'Invalid user name or password!' warning).  So I know that its getting the correct password but there is some issue that is resetting or ignoring the authentication.  I am never able to actually get to the protected content. 

Does anyone have any experience in using Nginx to setup a secure reverse proxy? Any insights into why this would mess with the authentication of elog?

 

Side note: I have tried using Apache to do the same and authentication worked fine.  But the pre-canned jwilder/nginx-proxy docker manages all the certificates automatically and seamlessly and allows me to have multiple services running on the same outward facing port on my router.  There is no equivalent (as far as I know) that uses Apache for proxying with letsencrypt​.

 

  68832   Mon Aug 13 21:09:30 2018 Question Andrew Wadeawade@caltech.eduQuestionLinux | Other3.1.2Reverse proxy of Elog using Docker and Nginx?

I've been trying to configured a Synology NAS to run my personal elog with a reverse proxy to the outside world.  The best way seems to be running Elog in a Docker instance and then running a separate connected Docker running a nginx-proxy (in this case jwilder/nginx-proxy). This second container manages the certificates to letsencrypt and mapping URL requests to relevant containers so that connection is secured properly.  

It worked great in the initial test. However, I have an issue with authentication.  When I password protect the elog it goes to a login page.  When I give an correct password it loops back to the login page (incidentally when I give an incorrect password it gives an 'Invalid user name or password!' warning).  So I know that its getting the correct password but there is some issue that is resetting or ignoring the authentication.  I am never able to actually get to the protected content. 

Does anyone have any experience in using Nginx to setup a secure reverse proxy? Any insights into why this would mess with the authentication of elog?

 

Side note: I have tried using Apache to do the same and authentication worked fine.  But the pre-canned jwilder/nginx-proxy docker manages all the certificates automatically and seamlessly and allows me to have multiple services running on the same outward facing port on my router.  There is no equivalent (as far as I know) that uses Apache for proxying with letsencrypt​.

  68830   Tue Aug 7 10:53:45 2018 Warning Andreas Luedekeandreas.luedeke@psi.chInfoLinuxelog-3.1.3Problem with eloglang.german_UTF8

I had a problem with restarting ELOG since about a year, and finally I found the culprit. I just want to share it here, to prevent anyone else to make the same mistake,

Apparently the files resources/eloglang.* are rather sensitive to the syntax. But it doesn't tell you: no warning or error message comes up.
The file eloglang.german_UTF8 contains some "missing translations" at the end - and it looks like they produce some problems.
If you don't follow the instructions to create eloglang.german_UTF8 from eloglang.german, but use the file as it is, then the language handling will be corrupted:
some (very few) language strings will point into some void and display garbage strings.
In very rare cases this will even crash "elogd", in all other cases it will confuse your users.
Sometimes ELOG commands like "?Cmd=New" were affected, which makes ELOG unusable.
What made it very hard to debug was the fact that with every restart a different string was affected.
Everything looked fine, and later you see a string in the configuration page is wrong. Restarting fixed that string, but then some other string is gone.
 
So if you see such a behaviour, check your language file for "unusual syntax".
I haven't checked if the problem is limited to UTF8 - I only saw the problem with the eloglang.german_UTF8 file.
 
Cheers, Andreas
  68829   Fri Jul 13 19:14:21 2018 Reply Lars Martinlmartin@triumf.caQuestionLinux2.9.2Re: Entry size too large for email notification

Wouldn't it make sense for ELog (by default) to still notify, but not send the attachments by e-mail if the size limit is reached?

Andreas Luedeke wrote:
Hi Jacky,
if I read the source code correctly then the maximum size of a base64 encoded email is hard coded to be 10 MB in elogd.h (recompile after changing it):
#define MAX_CONTENT_LENGTH 10*1024*1024
But I think that an 2.2 MB image should easily fit into that.
Andreas
Jacky Li wrote:

Hi,

I am doing an inline image that is about 2.2 MB.  When I do a submit, I got the following message:

Error sending Email via <i>"<email server>"</i>: Entry size too large for email notification.

May I know what is the limit of the entry size and how do I change it?  Thank you.

Jacky

 

  68828   Thu Jun 14 19:17:41 2018 Reply Stefan Rittstefan.ritt@psi.chQuestionLinux3.1.3Re: edit templates from config page
As always, Andreas has clever ideas. Never thought about this possibility.

Stefan
  68827   Thu Jun 14 18:17:07 2018 Reply Andreas Luedekeandreas.luedeke@psi.chQuestionLinux3.1.3Re: edit templates from config page
> Dear all,
>   I have some logbook which uses preset text depending on some option values, and uses text files for this.
> 
> something similar to:
> 
> Options Type = Start of shift{1}, 2h{2}, 4h{3}, 6h{4}, End of shift {5}
> 
> {1} Preset text = MCProdStart.txt
> {2} Preset text = MCProd2h.txt
> {3} Preset text = MCProd4h.txt
> {4} Preset text = MCProd6h.txt
> {5} Preset text = MCProdEnd.txt
> 
> I wonder if there is a way to change/edit the text files from the web interface if you are admin of that logbook, or if the only way is to change the files directly in the elog server.
> 
> thanks Stefano

Hi Stefano,

it is not directly foreseen in the web functionality of ELOG, but it can be done like this:

You could have a second logbook that has the content of these files each in one logbook entry. 
You call a script "Execute edit =" that runs on the server and converts the specific ELOG entry into a file on the server.
Of course this is a security vulnerability, but you can confine the possibilities of the script.
E.g. to a hard-coded list of ELOG entries and files in a specific directory.
Still, someone could place a file on the server and then calls that file with an "Execute edit=" himself.
But if you do all this within a protected network that should be okay.

I do like the idea, thank you for the question! If you manage to do it please post it under Contributions :-)

Cheers, Andreas
Goto page Previous  1, 2, 3 ... 125, 126, 127 ... 804, 805, 806   Next  
ELOG V3.1.5-3fb85fa6