Accessing elog through two apache servers..., posted by Dimitrios Tsirigkas on Tue Feb 14 12:57:37 2006 
|
Hello,
We have elogd running on a pc, say cmsdaqpreseries, that also runs an apache server and we've made sure that it's only accessible through the apache server, like so:
http://cmsdaqpreseries.cern.ch/elog/
This works fine.
We then tried to set up another apache server on another computer, say cmsdaq, and use that as a proxy server to access the apache server on cmsdaqpreseries and thus the elog (don't ask why...). Our sysadmin has set up kerberos authentication on that machine, so if I go to:
https://cmsdaq.cern.ch/elog/ (note the 's')
I am prompted for a username and password and then get the elog selection page. All seems to be working well, for example, the URL:
https://cmsdaq.cern.ch/elog/DAQ/?cmd=Find
will load properly. However, if I hit "login" (https://cmsdaq.cern.ch/elog/DAQ/?cmd=Login) I get caught in an infinite redirection. Of course:
http://cmsdaqpreseries.cern.ch/elog/DAQ/?cmd=Find
will still work! Any ideas on what we should do to set it up correctly? And why does this only happen with the login command?
Our sysadmin used ethereal to sniff the message exchange between the apache on cmsdaqpreseries and elog. I am including the details of the http request that elog likes (directly from cmsdaqpreseries) and of the one it doesn't like (from cmsdaqpreseries but originating at cmsdaq) as image attachments, as the text is not selectable (sorry). 
Thanks in advance,
Dimitris |
Re: Accessing elog through two apache servers..., posted by Stefan Ritt on Tue Feb 14 13:40:49 2006
|
Hi Dimitrios,
I know where your problem is and you could actually help me in solving it. The reason of the problem is the redirection. After you login, you get redirected (via the HTTP "Location:" statement) to the start page. In an very old version of ELOG, I had relative redirection. So from https://cmsdaq.cern.ch/elog/DAQ/?cmd=Login I did a redirect to "." and voila I the browser asked for https://cmsdaq.cern.ch/elog/DAQ/. In meantime I learned that relative redirects are not allowed. Actually the Safari Browser on the MAC complains and does not support this. So my problem is not how to derive the URL for the redirection.
The standard way is the URL = ... option in the config file. So ELOG takes this URL, and adds the remainder if needed (like the entry ID after a submit, so to go to .../DAQ/123 for example). While this works fine if you only access ELOG through that URL, it breaks if you access if from different locations. Other people at BNL have the problem that they access ELOG through a ssh tunnel, so the browser URL is then http://localhost:1234 which is the local end of the tunnel. Since the redirection uses then the Apache URL, they have the same problem.
Now the big question is how to derive the URL dynamically. From your Ethereal dumps you see that there is the Referer: statement which would be one option. Actually if you install "Tamper Data", which is a Firefox extension, you can monitor the HTTP traffic much easier inside your browser than with Ethereal. The problem with this is that if you bookmark a ELOG page directly in the browser, the first access to that page does not contain any Referer: statement. The other options are the Host: or the X-Forwarded-Host: statements. The problem is that they do not contain any subdirectory, like your /DAQ/ in the example above. Furthermore, if you access ELOG through Apache and through an ssh tunnel directly for example, one URL does have the Apache subdirectory and the other has none.
So from the setup you have right now, can you derive a set of rules how to compose the forward URL from the items in the HTTP header? If you succeed, I'm happy to implement this into the next version of ELOG.
Best regards,
Stefan |
|
Re: Accessing elog through two apache servers..., posted by Dimitrios Tsirigkas on Tue Feb 14 14:23:04 2006
|
Hi Stefan,
| Stefan Ritt wrote: |
Hi Dimitrios,
I know where your problem is and you could actually help me in solving it. The reason of the problem is the redirection. After you login, you get redirected (via the HTTP "Location:" statement) to the start page. In an very old version of ELOG, I had relative redirection. So from https://cmsdaq.cern.ch/elog/DAQ/?cmd=Login I did a redirect to "." and voila I the browser asked for https://cmsdaq.cern.ch/elog/DAQ/.
|
But my problem begins before I log in. Trying to load https://cmsdaq.cern.ch/elog/DAQ/?cmd=Login will get me in the infinite redirection directly. Besides, I do have URL = https://cmsdaq.cern.ch/elog/ in my configuration file, so the redirection should work in my case (since I'm trying to access it through cmsdaq) and fail in every other case. Is that right or is there something I'm missing?
Cheers,
Dimitris |
|
Re: Accessing elog through two apache servers..., posted by Dimitrios Tsirigkas on Tue Feb 14 16:06:28 2006
|
Hi,
The problem was coming from the fact that elog did not supports request coming from multiple hops through proxies. You got the ful string of them in the X-Forwarded-host header. Hence, you have to pick only the first one, terminated by a ','.
Here's the patch:
--- elogd-orig.c 2006-02-14 15:47:51.000000000 +0100
+++ elogd.c 2006-02-14 15:49:42.000000000 +0100
@@ -20985,6 +20985,8 @@
strcpy(str2, http_host);
if (strchr(str2, ':'))
*strchr(str2, ':') = 0;
+ if (strchr(str2, ','))
+ *strchr(str2, ',') = 0;
if (!strieq(str, str2)) {
redirect(lbs, _cmdline);
return FALSE;
Cheers
Eric and Dimitris |
|
Re: Accessing elog through two apache servers..., posted by Stefan Ritt on Wed Feb 15 18:13:25 2006
|
| Thanks for the patch, I committed it to Subversion Revision #1657. |
|
email problems, posted by Chris Warner on Tue Feb 7 21:02:22 2006
|
When I select to get email notification on new logbook entries I receive this error when entering a new record.
Error sending Email via "xxx.xxx.xxx.xx": Syntax error, parameters in command "MAIL FROM: christopher_warner@xxx.gov SIZE=1985" unrecognized or missing
The user that sent the message was a test account that I set up. I entered the email address in the box provided and I am not sure what may be causing the difficulty.
Any thoughts as to what may be causing this? |
|
Re: email problems, posted by Stefan Ritt on Wed Feb 8 15:29:03 2006
|
| Chris Warner wrote: | Error sending Email via "xxx.xxx.xxx.xx": Syntax error, parameters in command "MAIL FROM: christopher_warner@xxx.gov SIZE=1985" unrecognized or missing
|
There are two possible reasons:
1) The email address "christopher_warner@xxx.gov" is invalid. Some SMTP server immediately complain about invalid email addresses and refuse to send any mail then. In that case just supply an existing email address or remove that test account.
2) The SMTP server does not like the "SIZE=xxx" option. This comes from a single line in elogd.c:
snprintf(str, strsize - 1, "MAIL FROM: %s SIZE=%d\r\n", from, strlen(text));
you could just go there and remove the " SIZE=%d", so that the line looks like:
snprintf(str, strsize - 1, "MAIL FROM: %s\r\n", from);
to see if that makes any difference. |
|
Re: email problems, posted by Chris Warner on Wed Feb 8 18:38:30 2006
|
The email address id correct. I am using an Elog Binary. I don't have the source code .
Chris Warner
| Stefan Ritt wrote: |
| Chris Warner wrote: | Error sending Email via "xxx.xxx.xxx.xx": Syntax error, parameters in command "MAIL FROM: christopher_warner@xxx.gov SIZE=1985" unrecognized or missing
|
There are two possible reasons:
1) The email address "christopher_warner@xxx.gov" is invalid. Some SMTP server immediately complain about invalid email addresses and refuse to send any mail then. In that case just supply an existing email address or remove that test account.
2) The SMTP server does not like the "SIZE=xxx" option. This comes from a single line in elogd.c:
snprintf(str, strsize - 1, "MAIL FROM: %s SIZE=%d\r\n", from, strlen(text));
you could just go there and remove the " SIZE=%d", so that the line looks like:
snprintf(str, strsize - 1, "MAIL FROM: %s\r\n", from);
to see if that makes any difference. |
|
|
Re: email problems, posted by Stefan Ritt on Thu Feb 9 09:09:30 2006
|
| Chris Warner wrote: | | The email address id correct. I am using an Elog Binary. I don't have the source code. |
Ok, so I removed the SIZE=xxx parameter, which is not strictly necessary anyhow I believe. So wait for the next release, and you can try. |
|
Re: email problems, posted by Chris Warner on Fri Feb 10 21:26:33 2006
|
Do you have an ise when that will be?
| Stefan Ritt wrote: |
| Chris Warner wrote: | | The email address id correct. I am using an Elog Binary. I don't have the source code. |
Ok, so I removed the SIZE=xxx parameter, which is not strictly necessary anyhow I believe. So wait for the next release, and you can try. |
|
|
Re: email problems, posted by Stefan Ritt on Fri Feb 10 21:50:27 2006
|
| Chris Warner wrote: | | Do you have an ise when that will be? |
In about a week from now. |
Posting without logging in!, posted by Dimitrios Tsirigkas on Thu Feb 9 14:15:54 2006
|
Hi all! This is an HTTP POST request submitted from the command line using curl, and providing no authentication information. If I can post as myself using this command, then shouldn't something be done about this? Cheers, Dimitris |
|
Re: Posting without logging in!, posted by Stefan Ritt on Fri Feb 10 11:41:38 2006
|
| Dimitris wrote: | | Hi all! This is an HTTP POST request submitted from the command line using curl, and providing no authentication information. If I can post as myself using this command, then shouldn't something be done about this? |
Yes indeed. I fixed that in SVN revision 1655. I upgraded this server so you can try again if it works. |
|
Re: Posting without logging in!, posted by Dimitrios Tsirigkas on Fri Feb 10 16:16:11 2006
|
| Stefan Ritt wrote: |
Yes indeed. I fixed that in SVN revision 1655. I upgraded this server so you can try again if it works. |
Just tried it, it's fixed 
Dimitris |
|
Work on PAM Support?, posted by Steve Jones on Wed Feb 8 18:23:52 2006
|
Stefan (or any others):
Has anyone been seriously looking into building in PAM support in eLog? I ask because I have started reading the developer papers from Sun and looking at sample code.
Thanks
Steve |
|
Re: Work on PAM Support?, posted by Stefan Ritt on Thu Feb 9 09:12:44 2006
|
| Steve Jones wrote: | | Has anyone been seriously looking into building in PAM support in eLog? I ask because I have started reading the developer papers from Sun and looking at sample code. |
Not really. I have two big issues higher on my list: XML database format and multithreaded HTTP server. From having a quick look to PAM, I was not sure how easy this would be to implement. If it's not too difficult, it could move higher in the priority list. |
|
Re: Work on PAM Support?, posted by Steve Jones on Thu Feb 9 19:51:26 2006
|
| Stefan Ritt wrote: |
| Steve Jones wrote: | | Has anyone been seriously looking into building in PAM support in eLog? I ask because I have started reading the developer papers from Sun and looking at sample code. |
Not really. I have two big issues higher on my list: XML database format and multithreaded HTTP server. From having a quick look to PAM, I was not sure how easy this would be to implement. If it's not too difficult, it could move higher in the priority list. |
Tell you what, I'm looking at two items related to eLog -- tell me to stop if you want:
- forkpty() emulation for Solaris
- PAM support
I'm furthur ahead on the forkpty() - just trying to figure out exactly where to place the code. Once I know it works then I can give it to you to incorporate. Unless you want what I have now and you can work on it.
I've also got quite a bit of reference code for PAM support. A little more daunting. |
|
menu commands - user list does not match config list, posted by Alan Stone on Thu Feb 9 00:37:29 2006
|
I am attempting to configure the Elog for use at the CMS Remote Operations Center
at Fermilab. I included the following option:
Menu commands = List, New, Reply, Duplicate, Find, Last day, Config, Admin, Login, Logout, Help
but the available list (after restarting the elog daemon) gives me:
CMS ROC Logbook, Page 1 of 1 Logged in as "Alan Stone" ELOG Home
New | Find | Select | CSV Import | Config | Logout | Help
Did I miss a step in the syntax instructions?
Thanks, Alan |
|
Re: menu commands - user list does not match config list, posted by Stefan Ritt on Thu Feb 9 09:04:05 2006
|
| Alan Stone wrote: | I am attempting to configure the Elog for use at the CMS Remote Operations Center
at Fermilab. I included the following option:
Menu commands = List, New, Reply, Duplicate, Find, Last day, Config, Admin, Login, Logout, Help
but the available list (after restarting the elog daemon) gives me:
CMS ROC Logbook, Page 1 of 1 Logged in as "Alan Stone" ELOG Home
New | Find | Select | CSV Import | Config | Logout | Help
Did I miss a step in the syntax instructions? |
Yap. There are two menus, one for the listing page which contains only line per entry, and one for the individual entry page. You changed the one for the individual entry page, which you will see when you slick on any entry. To change the listing page manu, do a List Menu commands = ... |
|
Problem with MOptions , posted by Ulrich Trüssel on Wed Feb 8 07:31:09 2006
|
After upgrading to 2.6.1-1 (actually donwgraded in case of this problem to 2.6.0) i was not longer able to selct more than one MOptions selection in my ELOGs. Only the first slected selection was acepted by ELOG. Ex:
MOptions Test = Aa, Bb, Cc, Dd, Ee, Ff, Gg
Selecting: Bb, Cc, Gg
Submitting the entry form, autoreturn to the overview of the even made entry, only Bb was taken.
Any Idea what's happen? Did I miss something changing in 2.6.1-1 or may this be a bug? Thanks for ideas?
Would loke to upgreade to 2.6.1. in case of the new forms for long MOptions, but need to selct more than one! |
|
Re: Problem with MOptions , posted by Stefan Ritt on Wed Feb 8 11:56:02 2006
|
| Ulrich Trüssel wrote: | After upgrading to 2.6.1-1 (actually donwgraded in case of this problem to 2.6.0) i was not longer able to selct more than one MOptions selection in my ELOGs. Only the first slected selection was acepted by ELOG. Ex:
MOptions Test = Aa, Bb, Cc, Dd, Ee, Ff, Gg
Selecting: Bb, Cc, Gg
Submitting the entry form, autoreturn to the overview of the even made entry, only Bb was taken.
Any Idea what's happen? Did I miss something changing in 2.6.1-1 or may this be a bug? Thanks for ideas?
Would loke to upgreade to 2.6.1. in case of the new forms for long MOptions, but need to selct more than one! |
That should work in 2.6.1-2 now. |
Numbered lists get closed by </ul>, posted by T. Ribbrock on Mon Jan 30 16:26:08 2006
|
I just ran into the following problem (and was able to reproduce it in the "demo" logbook on this site):
Numbered list follows:
- one
- two
- three
This text is indented, as the list was not closed properly.
- four
- five
- six
And now we have double indention... |
|
Re: Numbered lists get closed by </ul>, posted by Stefan Ritt on Tue Feb 7 12:58:10 2006
|
| T. Ribbrock wrote: | I just ran into the following problem (and was able to reproduce it in the "demo" logbook on this site):
Numbered list follows:
- one
- two
- three
This text is indented, as the list was not closed properly.
- four
- five
- six
And now we have double indention... |
I can't see any double indention there...
But seriously  I fixed that problem and updated this elog server already. It's in SVN revison 1653. The code now correctly chooses the proper </ul> or </ol>. What will not work however are nested lists, like an ordered list inside an unordere list, but that's anyhow very uncommon. |
|
sort after find, posted by Willem Koster on Fri Feb 3 12:38:57 2006
|
When I do a find (like Field1 = XXX )
and then try to sort the results I get the entire list again (but sorted) instead of the sorted results.
But when I fabricate a url manually like
http://elog.com/Forum/?mode=summary&npp=990&Field1=XXX&sort=field2
I do get the search-results nicely sorted.
Obviously I would like to be able to sort the result of a find-query.
Is this a bug or a feature request ? |
|
Re: sort after find, posted by Stefan Ritt on Mon Feb 6 17:15:11 2006
|
| Willem Koster wrote: | | Obviously I would like to be able to sort the result of a find-query. |
That worked some time ago, but did not work currently. So I fixed that in the current SVN version. |