| ID |
Date |
Icon |
Author |
Author Email |
Category |
OS |
ELOG Version |
Subject |
|
69547
|
Tue Jul 19 12:36:04 2022 |
 | Tamas Gal | tgal@km3net.de | Question | Linux | 3.1.3 | Re: Too many redirects when running behind load balancer? | My problem is that I don't even reach the page where I can enter a password. If you go to https://elog.test.km3net.de and click on a logbook, you'll see that it immediately goes into a redirect loop. I already logged the routing but there is nothing else...
| Stefan Ritt wrote: |
|
Yeah, after you enter a password, elog redirects to what it finds in "URL". You can trace that by opening "development tools" in Google Chrome, go to "network" and watch packets going back and forth. I never worked with the load balancer, but maybe you need a different "URL" containing a '/' at the end?
| Tamas Gal wrote: |
|
I also tried the default configuration (example config) and it that works behind the load balancer. So I guess it's related to the password-page, which causes this redirect loop? Our logbooks are all password protected, so when a logbook URL is clicked, it should first present the login-form, and that's where it chokes.
|
|
|
|
69548
|
Tue Jul 19 12:38:12 2022 |
| Tamas Gal | tgal@km3net.de | Question | Linux | 3.1.3 | Re: Too many redirects when running behind load balancer? | Attached is the log, where you can see that `Operations+IT` redirects to `Operations+IT/` and that redirects to `Operations+IT` again, which then goes to `elog.test.km3net.de` and `Operations+IT` again etc. etc.
EDIT: I use the very same load balancer confugration for dozens of other services incl. Apache, Nginx, GitLab, Mattermost, RocketChat etc. and all work fine. As written before, also the "example" logbook works (without password protection).
I also tried `/` at the end of the URL but it has no effect.
I am pretty clueless currently... |
|
69549
|
Tue Jul 19 12:48:42 2022 |
| Stefan Ritt | stefan.ritt@psi.ch | Question | Linux | 3.1.3 | Re: Too many redirects when running behind load balancer? | Yes I see the redirects. You say with the example logbook it works, right? Is it the password protection which triggers the problem or anything else? Does it work if you take out the password protection? The key is to identify which setting in your config file triggers the problem, so you can bracket the problem down between the example logbook and your logbook definition. |
|
69550
|
Tue Jul 19 12:57:37 2022 |
| Tamas Gal | tgal@km3net.de | Question | Linux | 3.1.3 | Re: Too many redirects when running behind load balancer? | Yes, I used the empty `passwd` file from example. When I then click on one of the logbooks, I get to the page where I can register a user (see attached screenshot). After clickin on "Save" for the user registration, I again get the redirect error. Once there is a registered user (i.e. a non-empty password file) the redirect issue is persistent. Any idea where the problem might be? I just emptied the password file again, so you can have a one-shot, if you like.
Btw. I have SSL termination in the load balancer, so ELOG does not need to do any SSL related things (the swarm is in a locally isolated network, so all internal communication between the load balancer and the swarm machines are safe). Maybe that's the issue? On the other hand, the main page loads fine and uses SSL termination too, so I don't know, maybe there is logic behind the authentication which collides with the SSL termination.
| Stefan Ritt wrote: |
|
Yes I see the redirects. You say with the example logbook it works, right? Is it the password protection which triggers the problem or anything else? Does it work if you take out the password protection? The key is to identify which setting in your config file triggers the problem, so you can bracket the problem down between the example logbook and your logbook definition.
|
|
|
Draft
|
Fri Jan 20 14:08:25 2023 |
 | Tamas Gal | he i | Question | Linux | 3.1.3 | Re: Too many redirects when running behind load balancer? | The issue is still present and now it's quite urgent to move this last service into the Swarm. Does anyone maybe have an idea what's wrong? To sum up: if there is a non-empty password file, the login page chokes in an infinite loop of redirects. I am using the same HAProxy load balancer configuration as for all the other services (running Apache, NGINX, GitLab, XWiki, etc.):
backend be_elog.km3net.de
mode http
option forwardfor except 127.0.0.1
http-request add-header X-Forwarded-Proto https if { ssl_fc }
server-template km3net-elog- 1 km3net-elog_elog:8080 check resolvers docker init-addr libc,none
| Tamas Gal wrote: |
|
Yes, I used the empty `passwd` file from example. When I then click on one of the logbooks, I get to the page where I can register a user (see attached screenshot). After clickin on "Save" for the user registration, I again get the redirect error. Once there is a registered user (i.e. a non-empty password file) the redirect issue is persistent. Any idea where the problem might be? I just emptied the password file again, so you can have a one-shot, if you like.
Btw. I have SSL termination in the load balancer, so ELOG does not need to do any SSL related things (the swarm is in a locally isolated network, so all internal communication between the load balancer and the swarm machines are safe). Maybe that's the issue? On the other hand, the main page loads fine and uses SSL termination too, so I don't know, maybe there is logic behind the authentication which collides with the SSL termination.
| Stefan Ritt wrote: |
|
Yes I see the redirects. You say with the example logbook it works, right? Is it the password protection which triggers the problem or anything else? Does it work if you take out the password protection? The key is to identify which setting in your config file triggers the problem, so you can bracket the problem down between the example logbook and your logbook definition.
|
|
|
|
69623
|
Fri Jan 20 14:11:52 2023 |
| Tamas Gal | tgal@km3net.de | Question | Linux | 3.1.3 | Re: Too many redirects when running behind load balancer? | The issue is still present and now it's quite urgent to move this last service into the Swarm. Does anyone maybe have an idea what's wrong? To sum up: if there is a non-empty password file, the login page chokes in an infinite loop of redirects. I am using the same HAProxy load balancer configuration as for all the other services (running Apache, NGINX, GitLab, XWiki, etc.):
backend be_elog.km3net.de
mode http
option forwardfor except 127.0.0.1
http-request add-header X-Forwarded-Proto https if { ssl_fc }
server-template km3net-elog- 1 km3net-elog_elog:8080 check resolvers docker init-addr libc,none
| Tamas Gal wrote: |
|
Yes, I used the empty `passwd` file from example. When I then click on one of the logbooks, I get to the page where I can register a user (see attached screenshot). After clickin on "Save" for the user registration, I again get the redirect error. Once there is a registered user (i.e. a non-empty password file) the redirect issue is persistent. Any idea where the problem might be? I just emptied the password file again, so you can have a one-shot, if you like.
Btw. I have SSL termination in the load balancer, so ELOG does not need to do any SSL related things (the swarm is in a locally isolated network, so all internal communication between the load balancer and the swarm machines are safe). Maybe that's the issue? On the other hand, the main page loads fine and uses SSL termination too, so I don't know, maybe there is logic behind the authentication which collides with the SSL termination.
| Stefan Ritt wrote: |
|
Yes I see the redirects. You say with the example logbook it works, right? Is it the password protection which triggers the problem or anything else? Does it work if you take out the password protection? The key is to identify which setting in your config file triggers the problem, so you can bracket the problem down between the example logbook and your logbook definition.
|
|
|
|
69404
|
Mon Oct 25 13:34:06 2021 |
| Stefan Ritt | stefan.ritt@psi.ch | Question | Linux | 3.1.4 | Re: Too many open files - issue? | The code segements you show are from the command line tool elog.c, not the server elogd.c. The tool is called to submit a new message from the command line. Even if there would be a file not properly closed, it will be closed by the operating system once the program finishes. So no problem of too many open files there.
| Rob Calkins wrote: |
|
Has anyone had issues with having too many files open? I'll setup my server and let it go but after a while, I end up with a lot of "cannot create socket: Too many open files" errors being reported. I have a sync to another e-log going which I suspect is part of the cause since that e-log server hasn't had this issue. I suspect that there are files being opened, going into some return loop code and then never getting closed. I'm not a C programmer but I see lines like :
fh = open(tmp_filename, O_RDONLY);
if (fh > 0) {
read(fh, result, size - 1);
close(fh);
}
/* remove temporary file */
remove(tmp_filename);
This looks like it opens the file but unless the remove function closes the file, it will remain open even through the file has been deleted. Maybe this isn't the correct behaviour of 'remove' and I am mistaken?
There are also parts like :
fh = open(textfile, O_RDONLY | O_BINARY);
if (fh < 0) {
printf("Message file \"%s\" does not exist.\n", textfile);
return 1;
}
size = (INT) lseek(fh, 0, SEEK_END);
lseek(fh, 0, SEEK_SET);
if (size > (INT) (sizeof(text) - 1)) {
printf("Message file \"%s\" is too long (%zd bytes max).\n", textfile, sizeof(text));
return 1;
}
This looks like for the second error, it will complain that the file is too long, return an error message but not close the file and would leave it open. Is this a reasonable avenue to pursue or am I mis-reading the code? Thanks.
|
|
|
2307
|
Tue Aug 7 18:39:37 2007 |
| Stefan Ritt | stefan.ritt@psi.ch | Request | All | 2.6.2-1739 | Re: Too many logbooks during user registration |
| Steve Jones wrote: | Stefan, we require registration with elog. We have quite a number of logbooks and when someone requests a login account AND elects to register with all of the logbooks, the resulting URL is apparently too long for browsers to handle when the admins click on the link embedded in the email notification. For example, FireFox (latest ver) appears to truncate the URL *after* submission (the correct URL is there before submission).
My question: Is it possible to limit - or remove - the checkboxes that the user can select during registration? I realize that this is a browser issue but I doubt I can persuade those guys to fix FireFox.
Thanks. |
I changed the current SVN version (#1909) to show only the list of logbooks if there are ten or less logbooks, in order not to make the URL too long. On the activation by the administrator, the list of subscribed logbooks appears as previously, but all are unchecked. So it's the task of the administrator to enable subscriptions or not. |
|