ID |
Date |
Icon |
Author |
Author Email |
Category |
OS |
ELOG Version |
Subject |
67194
|
Mon Feb 13 22:13:40 2012 |
| Diego | diego.obradors@ciemat.es | Question | Windows | 2.9.0 | top text in new user | Hi,
I am using Top text becouse I would like to have the same header in all logbooks. However it is working in the "new user registration page" and I would like to evoid it. Is that possible?
Thank you so much!!
Diego |
67193
|
Mon Feb 13 21:44:05 2012 |
| Olaf Kasten | olaf.kasten@deutschebahn.com | Bug fix | Linux | Windows | 2.9.0 | Re: ssl problems | > > well it's not a server but my laptop, but yeah, the elog server and the browser ran on the same machine, no iptables.
>
> Strange: I thought I was able to reproduce your problem, but no: whatever browser I try I can access ELOG with SSL if
> browser and ELOG are running on the same host. Same as you: clean install but no problem occurs. I haven't tried on a
> newer operating system yet. Still I tend to believe that it would not reproduce your problem. Maybe I'll try at home
> with ubuntu. Let's first wait what the other two report: if those problems are not related to firewall issues, Stefan
> will likely see into it anyway.
Well, it's definitely not a firewall problem. I tried it on hosts in different networks and of course in the same subnet as
the elog server. As I wrote I tried it with different browsers on different OS and everywhere I had same issues if I used
newer browsers. So I guess there are interoperability problems between elog and newer browsers.
And by the way if I change ssl = 1 to ssl = 0 there are no problems with any browsers.
But I want to use the ssl feature because security reasons.
Hope Stefan could locate and fix the problem.
Thx |
67192
|
Mon Feb 13 18:36:29 2012 |
| Diego | diego.obradors@ciemat.es | Comment | Linux | 2.9.0 | Re: problems with https in Chrome and IE |
Christian Herzog wrote: |
Andreas Luedeke wrote: |
Christian Herzog wrote: |
Christian Herzog wrote: |
Andreas Luedeke wrote: |
Christian Herzog wrote: |
Andreas Luedeke wrote: |
Christian Herzog wrote: |
Andreas Luedeke wrote:
|
Christian Herzog wrote:
|
Andreas Luedeke wrote:
|
Christian Herzog wrote:
|
[...] we're evaluating elog right now at the Physics Department of ETH Zurich and I'm trying to come up with a good config. One of the first steps of course was to enable SSL/https. With http, all tested browsers work fine, but with https at least Google Chrome 16 and IE 9 do not get past the "unknown certificate" warning and I see "TCP connection broken" errors in the log file. Firefox however works fine. Same behavior on Linux, Mac and Windows (given the browser in question is available). elog server is running on Lucid.[...
|
[...] The proper way out of this is to buy a certificate from a certification authority. Or to switch off https. (See https://midas.psi.ch/elog/config.html#global SSL option)
|
we know about certificates, thank you 
The point is that it stops AFTER the point at which I tell the browser to accept the self-signed certificates. I now even got a CACert and the problem remains: FF works, Chrome and IE don't: https://phd-bkp-gw2.ethz.ch:8080/admin/
log says: TCP connection broken [...]
|
Sorry that I was mis-interpreting your question 
Unfortunately I don't know what's wrong with your set-up. I can confirm that I cannot access your logbook with "konquerer", but can access it with "firefox". The "konquerer" (on Scientific Linux 5.7) just gets timed out.
But I can access other SSL/https ELOGs with the konquerer. The problem only occurs with your logbook!
Therefore I would think it is a particular problem of your installation. I have three ideas how to isolate the problem:
-
first, I would try to change to the standard port 443. Just in case it is related to some firewall, etc. problem.
-
second, I would try another operating system than Ubuntu Lucid. It should work of course with Ubuntu, but if it still doesn't work with the other operating system then many things are already ruled out.
-
third, I would try to set-up an apache webserver in front of ELOG. We have it here just for safety reasons. ELOG runs then on some special port and apache connects to it with a reverse proxy.
The latter is a little bit of work (about a day) if you never set-up apache before. Therefore I would try the other two, first.
Good luck!
|
thanks for the fast resonse.
1) port 433 done. No change
2) compiled elog 2.9.0 on Squeeze and only reused the config file. No change: https://daduke.org:8443/
3) we can do that (and we will) no problem, but I'd like to get it working w/o apache nonetheless
speaking of reverse proxy: we'd like to hook elog to our LDAP server. As there's no LDAP binding built in, is there any way to use apache LDAP auth and then bind to that one?[...]
|
Okay, I did run out of ideas. I've never tested Chrome, but IE 8 and konquerer works fine here with SSL for our logbooks, but not for your logbook. [...]
  ⇄
Detect language » English
|
[...]
And just for the record: I have to conclude a clean install of elog 2.9.0 SSL does not work for half of the browsers out there on Debian Squeeze or Ubuntu Lucid right now. You might want to look into that.
thanks,
-Christian
|
Excuse me, but I beg to differ. I'm running ELOG V2.9.0-2425 on my production server, therefore I thought that you're maybe right that the latest SVN snapshot has a problem.
I've downloaded it just now from SVN (it is V2.9.0- 2427), compiled it on SL 5.7, installed it and I can easily access it with IE8, Safari, konquerer and firefox.
 ⇄
Detect language » English
|
well maybe SL 5.7 is the explanation - it's old as the hills. Maybe newer versions of libssl or whatever make a difference? I might also try on a recent Fedora, let's see..
|
update: clean install on F16, plain vanilla, same problem: TCP connection broken
|
See https://midas.psi.ch/elogs/Forum/67184 to fix that problem. It is likely not a problem of ELOG, but of your firewall settings.
⇄
Detect language » English
|
see #67184, I'm pretty positive it isn't.
-Christian
|
Hi,
I have the same problem. with SSL = 1 in elog.cfg I am not able to connect using firefox 10 or chrome. However, using Internet explorer 6.0 it works fine.
Everything it has been checked in a local machine with windows 7 with and without firewall.
Use port 443, works fine with all browser.
Thank you so much!
Diego |
67191
|
Mon Feb 13 13:38:19 2012 |
| Adam | dellzoid@hotmail.com | Question | Linux | 2.7.8 | redirect permission | Hi All,
Perhaps a trivial question but some issues have arisen accessing my long-running elog with SSL enabled. I suspect firewalls and browser updates are involved and I do not have the time or experience to diagnose and debug such a potential black-hole of difficulties. Instead I am looking for a quick fix, and the first step - switching off sll - seems to work. Now I would like to use redirect so that the elog is running under apache, however this is where I have stumbled; I have passwords so the plan is to eventually secure using apache. Apache works fine and is running pages on ports 80 and 443, although I seem unable to redirect the elog (port 8080). Following the instructions on the administrators guide I get:
Forbidden
You don't have permission to access /elog/ on this server.
The page is found at least so my redirect is doing something, and I suspect the solution is trivial, though I'm not too sure where to start.
-------------------
Also, what is the best practice for updating one's elog version. I originally installed using a tarball.
|
67190
|
Sat Feb 11 22:37:34 2012 |
| Andreas Luedeke | andreas.luedeke@psi.ch | Bug fix | Linux | Windows | 2.9.0 | Re: ssl problems | > well it's not a server but my laptop, but yeah, the elog server and the browser ran on the same machine, no iptables.
Strange: I thought I was able to reproduce your problem, but no: whatever browser I try I can access ELOG with SSL if
browser and ELOG are running on the same host. Same as you: clean install but no problem occurs. I haven't tried on a
newer operating system yet. Still I tend to believe that it would not reproduce your problem. Maybe I'll try at home
with ubuntu. Let's first wait what the other two report: if those problems are not related to firewall issues, Stefan
will likely see into it anyway. |
67189
|
Sat Feb 11 22:27:15 2012 |
| Christian Herzog | herzog@phys.ethz.ch | Bug fix | Linux | Windows | 2.9.0 | Re: ssl problems | well it's not a server but my laptop, but yeah, the elog server and the browser ran on the same machine, no iptables. |
67188
|
Sat Feb 11 22:19:07 2012 |
| Andreas Luedeke | andreas.luedeke@psi.ch | Bug fix | Linux | Windows | 2.9.0 | Re: ssl problems |
Christian Herzog wrote: |
Andreas Luedeke wrote: |
Hi everyone,
it appears that many people have this problem. I believe this is simply a problem of your firewall settings. There are two simple checks you can do to test if I'm right or wrong:
- Run your logbook on the standard port 443 and retry. If the special port has been opened on the firewall, it has been likely only opened for specific clients like firefox 3.6, IE 7, etc. If you use a different client (FF 10, IE 9) the port can be blocked.
- Or just run the browser that does not work on the ELOG server. If it works to access ELOG via localhost, then you know for sure that it is the firewall.
I've actually tested it here at my institute: I've downloaded firefox 10 and could access ELOG on port 443 but couldn't access it on port 444, unless I've started FF10 on the ELOG host.
To John, Olaf and Christian: If you need to be able to use a special port and a certain set of browsers then just contact your computing division or whoever maintains your firewalls.
[...] |
[...] it is NOT the firewall. First off, I don't use a firewall. 2. I AM our computing division. 3. if it were the firewall blocking the access, why do I see "TCP connection broken" in the elog log file? 4. it's not working on port 443 either.
Something's flaky in elog's https implementation. For me it's not a big deal any more, as I use an apache reverse proxy in production now anyway, but other people may not. [...]
|
⇄
Detect language » English
Just for curiosity: did you try to start the non-working web-browser locally on the server? |
67187
|
Sat Feb 11 22:07:37 2012 |
| Christian Herzog | herzog@phys.ethz.ch | Comment | Linux | 2.9.0 | Re: problems with https in Chrome and IE |
Andreas Luedeke wrote: |
Christian Herzog wrote: |
Christian Herzog wrote: |
Andreas Luedeke wrote: |
Christian Herzog wrote: |
Andreas Luedeke wrote: |
Christian Herzog wrote: |
Andreas Luedeke wrote:
|
Christian Herzog wrote:
|
Andreas Luedeke wrote:
|
Christian Herzog wrote:
|
[...] we're evaluating elog right now at the Physics Department of ETH Zurich and I'm trying to come up with a good config. One of the first steps of course was to enable SSL/https. With http, all tested browsers work fine, but with https at least Google Chrome 16 and IE 9 do not get past the "unknown certificate" warning and I see "TCP connection broken" errors in the log file. Firefox however works fine. Same behavior on Linux, Mac and Windows (given the browser in question is available). elog server is running on Lucid.[...
|
[...] The proper way out of this is to buy a certificate from a certification authority. Or to switch off https. (See https://midas.psi.ch/elog/config.html#global SSL option)
|
we know about certificates, thank you 
The point is that it stops AFTER the point at which I tell the browser to accept the self-signed certificates. I now even got a CACert and the problem remains: FF works, Chrome and IE don't: https://phd-bkp-gw2.ethz.ch:8080/admin/
log says: TCP connection broken [...]
|
Sorry that I was mis-interpreting your question 
Unfortunately I don't know what's wrong with your set-up. I can confirm that I cannot access your logbook with "konquerer", but can access it with "firefox". The "konquerer" (on Scientific Linux 5.7) just gets timed out.
But I can access other SSL/https ELOGs with the konquerer. The problem only occurs with your logbook!
Therefore I would think it is a particular problem of your installation. I have three ideas how to isolate the problem:
-
first, I would try to change to the standard port 443. Just in case it is related to some firewall, etc. problem.
-
second, I would try another operating system than Ubuntu Lucid. It should work of course with Ubuntu, but if it still doesn't work with the other operating system then many things are already ruled out.
-
third, I would try to set-up an apache webserver in front of ELOG. We have it here just for safety reasons. ELOG runs then on some special port and apache connects to it with a reverse proxy.
The latter is a little bit of work (about a day) if you never set-up apache before. Therefore I would try the other two, first.
Good luck!
|
thanks for the fast resonse.
1) port 433 done. No change
2) compiled elog 2.9.0 on Squeeze and only reused the config file. No change: https://daduke.org:8443/
3) we can do that (and we will) no problem, but I'd like to get it working w/o apache nonetheless
speaking of reverse proxy: we'd like to hook elog to our LDAP server. As there's no LDAP binding built in, is there any way to use apache LDAP auth and then bind to that one?[...]
|
Okay, I did run out of ideas. I've never tested Chrome, but IE 8 and konquerer works fine here with SSL for our logbooks, but not for your logbook. [...]
  ⇄
Detect language » English
|
[...]
And just for the record: I have to conclude a clean install of elog 2.9.0 SSL does not work for half of the browsers out there on Debian Squeeze or Ubuntu Lucid right now. You might want to look into that.
thanks,
-Christian
|
Excuse me, but I beg to differ. I'm running ELOG V2.9.0-2425 on my production server, therefore I thought that you're maybe right that the latest SVN snapshot has a problem.
I've downloaded it just now from SVN (it is V2.9.0- 2427), compiled it on SL 5.7, installed it and I can easily access it with IE8, Safari, konquerer and firefox.
 ⇄
Detect language » English
|
well maybe SL 5.7 is the explanation - it's old as the hills. Maybe newer versions of libssl or whatever make a difference? I might also try on a recent Fedora, let's see..
|
update: clean install on F16, plain vanilla, same problem: TCP connection broken
|
See https://midas.psi.ch/elogs/Forum/67184 to fix that problem. It is likely not a problem of ELOG, but of your firewall settings.
⇄
Detect language » English
|
see #67184, I'm pretty positive it isn't.
-Christian |
|