| ID |
Date |
Icon |
Author |
Author Email |
Category |
OS |
ELOG Version |
Subject |
|
66260
|
Mon Mar 23 22:29:20 2009 |
 | Brett Viren | bv@bnl.gov | Question | Linux | Windows | 2.7.5 | Re: Problems with SSL and Synchronization |
> Synchronization with SSL does not yet work. I have to find some time to implement it. Since you are already the second one mentioning this, it slipped higher on my to-do list
Please make this 3. We (Daya Bay experiment) are just starting to set up Elog and will really want this feature!
Thanks.
-Brett. |
|
66282
|
Thu Mar 26 21:34:24 2009 |
| Brett Viren | bv@bnl.gov | Question | Linux | Windows | 2.7.5 | Re: Problems with SSL and Synchronization |
| Brett Viren wrote: |
Please make this 3. We (Daya Bay experiment) are just starting to set up Elog and will really want this feature!
|
I came up with a work-around for the lack of support for mirroring and SSL. You can put Elog behind an Apache proxy. Apache can serve through SSL for normal user access. The Elog server can "hosts allow" localhost and any mirrors and deny all others.
This still leaves the mirroring account subject to sniffing, which could be bad if mirrors are allowed to change content on the master, but it will greatly minimize the potential exposure of passwords. This could even be removed by only allowing localhost and mirroring over SSH tunnels.
-Brett. |
|
66584
|
Mon Nov 9 09:32:19 2009 |
| Diogo Alves | diogomiguelalves@gmail.com | Question | Linux | Windows | 2.7.5 | Re: Problems with SSL and Synchronization |
| Stefan Ritt wrote: |
|
| Mark Langkau wrote: |
|
I installed ELOG on a Linux server (CentOS 5.2) and a WinXP laptop.
- If I set both servers to non-SSL, I can synchronize with no problems.
- If I set both servers to use SSL, synchronization fails with "Error code: ssl_error_rx_record_too_long"
- If I set one to ssl and the other non-ssl, synchronization fails with "Remote server is not an ELOG server"
Is anyone synchronizing or mirroring two ELOG servers with SSL? When either or both servers are set to use SSL, I can use either site. but I can't synchronize.
|
Synchronization with SSL does not yet work. I have to find some time to implement it. Since you are already the second one mentioning this, it slipped higher on my to-do list 
|
Count me also in for the to-do list climbing :-D |
|
66800
|
Sat May 1 18:02:30 2010 |
| Anthony Palladino | ap4ax@virginia.edu | Question | Linux | Windows | 2.7.5 | Re: Problems with SSL and Synchronization |
|
Stefan Ritt wrote:
|
|
| Mark Langkau wrote: |
|
I installed ELOG on a Linux server (CentOS 5.2) and a WinXP laptop.
- If I set both servers to non-SSL, I can synchronize with no problems.
- If I set both servers to use SSL, synchronization fails with "Error code: ssl_error_rx_record_too_long"
- If I set one to ssl and the other non-ssl, synchronization fails with "Remote server is not an ELOG server"
Is anyone synchronizing or mirroring two ELOG servers with SSL? When either or both servers are set to use SSL, I can use either site. but I can't synchronize.
|
Synchronization with SSL does not yet work. I have to find some time to implement it. Since you are already the second one mentioning this, it slipped higher on my to-do list
|
Hi Stefan, we would also like to see synchronization with SSL working. Hopefully now this task can slip even higher on your to-do list. It is a real pain to get to the elog from outside PSI, when elogd is running inside PSI (which it must be when working as an online logbook with MIDAS). We would very much ike to mirror it on a server outside PSI. |
|
1502
|
Mon Nov 7 09:16:47 2005 |
| Stefan Ritt | stefan.ritt@psi.ch | Question | Linux | 2.6.0 | Re: Problems with ELOG and Internet Explorer |
| Elaine Cristina Franchini dos Anjos wrote: | We are facing a problem when using the Internet Explorer browser to edit
logbooks entries. The error occurs when we use the preview option.
After this, the connection becomes slow to display the preview and returns
"Server Not Found - Page cannot be displayed" or "Internal Server error" as result.
If we try to turn back to the edit page the browser retuns
"This page has been expired".
It happens at any time even we edit simple entries in Internet Explorer,
but never occurs in other browsers.
Software versions that are running :
Elog version 2.6.0-beta
Fedora Core release 1 (Yarrow)
Apache/2.0.54 (Unix) mod_ssl/2.0.54 OpenSSL/0.9.7g
(Elog is running under apache proxy)
Is there any bug report about this or there is something else
that I need to configure ? |
I tried on this forum with Internet Explorer 6.0 and could not reproduce the problem, and I never heared anybody else mentioning this problem. Can you reproduce the problem on the forum? |
|
1504
|
Mon Nov 7 18:55:57 2005 |
| Elaine Cristina Franchini dos Anjos | elaine@ccuec.unicamp.br | Question | Linux | 2.6.0 | Re: Problems with ELOG and Internet Explorer |
Hi Stefan,
| Quote: |
I tried on this forum with Internet Explorer 6.0 and could not reproduce the problem, and I never heared anybody else mentioning this problem. Can you reproduce the problem on the forum |
I couldn't reproduce the problem in this forum too, and I'm using Internet Explorer to edit this entry now... :-D
I did some new tests and at this time I tried to submit new entries using the ELOG default port
without proxy, because I realized that this Forum doesn't use https (maybe uses proxy).
I edited and used preview many times and the ELOG worked fine without errors in IE.
So, I think my problem is something configured in the proxy or https that Internet Explorer
doesn't work very well in this circumstance.
Do you know problems like this ?
Is there anybody else using ELOG under https ?
My proxy configuration :
| Quote: |
1) http (default port 80):
# Redirect to ELOG - Logbook
Redirect permanent /elog https://antares.ccuec.unicamp.br:9696
2) https (I need to use other different port number) :
<VirtualHost 143.106.80.30:9696>
# Here be standard configuration for the Virtual Host
ServerName antares.ccuec.unicamp.br:9696
ServerAdmin suporte@ccuec.unicamp.br
# This be the path to the elog directory
# (This didn't seem to make any difference, but it be a good
# idea nonetheless)
DocumentRoot "/www/elog"
# Here be the setup for the SSL component of the Virtual Host
SSLEngine On
SSLCertificateFile /www/apache/conf/ssl.crt/server.crt
SSLCertificateKeyFile /www/apache/conf/ssl.key/server.key
# Here be the setup options for the Proxy module
ProxyRequests Off
ProxyPreserveHost On
# This be the root of the new Virtual Host, and it should be
# redirected to the port the elogd server is listening to
# (8081 on our poop deck).
<Location />
<Location />
ProxyPass http://antares.ccuec.unicamp.br:8081/
ProxyPassReverse http://antares.ccuec.unicamp.br:8081/
SSLRequireSSL
</Location>
ErrorLog /www/apache/logs/error_log
TransferLog /www/apache/logs/access_log </VirtualHost> |
Thanks in advance.
Elaine |
|
1505
|
Tue Nov 8 08:17:22 2005 |
| Stefan Ritt | stefan.ritt@psi.ch | Question | Linux | 2.6.0 | Re: Problems with ELOG and Internet Explorer |
| Elaine Cristina Franchini dos Anjos wrote: | | I edited and used preview many times and the ELOG worked fine without errors in IE. So, I think my problem is something configured in the proxy or https that Internet Explorer doesn't work very well in this circumstance. |
Have a look at your URL = ... statement in elogd.cfg
It should probably read
URL = https://antares.ccuec.unicamp.br:9696
ELOG uses redirection internally. To determine it's own address, it uses the URL statement. If you use Apache as an proxy together with https, you have to specify the URL under which you usually access ELOG from outside. If this is wrong, ELOG might try to redirect to http:// or something which might not be possible.
A good way to debug this is to run ELOG with the -v flag and carefully watch the HTTP traffic. You will see Location: ... statements which redirect the browser, then the browser will access the redirected URL (if it's correct), or you will see nothing (in case the browser tries to access a non-existing URL). |
|
1594
|
Fri Jan 13 18:43:08 2006 |
| Elaine Cristina Franchini dos Anjos | elaine@ccuec.unicamp.br | Question | Linux | 2.6.0 | Re: Problems with ELOG and Internet Explorer |
Hi Stefan,
I couldn't solve this problem yet...
I have been tried a lot of configurations, but our Elog doens't work well in IE with https 
It works very well to read, list, find the messages, delete, and so on...
But all users have problems with edit and preview commands when they are using IE + https.
When we use Elog in IE without https, everything works fine. ?)
We are using :
httpd-2.0.54
Fedora Core release 1 (Yarrow)
elog-2.6.0
The redirect directive in httpd.conf:
<VirtualHost xxx.xxx.xx.xx>
ServerAdmin our.email.address
DocumentRoot /www/apache/htdocs
ServerName our.server.name
# Rules to new elog 2.6.0
Redirect / https://our.server.name:9898
ErrorLog logs/error_log
CustomLog logs/access_log common
</VirtualHost>
The proxy directives in ssl.conf:
(We used the http://midas.psi.ch/elogs/contributions/11 message like reference.
Thanks a lot for the contribution!!!  )
<VirtualHost xxx.xxx.xx.xx:9898>
# Here be standard configuration for the Virtual Host
ServerName our.server.name:9898
ServerAdmin our.email.address
RequestHeader set Front-End-Https "On"
# This be the path to the elog directory
# (This didn't seem to make any difference, but it be a good
# idea nonetheless)
DocumentRoot "/www/src/elog-2.6.0"
# Here be the setup for the SSL component of the Virtual Host
SSLEngine On
SSLCertificateFile /www/apache/conf/ssl.crt/server.crt
#SSLCertificateKeyFile /www/apache/conf/ssl.key/server.pem
SSLCertificateKeyFile /www/apache/conf/ssl.key/server.key
# Here be the setup options for the Proxy module
ProxyRequests Off
ProxyPreserveHost On
# This be the root of the new Virtual Host, and it should be
# redirected to the port the elogd server is listening to
# (8082 on our poop deck).
<Location />
ProxyPass http://our.server.name:8082/
ProxyPassReverse http://our.server.name:8082/
SSLRequireSSL
</Location>
ErrorLog /www/apache/logs/error_log
TransferLog /www/apache/logs/access_log
</VirtualHost>
And the URL is configured in elogd.cfg like your suggestion (Thanks ! )
URL = https://our.server.name:9898
The elgod.cfg is attached to this message to add more details about our configuration.
Thanks in advance.
Regards,
Elaine
| Stefan Ritt wrote: |
| Elaine Cristina Franchini dos Anjos wrote: | | I edited and used preview many times and the ELOG worked fine without errors in IE. So, I think my problem is something configured in the proxy or https that Internet Explorer doesn't work very well in this circumstance. |
Have a look at your URL = ... statement in elogd.cfg
It should probably read
URL = https://antares.ccuec.unicamp.br:9696
ELOG uses redirection internally. To determine it's own address, it uses the URL statement. If you use Apache as an proxy together with https, you have to specify the URL under which you usually access ELOG from outside. If this is wrong, ELOG might try to redirect to http:// or something which might not be possible.
A good way to debug this is to run ELOG with the -v flag and carefully watch the HTTP traffic. You will see Location: ... statements which redirect the browser, then the browser will access the redirected URL (if it's correct), or you will see nothing (in case the browser tries to access a non-existing URL). |
|