| ID |
Date |
Icon |
Author |
Author Email |
Category |
OS |
ELOG Version |
Subject |
|
1688
|
Tue Feb 14 12:57:37 2006 |
 | Dimitrios Tsirigkas | dimitrios.tsirigkas@cern.ch | Question | Linux | 2.6.1 | Accessing elog through two apache servers... | Hello,
We have elogd running on a pc, say cmsdaqpreseries, that also runs an apache server and we've made sure that it's only accessible through the apache server, like so:
http://cmsdaqpreseries.cern.ch/elog/
This works fine.
We then tried to set up another apache server on another computer, say cmsdaq, and use that as a proxy server to access the apache server on cmsdaqpreseries and thus the elog (don't ask why...). Our sysadmin has set up kerberos authentication on that machine, so if I go to:
https://cmsdaq.cern.ch/elog/ (note the 's')
I am prompted for a username and password and then get the elog selection page. All seems to be working well, for example, the URL:
https://cmsdaq.cern.ch/elog/DAQ/?cmd=Find
will load properly. However, if I hit "login" (https://cmsdaq.cern.ch/elog/DAQ/?cmd=Login) I get caught in an infinite redirection. Of course:
http://cmsdaqpreseries.cern.ch/elog/DAQ/?cmd=Find
will still work! Any ideas on what we should do to set it up correctly? And why does this only happen with the login command?
Our sysadmin used ethereal to sniff the message exchange between the apache on cmsdaqpreseries and elog. I am including the details of the http request that elog likes (directly from cmsdaqpreseries) and of the one it doesn't like (from cmsdaqpreseries but originating at cmsdaq) as image attachments, as the text is not selectable (sorry). 
Thanks in advance,
Dimitris |
|
1689
|
Tue Feb 14 13:40:49 2006 |
 | Stefan Ritt | stefan.ritt@psi.ch | Question | Linux | 2.6.1 | Re: Accessing elog through two apache servers... | Hi Dimitrios,
I know where your problem is and you could actually help me in solving it. The reason of the problem is the redirection. After you login, you get redirected (via the HTTP "Location:" statement) to the start page. In an very old version of ELOG, I had relative redirection. So from https://cmsdaq.cern.ch/elog/DAQ/?cmd=Login I did a redirect to "." and voila I the browser asked for https://cmsdaq.cern.ch/elog/DAQ/. In meantime I learned that relative redirects are not allowed. Actually the Safari Browser on the MAC complains and does not support this. So my problem is not how to derive the URL for the redirection.
The standard way is the URL = ... option in the config file. So ELOG takes this URL, and adds the remainder if needed (like the entry ID after a submit, so to go to .../DAQ/123 for example). While this works fine if you only access ELOG through that URL, it breaks if you access if from different locations. Other people at BNL have the problem that they access ELOG through a ssh tunnel, so the browser URL is then http://localhost:1234 which is the local end of the tunnel. Since the redirection uses then the Apache URL, they have the same problem.
Now the big question is how to derive the URL dynamically. From your Ethereal dumps you see that there is the Referer: statement which would be one option. Actually if you install "Tamper Data", which is a Firefox extension, you can monitor the HTTP traffic much easier inside your browser than with Ethereal. The problem with this is that if you bookmark a ELOG page directly in the browser, the first access to that page does not contain any Referer: statement. The other options are the Host: or the X-Forwarded-Host: statements. The problem is that they do not contain any subdirectory, like your /DAQ/ in the example above. Furthermore, if you access ELOG through Apache and through an ssh tunnel directly for example, one URL does have the Apache subdirectory and the other has none.
So from the setup you have right now, can you derive a set of rules how to compose the forward URL from the items in the HTTP header? If you succeed, I'm happy to implement this into the next version of ELOG.
Best regards,
Stefan |
|
1690
|
Tue Feb 14 14:23:04 2006 |
| Dimitrios Tsirigkas | dimitrios.tsirigkas@cern.ch | Question | Linux | 2.6.1 | Re: Accessing elog through two apache servers... | Hi Stefan,
| Stefan Ritt wrote: |
Hi Dimitrios,
I know where your problem is and you could actually help me in solving it. The reason of the problem is the redirection. After you login, you get redirected (via the HTTP "Location:" statement) to the start page. In an very old version of ELOG, I had relative redirection. So from https://cmsdaq.cern.ch/elog/DAQ/?cmd=Login I did a redirect to "." and voila I the browser asked for https://cmsdaq.cern.ch/elog/DAQ/.
|
But my problem begins before I log in. Trying to load https://cmsdaq.cern.ch/elog/DAQ/?cmd=Login will get me in the infinite redirection directly. Besides, I do have URL = https://cmsdaq.cern.ch/elog/ in my configuration file, so the redirection should work in my case (since I'm trying to access it through cmsdaq) and fail in every other case. Is that right or is there something I'm missing?
Cheers,
Dimitris |
|
1691
|
Tue Feb 14 16:06:28 2006 |
| Dimitrios Tsirigkas | dimitrios.tsirigkas@cern.ch | Question | Linux | 2.6.1 | Re: Accessing elog through two apache servers... | Hi,
The problem was coming from the fact that elog did not supports request coming from multiple hops through proxies. You got the ful string of them in the X-Forwarded-host header. Hence, you have to pick only the first one, terminated by a ','.
Here's the patch:
--- elogd-orig.c 2006-02-14 15:47:51.000000000 +0100
+++ elogd.c 2006-02-14 15:49:42.000000000 +0100
@@ -20985,6 +20985,8 @@
strcpy(str2, http_host);
if (strchr(str2, ':'))
*strchr(str2, ':') = 0;
+ if (strchr(str2, ','))
+ *strchr(str2, ',') = 0;
if (!strieq(str, str2)) {
redirect(lbs, _cmdline);
return FALSE;
Cheers
Eric and Dimitris |
|
1695
|
Wed Feb 15 18:13:25 2006 |
| Stefan Ritt | stefan.ritt@psi.ch | Question | Linux | 2.6.1 | Re: Accessing elog through two apache servers... | | Thanks for the patch, I committed it to Subversion Revision #1657. |
|
1739
|
Wed Mar 1 19:51:05 2006 |
 | Alexandre Gauthier | supernaut@underwares.org | Bug report | Linux | 2.6.1-1622 | Inline images URL not working | Hello
I'm running elog on the blackdog embedded device so I can carry it around while doing my consultant work.
Whenever I try to insert an inline picture by using the elog: /1 paths with ELCode, the link becomes "logbookname2/1" (Where logbookname is the name of my logbook) and hence, doesn't work. I recall that it worked once. The image did not display, but the URL seemed correct...
Any ideas?
EDIT: i inserted a space in the elog URL above because regardless of the code brackets, it would still get interpreted. |
|
1741
|
Thu Mar 2 07:15:27 2006 |
| Stefan Ritt | stefan.ritt@psi.ch | Bug report | Linux | 2.6.1-1622 | Re: Inline images URL not working |
| Alexandre Gauthier wrote: | Whenever I try to insert an inline picture by using the elog:1741/1 paths with ELCode, the link becomes "logbookname2/1" (Where logbookname is the name of my logbook) and hence, doesn't work. I recall that it worked once. The image did not display, but the URL seemed correct... |
The problem has been fixed in version 2.6.1-3, so just upgrade.
| Alexandre Gauthier wrote: | | EDIT: i inserted a space in the elog URL above because regardless of the code brackets, it would still get interpreted. |
You have to put a "\" in front of everything which should not get converted into a link, so elog:1741/1 does not get interpreted. |
|
1742
|
Thu Mar 2 14:35:54 2006 |
| Alexandre Gauthier | supernaut@underwares.org | Bug report | Linux | 2.6.1-1622 | Re: Re: Inline images URL not working |
| Stefan Ritt wrote: |
| Alexandre Gauthier wrote: | Whenever I try to insert an inline picture by using the elog:1741/1 paths with ELCode, the link becomes "logbookname2/1" (Where logbookname is the name of my logbook) and hence, doesn't work. I recall that it worked once. The image did not display, but the URL seemed correct... |
The problem has been fixed in version 2.6.1-3, so just upgrade.
| Alexandre Gauthier wrote: | | EDIT: i inserted a space in the elog URL above because regardless of the code brackets, it would still get interpreted. |
You have to put a "\" in front of everything which should not get converted into a link, so elog:1741/1 does not get interpreted. |
Hello 
This is what I have done, I checked out the trunk from subversion and built it inside my powerpc QEMU. I just updated the executables and the elcode.js file, and now it works.
Thanks! |
|