Accessing elog through two apache servers..., posted by Dimitrios Tsirigkas on Tue Feb 14 12:57:37 2006 
|
Hello,
We have elogd running on a pc, say cmsdaqpreseries, that also runs an apache server and we've made sure that it's only accessible through the apache server, like so:
http://cmsdaqpreseries.cern.ch/elog/
This works fine.
We then tried to set up another apache server on another computer, say cmsdaq, and use that as a proxy server to access the apache server on cmsdaqpreseries and thus the elog (don't ask why...). Our sysadmin has set up kerberos authentication on that machine, so if I go to:
https://cmsdaq.cern.ch/elog/ (note the 's')
I am prompted for a username and password and then get the elog selection page. All seems to be working well, for example, the URL:
https://cmsdaq.cern.ch/elog/DAQ/?cmd=Find
will load properly. However, if I hit "login" (https://cmsdaq.cern.ch/elog/DAQ/?cmd=Login) I get caught in an infinite redirection. Of course:
http://cmsdaqpreseries.cern.ch/elog/DAQ/?cmd=Find
will still work! Any ideas on what we should do to set it up correctly? And why does this only happen with the login command?
Our sysadmin used ethereal to sniff the message exchange between the apache on cmsdaqpreseries and elog. I am including the details of the http request that elog likes (directly from cmsdaqpreseries) and of the one it doesn't like (from cmsdaqpreseries but originating at cmsdaq) as image attachments, as the text is not selectable (sorry). 
Thanks in advance,
Dimitris |
Re: Accessing elog through two apache servers..., posted by Dimitrios Tsirigkas on Tue Feb 14 14:23:04 2006
|
Hi Stefan,
| Stefan Ritt wrote: |
Hi Dimitrios,
I know where your problem is and you could actually help me in solving it. The reason of the problem is the redirection. After you login, you get redirected (via the HTTP "Location:" statement) to the start page. In an very old version of ELOG, I had relative redirection. So from https://cmsdaq.cern.ch/elog/DAQ/?cmd=Login I did a redirect to "." and voila I the browser asked for https://cmsdaq.cern.ch/elog/DAQ/.
|
But my problem begins before I log in. Trying to load https://cmsdaq.cern.ch/elog/DAQ/?cmd=Login will get me in the infinite redirection directly. Besides, I do have URL = https://cmsdaq.cern.ch/elog/ in my configuration file, so the redirection should work in my case (since I'm trying to access it through cmsdaq) and fail in every other case. Is that right or is there something I'm missing?
Cheers,
Dimitris |
|
Re: Accessing elog through two apache servers..., posted by Dimitrios Tsirigkas on Tue Feb 14 16:06:28 2006
|
Hi,
The problem was coming from the fact that elog did not supports request coming from multiple hops through proxies. You got the ful string of them in the X-Forwarded-host header. Hence, you have to pick only the first one, terminated by a ','.
Here's the patch:
--- elogd-orig.c 2006-02-14 15:47:51.000000000 +0100
+++ elogd.c 2006-02-14 15:49:42.000000000 +0100
@@ -20985,6 +20985,8 @@
strcpy(str2, http_host);
if (strchr(str2, ':'))
*strchr(str2, ':') = 0;
+ if (strchr(str2, ','))
+ *strchr(str2, ',') = 0;
if (!strieq(str, str2)) {
redirect(lbs, _cmdline);
return FALSE;
Cheers
Eric and Dimitris |
|
Use Email From = <string>, posted by Dimitrios Tsirigkas on Wed Jul 19 12:20:34 2006
|
Hi all,
My users have complained about the multiple "I'm away from xxx until xxx" automated replies that they get when they post an entry and notifications are sent with their email in the "From" field. I would therefore like to always use the address specified in the Use Email From line of the configuration file and never the user's address. Reading from the documentation:
The option Use Email From = <string> is used for the "From:" field in the email. Since more and more email servers do not accept invalid "From:" addresses in order to reduce spam mail, it might be important that a "real" email address is used in the "From:" field. By default, the email address of the currently logged in user is used for the "From:" field. If no user is logged in, or the current user has not specified a email address in the password database, the setting of the option Use Email From is used for the "From:" field.
Is there a way to override that default and always use the setting of the option Use Email From?
Thanks,
Dimitris |
|
Re: Use Email From = <string>, posted by Dimitrios Tsirigkas on Wed Jul 19 12:47:58 2006
|
| Stefan Ritt wrote: | | Sure. You override the default by setting the Use Email From. In the forum I set it now to Use Email From = noreply@psi.ch which is a nonexisting address. While now this is ok, our former email server did not accept this because the user noreply does not exist at our institute. So you have to figure out if this works at CERN. |
Thanks, Stefan! I misunderstood the documentation, thinking that the Use Email From option value was only used if the user submitting the entry had not registered an e-mail address when creating his/her elog account. This works fine. 
Cheers,
Dimitris |
|
Invalid addresses block email notifications, posted by Dimitrios Tsirigkas on Mon Sep 25 15:30:48 2006
|
Hi Stefan,
We have had problems with some users who subscribe for elog notifications using fake email addresses. When this happens, e-mail notifications stop working for all users and I have to find out which is the problematic email address and fix it myself. Is this a known problem? Is there a fix in a version newer than 2.6.1?
Thanks,
Dimitris |
|
Problem with large entry size, posted by Dimitrios Tsirigkas on Mon Oct 16 16:20:06 2006
|
Hi Stefan,
I have posted an entry of approximately a thousand lines (ten thousand words). Posting it took some time, which is logical to a certain degree. However, whenever a user asks for "Full" view of the logbook, the page takes around two minutes to load and the CPU usage on the elog server goes to beyond 90% for all this time. Is this to be expected for an entry of that size or is there something going wrong here?
Thanks,
Dimitris |
|
Re: Problem with large entry size, posted by Dimitrios Tsirigkas on Mon Oct 16 17:32:58 2006
|
| Stefan Ritt wrote: | I improved the performance by some factor in SVN revision 1733. Can you give it a try and report your speed improvement? Depending on the result, I can probably do even a bit better with some more effort.
- Stefan |
Dear Stefan,
Thank you for your quick reply. I will install the new version and I will let you know as soon soon as possible.
Best,
Dimitris |
|