Hi

You can use an option to wget to discard certificate checks m.

Btw this rpm file is build for el7 gen aka entreprise linux 7. So it souldn't install  on gen 9....

You have to rebuild from sources with buildrpm script, after installing  build tools rpms.  🥳

Hi,

As there is no ELOG available in Epel repository for Rocky9, I tried to install ELOG from https://elog.psi.ch/elog/download/RPMS/elog-latest.el7.x86_64.rpm and ended with the below error in Rocky 9.

=======================================
[root@test.com]# wget https://elog.psi.ch/elog/download/RPMS/elog-latest.el7.x86_64.rpm
--2024-02-20 10:11:32--  https://elog.psi.ch/elog/download/RPMS/elog-latest.el7.x86_64.rpm
Resolving elog.psi.ch (elog.psi.ch)... 192.33.120.112
Connecting to elog.psi.ch (elog.psi.ch)|192.33.120.112|:443... connected.
ERROR: The certificate of ‘elog.psi.ch’ is not trusted.
ERROR: The certificate of ‘elog.psi.ch’ doesn't have a known issuer.
=======================================

Could someone guide me on how to install Elog in Rocky 9 securely? 

Hi,

As there is no ELOG available in Epel repository for Rocky9, I tried to install ELOG from https://elog.psi.ch/elog/download/RPMS/elog-latest.el7.x86_64.rpm and ended with the below error in Rocky 9.

=======================================
[root@test.com]# wget https://elog.psi.ch/elog/download/RPMS/elog-latest.el7.x86_64.rpm
--2024-02-20 10:11:32--  https://elog.psi.ch/elog/download/RPMS/elog-latest.el7.x86_64.rpm
Resolving elog.psi.ch (elog.psi.ch)... 192.33.120.112
Connecting to elog.psi.ch (elog.psi.ch)|192.33.120.112|:443... connected.
ERROR: The certificate of ‘elog.psi.ch’ is not trusted.
ERROR: The certificate of ‘elog.psi.ch’ doesn't have a known issuer.
=======================================

Could someone guide me on how to install Elog in Rocky 9 securely? 

Hi there. I have been testing a set-up of elog behind an Apache reverse proxy using the Webserver auth method. Apache has been configured for LDAPS with Active Directory allowing us to restrict Elogs by AD group, something not able to be done with the LDAP module.

Testing with Elog 3.1.4 (on Windows) and also Elog 3.1.5 (compiled on Ubuntu 20.04) I experience an issue that when the user logs in for the first time using the above they get the self registration box asking for name and email, and then once they hit save they get an error that says: "Error: Command "Config" not allowed".  Once the error is dismissed it never comes back, but its confusing for users who call for help when they first see it.

Is there a way to skip the self registration with the Webserver auth method? and if not is there a reason for the error?

Attached is a copy of the error and an elog config file. Any ideas?

PS. As a side piece the logout options for Webserver needs some enhancement, maybe an option to close the web browser or tab so that it does not retain the logged in cookies.

> "file not found" should return http code 404. elogd returns code 200 together
> with a page containing text "404 not found". This pollutes the browser cache
> with wrong content (in this case, we are trying to load a css file, and the browser
> is trying to use text "404 not found" as if it were a css. bad. file not found
> should return http code 404. K.O.

Yes. That's quite a problem when interacting with ELOG programmatically. Only way to 
find whether response succeeded or failed with 404 is to parse response body

When file is not found send_file_direct calls show_html_header which in turn calls 
show_http_header which sets HTTP code 200 unconditionally. It's reasonably easy to 
patch around.

I found the reason of the bug:
In line 27441 of elogd.cxx the http_user is overwritten by the user saved in the sid_ array as a sideeffect of the sid_check function:
sid_check(getparam("sid"), http_user)

It can solved by changing elogd.cxx @ line 27441

27441c27441,27446
<          if (!sid_check(getparam("sid"), http_user)) { /*  if we don't have a sid yet, set it */
---
>          i=sid_check(getparam("sid"), thumb_name);
>          if (i && strcmp(http_user,thumb_name)!=0) {  /* user changed */
>             sid_remove(getparam("sid"));
>             i=FALSE;
>          }
>          if (!i) { /*  if we don't have a sid yet, set it */

Remark: I have used the variables i & thumb_name of the function in a local context.

Hi,
as I understand right you can do this in the elogd.cfg via
Interface = 127.0.0.1
port = 8080

however than this can be changed by any user how has global admin rights in elog.

So I changed the line in the elogd.service startscript
ExecStart=/usr/local/sbin/elogd -D -p 8080 -n 127.0.0.1  -c /usr/local/elog/elogd.cfg

I hope this has the priority (not tested).

There is a general display option "List display", but that applies for all users. For the download, you can load the CSV file into a spreadsheet program and then delete some columns.

Stefan