RhodeCode proxied by IIS 7 - iis-7

I installed RhodeCode 1.2.2 at a Windows 2008R2 (64Bit) box.
I had setup a IIS 7 as a Proxy Server (Application Request Routing + URL Rewrite) for RhodeCode running at 127.0.0.1:5000.
The Repository is reachable via "https://subdomain.domain.de".
At the repository summary, the Clone url points to:
https://[username]#127.0.0.1:5000/SomeProject
At the client side, I can clone the repository when replacing the
"127.0.0.1:5000" with "subdomain.domain.de".
For sure I would like that RhodeCode displays the Proxy url
("subdomain.domain.de") instead of the 127.XXX...
I search the web up and down and the only thing I found, was that
Apache has a "ProxyPreserveHost On" setting, which does the trick. However
I didn't found anything like that for IIS.
Is there somewhere a setting within the "production.ini" where I can
define the proxy url?
Or does someone found the well hidden setting within the IIS?
Any help is much appreciated :-)
thanks for your answer! I already use the ARR and setup the reverse proxy, I can access RhodeCode via the proxy. However, it looks like that the HTTP_HOST value is not forwarded to paster.
Within the IIS, I setup the following server variables and set them within the reverse proxy rule:
<set name="HTTP_HOST" value="[subdomain.domain.de]" />
<set name="HTTP_X_FORWARDED_SERVER" value="[subdomain.domain.de]" />
<set name="HTTP_X_ORIGINAL_HOST" value="[subdomain.domain.de]" />
<set name="HTTP_X_HTTP_HOST" value="[subdomain.domain.de]" />
<set name="HTTP_X_URL_SCHEME" value="https" />
but that have no affect at all.
At the linked previously answer, he suggested to copy these variable values back to the HTTP_HOST (within tomcat, should be paster in my case). That looks a bit overkilled to me, in comparsion to a simple "ProxyPreserveHost On" within apache. I have the feeling that I missed something here.
Cheers,
Sörnt

Itvan is correct, that will work.
Uncommenting the clone_uri will leave the default clone_uri. You can force the clone_uri to use your domain by having that line:
clone_uri = {scheme}://{user}{pass}[subdomain.domain.de]{path}
PS: Works on version 1.3.6

I'm working on out reverse proxying over https for rhodecode with apache on centos6 right now.
For Apache, the configuration noted by marcin of rhodecode fame is:
<VirtualHost *:80>
ServerName hg.myserver.com
ServerAlias hg.myserver.com
<Proxy *>
Order allow,deny
Allow from all
</Proxy>
#important !
#Directive to properly generate url (clone url) for pylons
ProxyPreserveHost On
#rhodecode instance
ProxyPass / http://127.0.0.1:5000/
ProxyPassReverse / http://127.0.0.1:5000/
#to enable https use line below
#SetEnvIf X-Url-Scheme https HTTPS=1
</VirtualHost>
For the IIS equivilent of ProxyPreserveHost, see Application Request Routing, which was provided in a previously answer by a MSFT MVP.
The http server is actually python paste's httpserver, so referring to the python paste documentation for httpserver (egg#Paste:http is familiar right), there is no proxy configuration. You will have to reverse proxy in IIS (source)
I am unsure why marcin has opted to advise setting up the reverse proxy versus utilizing paste's httpserver support for https; but having IIS field the requests, and binding paste's httpserver to 127.0.0.1 is likely best choice.

I've just installed RhodeCode 1.3.3 and got into this issue. You can edit this line in configuration file to make it work:
## overwrite schema of clone url
## available vars:
## scheme - http/https
## user - current user
## pass - password
## netloc - network location
## path - usually repo_name
#clone_uri = {scheme}://{user}{pass}{netloc}{path}
clone_uri = {scheme}://{user}{pass}yourdomain.com{path}

Related

replace apache and mod_weblogic with nginx and what?

I have a two nodes WebLogic (and a positively ancient version of WebLogic to boot) cluster that I plan to retire where WebLogic will be replaced by WildFly and Apache with Nginx. The problem I am facing right now is how to replace mod_weblogic from the Apache configuration:
<IfModule mod_weblogic.c>
WebLogicHost 192.168.0.1
WebLogicPort 7003
</IfModule>
<LocationMatch "/services/.*/(buy|sell|status)">
SetHandler weblogic-handler
WebLogicCluster 192.168.0.1:7003,192.168.0.2:7003
PathTrim /services
PathPrepend /requestprocessor
WLIOTimeoutSecs 600
</LocationMatch>
In this example, from what I understand, provides mod_weblogic load balancing between the two nodes, right? I have to admit that I have no idea how this module works, only that I am about to replace it… :-)
How can I achieve the same result with Nginx and WildFly?
I found a guide on the Nginx website about load balancing ( https://docs.nginx.com/nginx/deployment-guides/jboss-load-balancing-nginx-plus/) and I guess the big question is if there is anything in the functionality of mod_weblogic that I am missing or if doing as the guide suggests will provide the desired result?
You can do load balancing with a lot of tools now. for example haproxy
http://biemond.blogspot.com/2010/04/high-availability-load-balancer-for.html
or nginx https://www.nginx.com/blog/load-balance-oracle-weblogic-server/
or apache https://theheat.dk/blog/?p=916
or varnish https://varnish-cache.org/
they all have similar abilities. as far as I know, now mod_weblogic does not have any specialty other then nginx or varnish or haproxy. apache proxy module can be hard to configure but still does the job.
long time ago there was no nginx or varnish there people start using mod_weblogic. it was a default product for weblogic. now we have all other options. you just need to test and fine-tune your choice.

Symfony 4 debug production environments

how to debug Symfony 4 project on production environment? I mean in a way that only I from particular IP can do it. In Symfony 2/3 I have app_dev.php controller. How to do this with Symfony 4 and Apache?
If I change in .env or via VirtualHost APP_ENV to dev then all app users will see debug toolbar, exception logs etc.
You can copy/paste index.php for dev.php and change :
//$env = $_SERVER['APP_ENV'] ?? 'dev';
$env = 'dev';
http://yourwebsite.com/dev.php/
You can restrict for you IP or delete after your actions.
Symfony environment configured by system environment variables. So just add in apache app config (.htaccess by default) something like
SetEnvIf Remote_Addr "127.0.0.1" APP_ENV=dev APP_DEBUG=1
(needs https://httpd.apache.org/docs/trunk/mod/mod_setenvif.html)
I don't recommend using the profiler in a production environment although with Apache you could "emulate" Symfony 2 - 3 behaviour if you configure like this:
<VirtualHost *:80>
...
DocumentRoot "/yourRootDirectory"
<Directory "/yourRootDirectory/">
DirectoryIndex index.php
Require all granted
</Directory>
...
SetEnvIf Request_URI ^/app_dev.php APP_ENV=dev
Alias /app_dev.php "/yourRootDirectory/"
<Location "/app_dev.php">
Require local
</Location>
...
</VirtualHost>
Requesting http://localhost/app_dev.php from localhost machine you get your app in Symfony 4, 5 in dev mode with profiler like in Symfony 2, 3.
Special attention to Require local for your alias, also you could to use Require ip 192.168.1.1 127.0.0.1 or the IPs you want (see Apache docs). But be careful to expose the dev environment to an ip or computer that is not under your control.
This is a little bit of a broad question.
The best way is to use a logging tool like monolog, default output directory is project/var/log/env.log.
As why you are seeing all app users will see debug toolbar, exception logs etc. has to do with your environment settings.
Symfony 4 environment settings work as follows, load config/packages/(env)/package.yaml then load default/production configurations config/packages/package.yaml(if exists).
When you set your env dev you are loading config/packages/dev/web_profiler.yaml and in production, there is no definition for that plugin which defaults to not showing up.
Here is more information about environment setup in symfony 4 .https://symfony.com/doc/current/configuration/environments.html

Apache set Access-Control-Allow-Origin from http to https

I have a basic bitnami wordpress installation. I followed their guide and setup https and automatic http to https redirection.
However when I tried to load external scripts I get the following error:
Failed to load https://external-script.com/: The 'Access-Control-Allow-Origin'
header has a value 'http://my-site.io' that is not equal to the supplied origin.
Origin 'https://my-site.io' is therefore not allowed access.
Which file should I edit and what should I add?
Thanks
Bitnami Engineer here.
You need to enable CORS in WordPress. To achieve that, you will need to set this line in the installdir/apps/wordpress/conf/httpd-app.conf file
...
<Directory /opt/bitnami/apps/wordpress/htdocs/>
...
Header set Access-Control-Allow-Origin "*"
...
</Directory>
After that, you will need to restart the Apache server to load this configuration.
installdir/ctlscript.sh restart apache
You will also find different ways to enable CORS by following our documentation guide.
Regards,
Jota

Artifactory web page is unaccessible

Artifactory has been installed on a RHEL 6.2 machine using RPM, but I couldn't connect to the Artifactory webpage using the link http://<server-ip>:8081/artifactory
When I use curl http://localhost:8081/artifactory on the same machine, it doesnt show up any error.
Later in the day, realized, there is no Apache on this machine. So installed Apache on the yum repository and followed the instructions for Running Behind HTTP Server and configured the httpd.conf file under /etc/httpd/conf with below configuration
<VirtualHost *:80>
ServerName <server-ip>
ServerAlias <server-ip>
ServerAdmin <email-address>
ProxyPreserveHost on
ProxyPass /artifactory/ http://localhost:8081/artifactory/
ProxyPassReverse /artifactory/ http://<server-ip>:8081/artifactory/
# DocumentRoot /srv/www/httpd/htdocs/
ErrorLog "logs/artifactory-error_log"
#CustomLog
# ServerSignature Off
But still couldn't connect to the Artifactory webpage. What does Document Root refer to, I do not have this directory on my machine.
Do I install Apache first before installing Artifactory or my installations should not be a problem.
First, lets put aside the small things.
1. You don't have to install apache to work with Artifactory, it should work just fine without it.
2. DocumentRoot is a mandatory element but useless when Apache is used as a proxy for Tomcat, so it can point to any path (doesn't' have to actually exist).
Now, to the business. When you see a blank page instead of Artifactory home page, it usually means that something went wrong during the install. You should look in the logs (both /var/opt/jfrog/artifactory/logs/artifactory.log and Tomcat logs (catalina.out and localhost.log) in /opt/jfrog/artifactory/tomcat/logs. Chances are you'll be able to easily spot the error (ports conflict, permissions issue, etc.) if not, please update the question with the relevant log parts.

Alfresco webdav behind apache under jkmount

I'm trying to configure the access to an alfresco webdav directory.
Alfreso is in local ip 192.168.1.25. If I mount (with mount.davfs http:// 192.168.1.25 :8080) , it works ok.
If I configure jkmount in the apache server (in another local ip, 192.168.1.111), when I mount it (with mount.davfs http:// public /alfresco), it doesn't work. The mount error is:
mount.davfs: connection timed out two times;
trying one last time
mount.davfs: server temporarily unreachable;
mounting anyway
However, if I mount the URL with firefox, chrome, or Windows net share, it works ok.
I've tried different jkmount options, rewrites, etc., and with firefox and others it works ok, but it fails using mount (and I must use mount or any other command line tool).
Cadaver also fails.
Regards,
Thanks Heiko,
I've set up the virtual host with (Alfresco Server is in another server):
ProxyPass /alfresco ajp://192.168.1.25:8009/alfresco
ProxyPassReverse /alfresco ajp://192.168.1.25:8009/alfresco
<Location /alfresco/webdav/ >
<Limit OPTIONS PROPFIND GET REPORT MKACTIVITY PROPPATCH PUT CHECKOUT MKCOL MOVE COPY DELETE LOCK UNLOCK MERGE>
Order Deny,Allow
Allow from all
Satisfy Any
</Limit>
</Location>
And the problem persists: I mount it with firefox (and chrome, etc.) ok, but it fails with mount.davfs or cadaver. It doesn't work with curl too.
In alfresco-global.properties, this lines are commented:
# URL Generation Parameters (The ${localname} token is replaced by the local server name)
#-------------
#alfresco.context=alfresco
#alfresco.host=${localname}
#alfresco.port=8080
#alfresco.protocol=http
#
#share.context=share
#share.host=${localname}
#share.port=8080
#share.protocol=http
Are they necessary?
Is there any other apache directive for this?
I also tried to offer the directory via apache with:
ProxyPassMatch ^/alfresco/(.*)$ "http://192.168.1.25:8080/alfresco/$1"
ProxyPassReverse /alfresco/ "http://192.168.1.25:8080/alfresco/"
and
JkMount /alfresco/* alfresco configuring jk workers.properties with:
worker.list=alfresco
worker.alfresco.type=ajp13
worker.alfresco.host= 192.168.1. 25
worker.alfresco.port=8009
worker.alfresco.lbfactor=1
worker.alfresco.socket_keepalive=1
worker.alfresco.socket_timeout=300
And the results are the same: It works in navigators but not in linux console.
I've set apache logs in debug mode for this virtual hosts, and when I mount it with firefox, it writes the right info (ajp conections, etc) but when I try to mount from linux terminal, the logs are empty. This is like the conection doesn't work, but only from console...
Thanks for your help, I keep looking for solutions...
Did you set up virtual host like described here?
Also you may need to set ProxyPreserveHost Directive or something similar depending on your apache mod (mod_http_ajp or mod_jk)

Resources