switch form IP to domain in APIURL.base in Implementation.plist
26 views
Skip to first unread message
Daniel Dye
Oct 27, 2015, 9:25:42 PM10/27/15
to opentreemap-user
I initially configured and tested my OTM2 website and the ios-app using the IP like:
and API calls like:
That is working, so I'm now trying to switch from IP address to using a domain name but it seems that my API isn't listening (status 400; invalid signature).
When I switch Implementation.plist's APIURL.base back to http://111.222.33.44/api, the authentication and ios-app work again.
I did update the ngnix.conf (see below) and restarted all services.
Is there a configuration I'm forgetting about? Or maybe something in the DB?
include includes/upstreams/*;
server {
listen 80 default_server;
server_name three.two.usf.edu 111.22.33.44;
client_max_body_size 20M;
include includes/locations/*;
}DanDye
Dec 1, 2015, 8:20:41 PM12/1/15
to opentree...@googlegroups.com
When the IP is used in the Implementation.plist file's APIURL.base, signed URLs like the following are printed in the xcode console:
http://131.247.223.141/api/v3/instance/tampa?access_key=rs2zGbp6Q8Gcx0cpBtgMZA×tamp=2015-12-02T00%3A26%3A16&signature=[redacted]
That URI also works in the browser. I tried substituting the IP for the domain (app.tampatreemap.usf.edu) and that signed URL *also* works in the browser:
However, when I change the Implementation.plist's APIURL.base from the IP to the Domain, I get the dreaded "There was a problem connecting to the server." in the IOS Simulator. The new Signed Url looks like this:
Pasting that into the browser, I get a 400 status code and Invalid signature message.
I've posted a screenshot of my Implementation.plist file here:
(The APIURL.baseF FAILs and the APIURL.base works)
I thought that cached credentials in the iOS Simulator keychain might be the culprit, but I followed this SO post and now think that was a red herring:
location /static/ {
alias /usr/local/otm/static/;
}
location /media/ {
alias /usr/local/otm/media/;
}
location / {
proxy_set_header host 131.247.223.141;
proxy_redirect off;
if (!-f $request_filename) {
proxy_pass http://app;
break;
}
}
However, if I attempt to change the `proxy_set_header host` from 131.247.223.141 to app.tampatreemap.usf.edu, the
--
You received this message because you are subscribed to the Google Groups "opentreemap-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email to opentreemap-us...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Justin Walgran
Dec 1, 2015, 10:07:31 PM12/1/15
to opentree...@googlegroups.com
Daniel,
Sorry the API is giving you a rough time.
I do see that your host name does resolve to the correct IP address.
nslookup app.tampatreemap.usf.edu…Non-authoritative answer:Name: app.tampatreemap.usf.eduAddress: 131.247.223.141
I was able to reproduce your issue on one of our staging servers _in reverse_. Using a hostname worked, but using an IP address did not.
The problem, in my case, was the ALLOWED_HOSTS list in local_settings.py. When the application is running with DEBUG=False, Django will return a 400 error to any requests where the host does not match one of the items in the ALLOWED_HOSTS list.
Do you have both app.tampatreemap.usf.edu and 131.247.223.141 in your ALLOWED_HOSTS?
Setting the host header in the Nginx location block to an explicit address may also be complicating things. You may want to try these proxy settings in your / location block:
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;proxy_redirect off;
-Justin
DanDye
Dec 2, 2015, 10:54:11 AM12/2/15
to opentree...@googlegroups.com
Justin,
Many thanks for your help!
I'd allowed both the IP and the domain (and even *) in local_settings.py:
```
ALLOWED_HOSTS=['app.tampatreemap.usf.edu', '131.247.223.141','*',]
DEBUG=True
```
...but the change to the nginx `location/app` config file's `/` block
that you suggested has *solved* my issue!
The revised file reads:
```
(env)[reacted]@[redacted]:/usr/local/otm/app$ cat
/etc/nginx/includes/locations/app
I also tested this with more restrictive `local_settings.py` and it is
still AOK:
#ALLOWED_HOSTS=['app.tampatreemap.usf.edu', '131.247.223.141','*',]
ALLOWED_HOSTS=['app.tampatreemap.usf.edu',]
# Required for manage.py perform_migration
#DEBUG=True
DEBUG=False
Thanks again for your help!
Regards,
Dan Dye
Many thanks for your help!
I'd allowed both the IP and the domain (and even *) in local_settings.py:
```
ALLOWED_HOSTS=['app.tampatreemap.usf.edu', '131.247.223.141','*',]
DEBUG=True
```
...but the change to the nginx `location/app` config file's `/` block
that you suggested has *solved* my issue!
The revised file reads:
```
(env)[reacted]@[redacted]:/usr/local/otm/app$ cat
/etc/nginx/includes/locations/app
location /static/ {
alias /usr/local/otm/static/;
}
location /media/ {
alias /usr/local/otm/media/;
}
location / {
alias /usr/local/otm/static/;
}
location /media/ {
alias /usr/local/otm/media/;
}
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
```
proxy_set_header Host $http_host;
proxy_redirect off;
I also tested this with more restrictive `local_settings.py` and it is
still AOK:
#ALLOWED_HOSTS=['app.tampatreemap.usf.edu', '131.247.223.141','*',]
ALLOWED_HOSTS=['app.tampatreemap.usf.edu',]
# Required for manage.py perform_migration
#DEBUG=True
DEBUG=False
Thanks again for your help!
Regards,
Dan Dye
Reply all
Reply to author
Forward
0 new messages