Using Apache to front end the Jetty/RedBox application.

[Jon Hurn]

Running RedBox and Jetty 6.1.24 behind Apache for Windows 2.4

On the server itself we’ve configured Jetty for localhost operation and can run RedBox as http://localhost:9000/redbox and it all functions correctly.

However, when we access RedBox external to server and come in through Apache on port 80 we see the following:

When viewing source it shows all references are localhost absolute to the server, which explains the missing graphics.

It looks like Apache is correctly redirecting but that RedBox/Jetty is returning localhost references. Is the issue likely to be the Apache or Jetty config?

Our Apache config is 

ProxyVia On

ProxyPreserveHost On

ProxyPass /redbox http://localhost:9000/redbox/

ProxyPassReverse /redbox http://localhost:9000/redbox/

ProxyPass /mint http://localhost:9001/mint/

ProxyPassReverse /mint http://localhost:9001/redbox/

Thanks

Jon

 

Jon Hurn, Project Manager, IT Services,

University of Tasmania, PO Box 69, HOBART TAS 7001

Mob: 0427 912 992    Tel: +61 3 6226 2935    Skype: jonhurn

[Duncan Dickinson]

Hi Jon,

Could you let me know the following settings:

• In system.config.json - the value of "urlBase"
• In tf_env.bat - the value of SERVER_URL

Cheers,

Duncan

--
-- Website: http://www.redboxresearchdata.com.au
 
You received this message because you are subscribed to the Google Groups ReDBox group. To post to this group, send email to redbo...@googlegroups.com. To unsubscribe from this group, send email to redbox-repo...@googlegroups.com. For more options, visit this group at https://groups.google.com/d/forum/redbox-repo?hl=en
---
You received this message because you are subscribed to the Google Groups "ReDBox" group.
To unsubscribe from this group and stop receiving emails from it, send an email to redbox-repo...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

--
Cheers,


Duncan


Duncan Dickinson
QCIF Project Manager 
Central Queensland University

Contact me:

monday to thursday

ph: 07 3138 2084
m: 0432 402 511
skype: de.dickinson

website | calendar | LinkedIn

[Grant Jackson]

Hi Jon,

Below are some links which are old, but the apache/proxy aspects I believe are still valid.

 http://code.google.com/p/redbox-mint/wiki/NewInstitutionalBuild#1.1_Maven_Project
 http://code.google.com/p/redbox-mint/wiki/RawServerBuildNotes#Publishing
 http://code.google.com/p/redbox-mint/wiki/RawServerBuildNotes#Install_Apache

Cheers, Grant

On Thu, May 16, 2013 at 1:25 PM, Jon Hurn <jon....@gmail.com> wrote:

Running RedBox and Jetty 6.1.24 behind Apache for Windows 2.4

On the server itself we’ve configured Jetty for localhost operation and can run RedBox as http://localhost:9000/redbox and it all functions correctly.

However, when we access RedBox external to server and come in through Apache on port 80 we see the following:

When viewing source it shows all references are localhost absolute to the server, which explains the missing graphics.

It looks like Apache is correctly redirecting but that RedBox/Jetty is returning localhost references. Is the issue likely to be the Apache or Jetty config?

Our Apache config is 

ProxyVia On

ProxyPreserveHost On

ProxyPass /redbox http://localhost:9000/redbox/

ProxyPassReverse /redbox http://localhost:9000/redbox/

ProxyPass /mint http://localhost:9001/mint/

ProxyPassReverse /mint http://localhost:9001/redbox/

Thanks

Jon

 

Jon Hurn, Project Manager, IT Services,

University of Tasmania, PO Box 69, HOBART TAS 7001

Mob: 0427 912 992    Tel: +61 3 6226 2935    Skype: jonhurn

--

[Dave Huthnance]

Hi,

On Andrew's advice I had to hardcode the version and the url to make
the styles work, only in Redbox, not in mint.

ie.

{
"version": "1.1.0.1",
"redbox.version.string": "1.6",
"version.string": "1.6",
"redbox.identity": {
"institution": "University of Newcastle",
"RIF-CS Group": "The University of Newcastle, Australia",
"internalGrantString": "urn:uon:internal"
},
"configured": true,
"urlBase": "http://novadev-lb.newcastle.edu.au/redbox/",

Regards,

Dave


Dave Huthnance
eResearch Consultant,
Academic & Research Computing Support
Client Services - IT Services
The University of Newcastle
University Drive, Callaghan NSW 2308 AUSTRALIA

T: +61 2 4921 5469
F: +61 2 4921 7087
dave.hu...@newcastle.edu.au

www.newcastle.edu.au
CRICOS Provider Number: 00109J


>>> Duncan Dickinson <d.dic...@qcif.edu.au> 16/05/2013 2:09 pm >>>

Hi Jon,

Could you let me know the following settings:

- In system.config.json - the value of "urlBase"
- In tf_env.bat - the value of SERVER_URL

Cheers,

Duncan


On 16 May 2013 13:55, Jon Hurn <jon....@gmail.com> wrote:

> Running RedBox and Jetty 6.1.24 behind Apache for Windows 2.4****
>
> On the server itself we*ve configured Jetty for localhost operation

and
> can run RedBox as http://localhost:9000/redbox and it all functions

> correctly.****
>
>
>
<https://lh3.googleusercontent.com/-lqGf5lQ4u-M/UZRYPSLZKGI/AAAAAAAAAjY/NzmaK4NaRCM/s1600/localhost1.png>

>
>
> However, when we access RedBox external to server and come in
through
> Apache on port 80 we see the following:
>
>
>

<https://lh5.googleusercontent.com/-kR6P8tnv1OQ/UZRYUUP3H-I/AAAAAAAAAjg/8-JHX-mfi04/s1600/localhost2.png>
>
>
> ****
>
> ****

>
> When viewing source it shows all references are localhost absolute to
the

> server, which explains the missing graphics.****
>
>
>
<https://lh3.googleusercontent.com/-BO38Q2v_9nI/UZRYZgSgd6I/AAAAAAAAAjo/MaQvmWgUJd8/s1600/localhost3.png>
>
>
> ****

>
> It looks like Apache is correctly redirecting but that RedBox/Jetty
is
> returning localhost references. Is the issue likely to be the Apache
or

> Jetty config?****
>
> Our Apache config is
>
> ProxyVia On****
>
> ProxyPreserveHost On****
>
> ProxyPass /redbox http://localhost:9000/redbox/****
>
> ProxyPassReverse /redbox http://localhost:9000/redbox/****
>
> ProxyPass /mint http://localhost:9001/mint/****
>
> ProxyPassReverse /mint http://localhost:9001/redbox/****
>
>
> Thanks
>
>
> Jon****
>
> ** **
>
> Jon Hurn, Project Manager, IT Services, ****
>
> University of Tasmania, PO Box 69, HOBART TAS 7001****
>
> Mob: 0427 912 992 Tel: +61 3 6226 2935 Skype: jonhurn****

website <http://www.duncan.dickinson.name> |
calendar<http://www.duncan.dickinson.name/cal>|
LinkedIn <http://www.linkedin.com/in/dedickinson>

[Jon Hurn]

HI Duncan

"urlBase": "${server.url.base}",

set SERVER_URL=http://localhost:9000/redbox/

Jon.

[Jon Hurn]

Hi Dave,

Tried with both     "urlBase": "http://rdds-test.utas.edu.au/redbox/", and the IP address version.

The external browser still requires the port to be specified ie http://rdds-test.utas.edu.au:9000/redbox  to connect, and the returned page still references localhost.

Jon

[Jon Hurn]

Hi Grant

Looks like editing the pom.xml file might be the go. I'll leave this for my tech in the morning.

Thanks

Jon

[Nishen Naidoo]

Hi Jon,

The proxypass directives don't work on the actual content of the application...

We ran into the same issue. It is our preference to run Mint and ReDBox on localhost, and have the apache web server handle the URL mapping. That makes it easier for us to manage and deploy multiple configs (dev, test, uat, prod) etc...

However, this involved making a couple of changes to both Mint and ReDBox:

1) We had to add this to the site configuration for Apache (assuming your Mint and ReDBox are both configured to run on 'localhost:900x')

        SetOutputFilter SUBSTITUTE

        Substitute "s|http://localhost:9001||ni"

2) The layout.py file does a 'HTTP_REFERRER' check for admin actions and this prevents admin actions from working as the referrer is the proxy, and the server is configured as localhost. I had to disable this check by adding line 87 below.

src/main/config/portal/default/default/scripts/layout.py

86 def csrfSecurePage(self):

87 return True;

88

89 pageName = self.vc("pageName");

90

91 # Allow only POSTS to CSRF protected pages

92 method = self.request.getMethod()

93 if method != "POST":

94 self.log.error("The secure page '{}' received a '{}' request and it only accepts 'POST'", pageName, method)

95 return False

96 # Allow only pages refered by use <= NOTE, this can be spoofed

97 referer = self.request.getHeader("Referer")

98 validReferer = self.vc("portalPath")

99 validRefererClean = String(self.vc("portalPath")).replaceAll("verNum[0-9A-Za-z_.\\-]+/","")

100

101 if referer is not None and referer.startswith(validRefererClean) :

102 return True

103 if referer is None or not referer.startswith(validReferer):

104 self.log.error("The secure page '{}' requires a valid HTTP Header Referer to use. REFERER: {}", pageName, referer)

105 return False

106 return True

Thanks,

Nish

---

Nishen Naidoo
Senior Systems Analyst
Library IT
MACQUARIE UNIVERSITY NSW 2109
[JNL]
E-Mail: nishen...@mq.edu.au
Phone:  +61 2 98506553
Mobile: +61 4 30006783
Fax:    +61 2 98507912
http://www.mq.edu.au/library

CRICOS Provider No 00002J

This message is intended for the addressee named and may contain confidential information. If you are not the intended recipient, please delete it and notify the sender. Views expressed in this message are those of the individual sender, and are not necessarily the views of Macquarie University Library or Macquarie University.

Please consider the environment before printing this email.

[Dave Huthnance]

Hi,

In tf_env.sh


Server URL needs to be the external (Apache) address .

We are behind Apache, and a load balancer, so we put in the load
balancer address.

eg: in our case

export SERVER_URL="http://novadev-lb.newcastle.edu.au/redbox/"
export LOCAL_PORT="9000"
export PROJECT_HOME="/opt/tf2/redbox"
export AMQ_PORT="9101"
export AMQ_STOMP_PORT="9102"
export SMTP_HOST="localhost"
export ADMIN_EMAIL="admin@localhost"
export MINT_SERVER="http://localhost:9001"
export MINT_AMQ="tcp://localhost:9201"
export NON_PROXY_HOSTS="localhost"

Regards,

Dave


Dave Huthnance
eResearch Consultant,
Academic & Research Computing Support
Client Services - IT Services
The University of Newcastle
University Drive, Callaghan NSW 2308 AUSTRALIA

T: +61 2 4921 5469
F: +61 2 4921 7087
dave.hu...@newcastle.edu.au

www.newcastle.edu.au
CRICOS Provider Number: 00109J

>>> Jon Hurn <jon....@gmail.com> 16/05/2013 3:55 pm >>>

HI Duncan

"urlBase": "${server.url.base}",

set SERVER_URL=http://localhost:9000/redbox/

Jon.


On Thursday, 16 May 2013 14:09:03 UTC+10, Duncan Dickinson wrote:
>
> Hi Jon,
>
> Could you let me know the following settings:
>

> - In system.config.json - the value of "urlBase"
> - In tf_env.bat - the value of SERVER_URL
>
> Cheers,
>
> Duncan
>
>
> On 16 May 2013 13:55, Jon Hurn <jon....@gmail.com <javascript:>>
wrote:
>

>> Running RedBox and Jetty 6.1.24 behind Apache for Windows 2.4****
>>

>> On the server itself we*ve configured Jetty for localhost

operation and
>> can run RedBox as http://localhost:9000/redbox and it all functions

>> correctly.****
>>
>>
>>
<https://lh3.googleusercontent.com/-lqGf5lQ4u-M/UZRYPSLZKGI/AAAAAAAAAjY/NzmaK4NaRCM/s1600/localhost1.png>

>>
>>
>> However, when we access RedBox external to server and come in
through
>> Apache on port 80 we see the following:
>>
>>
>>

<https://lh5.googleusercontent.com/-kR6P8tnv1OQ/UZRYUUP3H-I/AAAAAAAAAjg/8-JHX-mfi04/s1600/localhost2.png>
>>
>>
>> ****
>>
>> ****

>>
>> When viewing source it shows all references are localhost absolute
to the

>> server, which explains the missing graphics.****
>>
>>
>>
<https://lh3.googleusercontent.com/-BO38Q2v_9nI/UZRYZgSgd6I/AAAAAAAAAjo/MaQvmWgUJd8/s1600/localhost3.png>
>>
>>
>> ****

>>
>> It looks like Apache is correctly redirecting but that RedBox/Jetty
is
>> returning localhost references. Is the issue likely to be the Apache
or

>> Jetty config?****
>>
>> Our Apache config is
>>

>> ProxyVia On****
>>
>> ProxyPreserveHost On****
>>
>> ProxyPass /redbox http://localhost:9000/redbox/****
>>
>> ProxyPassReverse /redbox http://localhost:9000/redbox/****
>>
>> ProxyPass /mint http://localhost:9001/mint/****
>>
>> ProxyPassReverse /mint http://localhost:9001/redbox/****
>>
>>
>> Thanks
>>
>>
>> Jon****
>>
>> ** **
>>

>> Jon Hurn, Project Manager, IT Services, ****
>>
>> University of Tasmania, PO Box 69, HOBART TAS 7001****
>>
>> Mob: 0427 912 992 Tel: +61 3 6226 2935 Skype: jonhurn****

>>
>> --
>> -- Website: http://www.redboxresearchdata.com.au
>>
>> You received this message because you are subscribed to the Google
Groups
>> ReDBox group. To post to this group, send email to

>> redbo...@googlegroups.com <javascript:>. To unsubscribe from this
group,
>> send email to redbox-repo...@googlegroups.com <javascript:>. For

more
>> options, visit this group at
>> https://groups.google.com/d/forum/redbox-repo?hl=en
>> ---
>> You received this message because you are subscribed to the Google
Groups
>> "ReDBox" group.
>> To unsubscribe from this group and stop receiving emails from it,
send an

>> email to redbox-repo...@googlegroups.com <javascript:>.

>> For more options, visit https://groups.google.com/groups/opt_out.
>>
>>
>>
>
>
>
> --
> Cheers,
>
>
> Duncan
>
>
> Duncan Dickinson
> QCIF Project Manager
> Central Queensland University
>
> Contact me:
>
> monday to thursday
>
> ph: 07 3138 2084
> m: 0432 402 511
> skype: de.dickinson
>
>

> website <http://www.duncan.dickinson.name> |
calendar<http://www.duncan.dickinson.name/cal>|
> LinkedIn <http://www.linkedin.com/in/dedickinson>
>

[Duncan Dickinson]

Hi all,

When we deploy to our CI environment we use the files in https://github.com/redbox-mint-contrib/config-samples/tree/master/Server

The apache config is pretty minimal and we handle the tar.gz distro of ReDBox so don't manipulate the POM. 

As CI is in the nectar system, we don't know the IP address (swap that for host name) so deploy using deploy.sh. On line 72 we change the tf_env script and set the SERVER_URL variable.

Cheers,

Duncan

website | calendar | LinkedIn

[Jon Hurn]

Thanks everyone who responded both on and offline. We finally resolved the problem after many false starts and disappearing down a few rabbit holes. Just to confirm, we’re running on a Microsoft stack but with Jetty as the local web server and Apache for Windows as a transparent proxy.

Our mistake was in not keeping things simple. In the end there was very little to do except modify the tf_env.bat file server_url setting to https://rdds.utas.edu.au/redbox and leave alone references to localhost (similar changes for Mint), and also set up Apache to redirect.

Our Apache config was pretty much correct from day one with the proxy and reverse proxy settings, although we didn’t know this as it was this layer we were unfamiliar with and at the start tended to think was the source of our problems. It did need a couple of tweaks to the SSLCertificate entries.

Port 80 requests are redirected to port 443. Apache takes care of the secure layer and maps the appropriate requests to either RedBox or Mint Java web apps as necessary. The RedBox/Mint applications run self-contained as localhost on the server.

As indicated above, our admins went down a few rabbit holes with (at times) large changes to tf_env and system-config.json files which were all unnecessary. Also no changes to POM files or the applications were required.

If anyone has any queries about any aspect of this I’d be more than happy to try and help out.

Thanks again.