8443 redirect after changing GO_SERVER_SSL_PORT to 8080
111 views
Skip to first unread message
David Newhook
Sep 14, 2017, 9:44:13 AM9/14/17
to go-cd
Hi there,
I don't seem to be able to change the SSL listen port to 8080 for GOCD server deployed with RPMs on RHEL 7.3 (GOCD 17.10 tested).
I have configured GO_SERVER_SSL_PORT to be 8080 in /etc/default/go-server as follows:
I am using my own SSL cert as documented in https://docs.gocd.org/17.10.0/installation/ssl_tls/custom_server_certificate.html but have observed the same behaviour in an experimental build of 17.11 where I used the default self-signed certificate. Using Firefox or curl - I'm always redirected from the 8080 port set to 8443 when not authenticated. The following curl statement is run on the gocd server. 'gocd-server' in /etc/hosts points to the IP address of the GOCD server (192.168.178.15). No proxies configured.
Strangely no problem with other ports (9000 and 8081 tested).
SELinux is running in permissive mode - not seeing anything in the audit log. Is this just an issue with my environment?
Kind Regards,
David
I don't seem to be able to change the SSL listen port to 8080 for GOCD server deployed with RPMs on RHEL 7.3 (GOCD 17.10 tested).
I have configured GO_SERVER_SSL_PORT to be 8080 in /etc/default/go-server as follows:
GO_SERVER_PORT=8153
GO_SERVER_SSL_PORT=8080
SERVER_WORK_DIR=/var/lib/go-server
DAEMON=YI am using my own SSL cert as documented in https://docs.gocd.org/17.10.0/installation/ssl_tls/custom_server_certificate.html but have observed the same behaviour in an experimental build of 17.11 where I used the default self-signed certificate. Using Firefox or curl - I'm always redirected from the 8080 port set to 8443 when not authenticated. The following curl statement is run on the gocd server. 'gocd-server' in /etc/hosts points to the IP address of the GOCD server (192.168.178.15). No proxies configured.
gocd-server:root:/root # curl --cacert ca.crt -v https://gocd-server:8080/go/home
* About to connect() to gocd-server port 8080 (#0)
* Trying 192.168.178.15...
* Connected to gocd-server (192.168.178.15) port 8080 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: ca.crt
CApath: none
* NSS: client certificate not found (nickname not specified)
* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate:
* subject: CN=gocd-server
* start date: Sep 06 12:22:28 2017 GMT
* expire date: Sep 06 12:22:28 2022 GMT
* common name: gocd-server
* issuer: CN=My CA
> GET /go/home HTTP/1.1
> User-Agent: curl/7.29.0
> Host: gocd-server:8080
> Accept: */*
>
< HTTP/1.1 302 Found
< Date: Thu, 14 Sep 2017 13:12:14 GMT
< Set-Cookie: JSESSIONID=orh3ia1v4s1dpnefhc2v2evp;Path=/go;Expires=Thu, 28-Sep-2017 13:12:14 GMT;Secure;HttpOnly
< Expires: Thu, 01 Jan 1970 00:00:00 GMT
< Location: https://gocd-server:8443/go/auth/login
< Content-Length: 0
<
* Connection #0 to host gocd-server left intactStrangely no problem with other ports (9000 and 8081 tested).
gocd-server:root:/root # curl --cacert ca.crt -v https://gocd-server:8081/go/home
* About to connect() to gocd-server port 8081 (#0)
* Trying 192.168.178.15...
* Connected to gocd-server (192.168.178.15) port 8081 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: ca.crt
CApath: none
* NSS: client certificate not found (nickname not specified)
* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate:
* subject: CN=gocd-server
* start date: Sep 06 12:22:28 2017 GMT
* expire date: Sep 06 12:22:28 2022 GMT
* common name: gocd-server
* issuer: CN=Puppet CA: config.shared.sp.vodafone.com
> GET /go/home HTTP/1.1
> User-Agent: curl/7.29.0
> Host: gocd-server:8081
> Accept: */*
>
< HTTP/1.1 302 Found
< Date: Thu, 14 Sep 2017 13:34:05 GMT
< Set-Cookie: JSESSIONID=1dt9ank0ghnd7aluwlheptn3f;Path=/go;Expires=Thu, 28-Sep-2017 13:34:05 GMT;Secure;HttpOnly
< Expires: Thu, 01 Jan 1970 00:00:00 GMT
< Location: https://gocd-server:8081/go/auth/login
< Content-Length: 0
<
* Connection #0 to host gocd-server left intactSELinux is running in permissive mode - not seeing anything in the audit log. Is this just an issue with my environment?
Kind Regards,
David
Ketan Padegaonkar
Sep 14, 2017, 10:00:05 AM9/14/17
to go...@googlegroups.com
If you make a request for http://your-server:8153/go/api/support and look for "System Properties" and "Input Arguments", do you see the property cruise.server.ssl.port set to port 8080, if not there's likely a problem reading /etc/default/go-server.
--
You received this message because you are subscribed to the Google Groups "go-cd" group.
To unsubscribe from this group and stop receiving emails from it, send an email to go-cd+un...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
David Newhook
Sep 14, 2017, 10:19:53 AM9/14/17
to go-cd
Both are set to 8080
There is no problem with the initial redirect.
Input Arguments "-Dcruise.server.ssl.port\u003d8080"
System Properties "cruise.server.ssl.port": "8080",There is no problem with the initial redirect.
curl --cacert ca.crt -v https://gocd-server:8080redirects to
but then
Location: /go/homebut then
curl --cacert ca.crt -v https://gocd-server:8080/go/homeredirects to
The 2nd redirect is fully qualified. Is this an issue with the authentication plugin integration? No issue with ports 8081, 9000 or 8154 (of course).
Kind Regards,
David
Location: https://gocd-server:8443/go/auth/loginThe 2nd redirect is fully qualified. Is this an issue with the authentication plugin integration? No issue with ports 8081, 9000 or 8154 (of course).
Kind Regards,
David
Ketan Padegaonkar
Sep 14, 2017, 10:39:09 AM9/14/17
to go...@googlegroups.com
On Thu, Sep 14, 2017 at 7:50 PM David Newhook <dnew...@gmail.com> wrote:
Both are set to 8080
System Properties "cruise.server.ssl.port": "8080",
There is no problem with the initial redirect.
but then
The 2nd redirect is fully qualified. Is this an issue with the authentication plugin integration? No issue with ports 8081, 9000 or 8154 (of course).
I can't say for sure. There's usually multiple reasons this can happen:
* bad reverse proxy (not forwarding the right headers)
* incorrect `siteUrl` or `secureSiteUrl` setting in your config.xml
* bad redirect urls in one of your auth plugins
Reply all
Reply to author
Forward
0 new messages