Another instance of images not showing in production

[EtherNomad]

I have tried setting config.serve_static_assets in environments/production.rb to true, but images still seem to be broken.

This may not have anything to do with it, but when I browse to http://munkiserver:80, I get the "Welcome to Lion Server" page. When I browse to http://munkiserver:3000, I get the image-less Munki Server page (even though its running as production.)

Also, I am interested in finding (starting) a discussion along the lines of, "So you've installed MunkiServer...Now what?" Which walks through the methods and benefits of utilizing MunkiServer in a production environment.

[Riley Shott]

We ran into the same issue and believed this happened because macupdate switched to exclusively only using SSL. I have patched our munkiserver and will work on submitting a pull request.

In the mean time, if you're not already, I would recommend using Apache/Passenger to serve out your web app.

https://github.com/jnraine/munkiserver/wiki/Using-Apache-with-munki-server

-Riley

> --
> You received this message because you are subscribed to the Google
> Groups "munkiserver-dev" group.
> To unsubscribe from this group and stop receiving emails from it,
> send an email to munkiserver-d...@googlegroups.com.
> To post to this group, send email to
> munkise...@googlegroups.com.
> Visit this group at
> http://groups.google.com/group/munkiserver-dev?hl=en .
> For more options, visit https://groups.google.com/groups/opt_out .
>
>
>

[EtherNomad]

I started going through that wiki article right before posting this thread. I figured the missing images was a failure of the first step under the "Test Your Rails app" section. Perhaps I will go ahead and push forward despite my munki server production environment seemingly being properly configured.

[EtherNomad]

I completed the Apache/Passenger setup. I don't see any change in the site. Is there a way to check to see whether the VirtualHost is serving the site?

[Ricky Chilcott]

Have you done an rake assets:precompile?

Ricky Chilcott

ri...@rickychilcott.com

[EtherNomad]

I had not done that since setting config.serve_static_assets in environments/production.rb to true. I just did it and the images are still missing.

On Tuesday, May 28, 2013 1:15:05 PM UTC-4, EtherNomad wrote:

[Ricky Chilcott]

What images specifically? The package icons? Or something else?

what are the logs saying?  ```tail -f log/production.log```

Ricky Chilcott

ri...@rickychilcott.com

[Riley Shott]

I think he means the package branch application icons. I just submitted a pull request with how I fixed that issue.

Ether,

What does your 'config/settings.yaml' file say the host is? Do you see :3000 appended after your server name? If so, that could be why you need to type :3000 to reach your site. Try deleting the :3000 portion and restarting your application:

`touch tmp/restart.txt`

If you want to know if your VirtualHost file is being used, try deleting it or changing the DocumentRoot :)

-Riley

----- Original Message -----
> From: "Ricky Chilcott" <ri...@rickychilcott.com>
> To: munkise...@googlegroups.com

> Sent: Tuesday, 28 May, 2013 11:44:01
> Subject: Re: [munkiserver-dev] Another instance of images not showing in production
>
> What images specifically? The package icons? Or something else?
>
>
> what are the logs saying? ```tail -f log/production.log```
>
>
>
>
> Ricky Chilcott
> ri...@rickychilcott.com
>
>
>
>
>
> On May 28, 2013, at 2:42 PM, EtherNomad < ethern...@gmail.com >
> wrote:
>
>
> I had not done that since setting config.serve_static_assets in
> environments/production.rb to true. I just did it and the images are
> still missing.
>
> On Tuesday, May 28, 2013 1:15:05 PM UTC-4, EtherNomad wrote:
>
> I have tried setting config.serve_static_assets in
> environments/production.rb to true, but images still seem to be
> broken.
>
> This may not have anything to do with it, but when I browse to

> http://munkiserver:80 , I get the "Welcome to Lion Server" page.
> When I browse to http://munkiserver:3000 , I get the image-less

[Riley Shott]

The patch has been pulled in. Please update your local repo by doing a `git fetch` at the root of the munkiserver folder and restart your application with `touch tmp/restart.txt`. Please let me know if it fixes your app icon issue.

Thanks,

[EtherNomad]

Riley,

The update you provided resolved the app icon issue. I also went into the 'config/settings.yaml' file you suggested, and sure enough, it had :3000 appended to the end of the host entry. However, removing the :3000 portion and restarting the application with 'touch tmp/restart.txt' did not get rid of the "Welcome to Lion Server" page on port 80.

Here are the contents of the settings.yaml file:

---
:action_mailer:
     :host: localhost

Thanks for all your help so far.

On Tuesday, May 28, 2013 1:15:05 PM UTC-4, EtherNomad wrote:

[Riley Shott]

In your settings.yaml file, change localhost to the DNS name of the server you're configuring this one. Also make sure that it is the same as the ServerName parameter in your VirtualHost configuration.

Sounds like your Apache configuration is not redirecting http to https requests. Create another VirtualHost file with the following:

NameVirtualHost *:80

<VirtualHost *:80> 

  ServerName your_dns_name 

  Redirect permanent / https://your_dns_name/

</VirtualHost>

Of course 'your_dns_name' can refer to either a CNAME or an A record. If your server is Mac OS X Server ensure you don't already have an existing VirtualHost for '*:80'. It would probably be placed in '/etc/apache2/sites/0000_any_80_.conf'. If you see that file, simply delete or move it as there should be a backup already called '0000_any_80_.conf.default' in the same directory but if there's not, it would be wise to make one.

`mv /etc/apache2/sites/0000_any_80_.conf /etc/apache2/sites/0000_any_80_.conf.original`

-Riley

[EtherNomad]

Riley,

I've made the suggested changes, and I think it has led to some progress.

After renaming the 0000_any_80_.conf file to 0000_any_80_.conf.original, the 'Welcome to Lion Server' page no longer displays. Now I receive an index page containing the below text:

Index of /

Apache/2.2.22 (Unix) Phusion_Passenger/4.0.3 mod_ssl/2.2.22 OpenSSL/0.9.8r DAV/2 Server at <ADDRESS_OF_SERVER> Port 80

Below is the contents of my httpd-vhosts.conf file, perhaps I have something wrong in here.

#

# If you want to maintain multiple domains/hostnames on your

# machine you can setup VirtualHost containers for them. Most configurations

# use only name-based virtual hosts so the server doesn't need to worry about

# IP addresses. This is indicated by the asterisks in the directives below.

#

# Please see the documentation at

# <URL:http://httpd.apache.org/docs/2.2/vhosts/>

# for further details before you try to setup virtual hosts.

#

# You may use the command line option '-S' to verify your virtual host

# configuration.

 

#

# Use name-based virtual hosting.

#

NameVirtualHost *:80

 

#

# VirtualHost example:

# Almost any Apache directive may go into a VirtualHost container.

# The first VirtualHost section is used for all requests that do not

# match a ServerName or ServerAlias in any <VirtualHost> block.

#

<VirtualHost *:80>

    ServerAdmin webm...@dummy-host.example.com

    DocumentRoot "/usr/docs/dummy-host.example.com"

    ServerName dummy-host.example.com

    ServerAlias www.dummy-host.example.com

    ErrorLog "/private/var/log/apache2/dummy-host.example.com-error_log"

    CustomLog "/private/var/log/apache2/dummy-host.example.com-access_log" common

</VirtualHost>

 

<VirtualHost *:80>

    ServerAdmin webm...@dummy-host2.example.com

    DocumentRoot "/usr/docs/dummy-host2.example.com"

    ServerName dummy-host2.example.com

    ErrorLog "/private/var/log/apache2/dummy-host2.example.com-error_log"

    CustomLog "/private/var/log/apache2/dummy-host2.example.com-access_log" common

</VirtualHost>

 

<VirtualHost *:80>

        ServerName FQDN_OF_SERVER

        DocumentRoot "/Library/WebServer/Documents/munkiserver/public"

        <Directory "/Library/WebServer/Documents/munkiserver/public">

                Order allow,deny

                Allow from all

        </Directory>

        LoadModule xsendfile_module /usr/libexec/apache2/mod_xsendfile.so

        RequestHeader Set X-Sendfile-Type X-Sendfile

        ProxyPassReverse / http://localhost:8001/

        XSendFile on

        XSendFilePath /Library/WebServer/Documents/munkiserver/packages

</VirtualHost>

 

<VirtualHost *:80>

        ServerName FQDN_OF_SERVER

        Redirect permanent / https://FQDN_OF_SERVER

</VirtualHost>

[Ricky Chilcott]

Hi,

What do you WANT it to contain?  You just want it to error out? If you want it to be blank, look in the config and change the HTML file where the 'Welcome to Lion Server' currently exists.  Alternatively, you can have it redirect in a myriad of ways:

http://www.yolinux.com/TUTORIALS/ApacheRedirect.html

Ricky Chilcott

ri...@rickychilcott.com

[Riley Shott]

Maybe it's just bad formatting but it looks like you have uncommented all the example VirtualHost files, that's bad. You only need two VirtualHost declarations if the web app is the only thing being served from your server (one if you don't want to redirect all http traffic). If that's the case make sure all but the ones you need are commented out. It also looks like you're trying to serve up the web application via http and not https, which is also bad. Use this template:

Listen 443
NameVirtualHost *:443
<VirtualHost *:443>
ServerName fqdn_here
DocumentRoot "path_to_public_folder"

LoadModule xsendfile_module /usr/libexec/apache2/mod_xsendfile.so
RequestHeader Set X-Sendfile-Type X-Sendfile

ProxyPassReverse / keep_what_you_have
XSendFile on
XSendFilePath path_to_packages_folder

SSLEngine on
### Self Signed certificates
SSLCertificateFile path_to_crt_file
SSLCertificateKeyFile path_to_key_file

<Directory "path_to_public_folder">
AllowOverride All
Order allow,deny
allow from all
</Directory>
</VirtualHost>

You'll need to generate an SSL certificate and you can do so using the commands below:

`openssl genrsa -out server.key 2048`
`openssl req -new -key server.key -out server.csr`
`openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt`

This will be a self-signed cert so there will be a warning from your browser about the certificate not being trusted. You'll need to have a CSR signed by a trusted CA if you want to get rid of this warning. Store these files in a secure place and make sure you point to the crt and key file in your VirtualHost declaration.

Ricky is right. There are a lot of ways of redirecting traffic choose the most appropriate one for your needs.

-Riley

----- Original Message -----
> From: "Ricky Chilcott" <ri...@rickychilcott.com>
> To: munkise...@googlegroups.com
> Sent: Wednesday, 29 May, 2013 09:16:12
> Subject: Re: [munkiserver-dev] Another instance of images not showing in production
>

> http://munkiserver:80 , I get the "Welcome to Lion Server" page.
> When I browse to http://munkiserver:3000 , I get the image-less

[EtherNomad]

Riley,

Nice catch. I had wondered about that. For whatever reason the /etc/apache2/extra/httpd-vhosts.conf file on my Lion Server came with those example VirtualHosts uncommented. I reconfigured my httpd-vhosts.conf file based on your template.

When I renamed the /etc/apache2/sites/0000_any_80_.conf file, it got rid of the "Welcome to Lion Server" page and replaced it with the "Index of /" page. That makes sense since Apache seems to now be reading the 0000_any_443_shadow.conf file. I think this because the DocumentRoot of the 443_shadow.conf file points to "/var/empty", while the renamed 80_.conf's DocumentRoot was pointing to "/Library/Server/Web/Data/Sites/Default" which is the location of the "Welcome to Lion Server" index.html file.

My concern in this long-winded explanation is that the configuration settings I've entered into the /etc/apache2/extra/httpd-vhosts.conf file are not being applied. As a test of this theory, I renamed that file to see what would happen. Nothing changed...

http://FQDN_OF_SERVER:3000 <brings up Munki Server login page w/icons>

http://FQDN_OF_SERVER:80 <brings up the "Index of /" page previously mentioned> (Same thing on port 443)

Is /etc/apache2/extra/httpd-vhosts.conf the correct place to configure the MunkiServer VirtualHost info?

Ultimately, I am perfectly happy with accessing my MunkiServer on port 3000 (as long as I have it setup correctly.) I guess I am a little confused by the final "Connect to Server" steps in the original instructions I followed. I was given the impression that port 3000 was for development, and port 80 was for production.

[Riley Shott]

Sounds like '/etc/apache2/extra/httpd-vhosts.conf' is not being included in your main Apache configuration file (/etc/apache2/httpd.conf). I'm pretty sure that the apache2/extra directory is _not_ included by default. The apache2/sites folder should be included by default on Mac OS X Server (apache2/other is included on non-server version of Mac OS X).

To check whether or not the configuration files in apache2/extra are being included, check for this line in '/etc/apache2/httpd.conf':

Include "/etc/apache2/extra/*.conf"

If it's not there add it, or move your munkiserver VirtualHost configuration files into the apache2/sites folder. Assuming the Include statement is there for that:

Include "/etc/apache2/sites/*.conf"

Also make sure you have no other VirtualHost configuration files conflicting with the ones your trying to set (i.e. 0000_any_443_shadow.conf) . So either move them out of the way or rename them so they don't get loaded by the Include statement.

Curious, when you go to 'http://FQDN_OF_SERVER:3000' and before you login, what is in the brackets beside the Login button? It should say production or development.

When you were doing the rake tasks did you set the RAILS_ENV environment variable to production? Or did you simply just run the command without it? As it defaults to the development environment.

`rake db:migrate RAILS_ENV=production`
`rake bootstrap:all RAILS_ENV=production`

-Riley

----- Original Message -----

> From: "EtherNomad" <ethern...@gmail.com>
> To: munkise...@googlegroups.com