nginx+gunicorn instead of apache gives api issue

[tw bert]

Hi,

RB 4.0.1, RbTools 2.0

To tune some RAM issues, we switched to nginx+gunicorn (like in the docker images).

The RB site works fine.

Even dl-ing something from the api via the browser works fine:

http://srv-reviewboard:8090/api/users/

gives a downloaded file with the users

However, using rbtools we get an error:

rbtools.api.errors.ServerInterfaceError: [Errno 10061] No connection could be made because the target machine actively refused it 

We use the nginx config example from https://www.reviewboard.org/docs/manual/4.0/admin/installation/docker/ .
(but not the docker images themselves)

Simply stopping nginx and starting apache solves the issue. But we'd like to switch to nginx.

Any pointers?

Here is our nxinx config:

        upstream reviewboard_rprox {

            server localhost:8080;

        }

        server {

            server_name srv-reviewboard;

            listen 8090;

            root /var/www/reviews.FOO.com/htdocs;

            location / {

                proxy_pass http://reviewboard_rprox;

                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

                proxy_set_header Host $host;

                proxy_redirect off;

            }

            location /media/ {

                alias /var/www/reviews.FOO.com/htdocs/media/;

                add_header Access-Control-Allow-Origin *;

                expires max;

                location ~ \.(html|htm|shtml|php)$ {

                    types {}

                    default_type text/plain;

                }

            }

            location /static/ {

                alias /var/www/reviews.FOO.com/htdocs/static/;

                add_header Access-Control-Allow-Origin *;

                expires max;

            }

        }

[Christian Hammond]

Hi,

The configuration looks fine. Can you provide RBTools debug log (--debug)?

Was Apache also listening on port 8090, and without SSL? I'm curious if RBTools is using the correct address.

Christian

--
Supercharge your Review Board with Power Pack: https://www.reviewboard.org/powerpack/
Want us to host Review Board for you? Check out RBCommons: https://rbcommons.com/
Happy user? Let us know! https://www.reviewboard.org/users/
---
You received this message because you are subscribed to the Google Groups "Review Board Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to reviewboard...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/reviewboard/ce1260ea-212d-415a-b308-e45d9a5ef509n%40googlegroups.com.

--

Christian Hammond

President/CEO of Beanbag

Makers of Review Board

[tw bert]

Hi Christian,

Sorry for the late reply, other priorities.

I just dove into the code, and managed to fix it.

It actually was an nginx config omission.

It needed the port included in the META tag HTTP_HOST, by doing:

proxy_set_header Host $host:8090;

It might be better to use $port (didn't check the docs) , but this is good enough for us.

If you'd put this as a caveat in the RB docs, it might help other nginx newbees like me.

At runtime I could ask for the django port, but of course that's the wrong one (only used for reverse proxy, not for the site).

So it needs to come from nginx.

I found it by step debugging through Django (quite some code), and hitting this method:

    def _get_raw_host(self):

        """

        Return the HTTP host using the environment or request headers. Skip

        allowed hosts protection, so may return an insecure host.

        """

        # We try three options, in order of decreasing preference.

        if settings.USE_X_FORWARDED_HOST and (

                'HTTP_X_FORWARDED_HOST' in self.META):

            host = self.META['HTTP_X_FORWARDED_HOST']

        elif 'HTTP_HOST' in self.META:

            host = self.META['HTTP_HOST']

        else:

            # Reconstruct the host using the algorithm from PEP 333.

            host = self.META['SERVER_NAME']

            server_port = self.get_port()

            if server_port != ('443' if self.is_secure() else '80'):

                host = '%s:%s' % (host, server_port)

        return host

Served by apache, the else was entered. Which isn't technically valid when running the WSGI as a reverse proxy. One of the two META tags is needed.

It all makes sense now.

Kind regards, TW

[Christian Hammond]

Thanks TW. We'll test that addition and get it in. Thanks for doing the research on this, and I'm glad it's working now! :)

Christian

To view this discussion on the web visit https://groups.google.com/d/msgid/reviewboard/77da255a-d933-48c2-8087-26af1acd64c4n%40googlegroups.com.