Re: HTTPS Admin Page Remote Connection
849 views
Skip to first unread message
Niphlod
Sep 13, 2012, 2:44:05 PM9/13/12
to web...@googlegroups.com
why don't you just enable remote forwarding if you don't want to setup the SSL on the webserver ?
if you can log in with ssh, you should be able to do:
ssh -L local_port:local_ip:remote_port username@address
This, in addition to login to the ssh shell, will redirect the services listening on the remote_port on the server address to the local_port residing on local_ip.
summary: if you have a server and you login in it by
ssh user...@example.com
you can instead use
ssh -L 8000:localhost:80 user...@example.com
This will make what is available on port 80 of example.com accessible from localhost:8000 .
Summary of the summary: if you point your local browser to http://localhost:8000/admin (if your server has a standard web2py config), for the server it is like someone is using a browser right on the server pointing to http://localhost:80/admin (hence, request is detected as coming from localhost and no https check is enforced, like you are used when you start web2py to develop on your own computer)
On Thursday, September 13, 2012 3:38:45 PM UTC+2, Francisco Barretto wrote:
if you can log in with ssh, you should be able to do:
ssh -L local_port:local_ip:remote_port username@address
This, in addition to login to the ssh shell, will redirect the services listening on the remote_port on the server address to the local_port residing on local_ip.
summary: if you have a server and you login in it by
ssh user...@example.com
you can instead use
ssh -L 8000:localhost:80 user...@example.com
This will make what is available on port 80 of example.com accessible from localhost:8000 .
Summary of the summary: if you point your local browser to http://localhost:8000/admin (if your server has a standard web2py config), for the server it is like someone is using a browser right on the server pointing to http://localhost:80/admin (hence, request is detected as coming from localhost and no https check is enforced, like you are used when you start web2py to develop on your own computer)
On Thursday, September 13, 2012 3:38:45 PM UTC+2, Francisco Barretto wrote:
Hi There!Deploying web2py on a server gives me some headache about accessing the admin page (on server) from a remote machine. First it throwed the message "'Admin is disabled because insecure channel'. So I found some posts talking about comment the following code
if request.env.http_x_forwarded_for or request.is_https:
session.secure()
elif not request.is_local and not DEMO_MODE:
raise HTTP(200, T('Admin is disabled because insecure channel'))
Unfortunatelly, commenting, this part of the access.py file is not the right way to do it and I know. Besides, it still shows-me this message "ATTENTION: Login requires a secure (HTTPS) connection or running on localhost". So, it´s not apropriate and doesn´t even solve the problem.Since I´m using linux as my server OS and it doesn´t have a graphic interface I can´t access the admin page through a local browser. My point is, how to correctly enable the admin page remote access? Already tryed to start with the server IP and 0.0.0.0 using ports 8000, 80 and 443 and still nothing. Also tryied to specify the protocol HTTPS on browser but I get this error:
(Error code: ssl_error_rx_record_too_long)
So, can anybody point me the right way?Thanks!
dhmorgan
Sep 13, 2012, 3:34:36 PM9/13/12
to web...@googlegroups.com
The method depends on which web server are you using. Which one are using?
General guidance can be found in book, chapter 13
http://web2py.com/book/default/chapter/13
Andrew
Sep 13, 2012, 8:44:23 PM9/13/12
to web...@googlegroups.com
If your app is proxied you might be running into an apache config issue.
See the following:
&
The used the following to make sure the correct wsgi param is set:
<IfModule mod_setenvif.c>
SetEnvIf X-Forwarded-Proto https HTTPS=1</IfModule>
Francisco Barretto
Sep 19, 2012, 11:39:05 AM9/19/12
to web...@googlegroups.com
Hi Folks!
Here's how I've solved the problem:
I'm now running a web2py local server with regular configuration:
Then configured apache2 based on the alternative "mod_proxy" configuration described in http://web2py.com/book/default/chapter/13.
This way, apaches deals with the incomming connections on ports 80 and 443 and then redirects these requests to local web2py default server. This way I'm still secure since appadmin and admin are forced to be over HTTPS and did no bypasses on codes or whatever.
[User (HTTPS)--> Apache (HTTP)--> Web2PyServer]
Thanks!
Here's how I've solved the problem:
I'm now running a web2py local server with regular configuration:
nohup python web2py.py -i 127.0.0.1 -p 8000Then configured apache2 based on the alternative "mod_proxy" configuration described in http://web2py.com/book/default/chapter/13.
NameVirtualHost *:80 NameVirtualHost *:443 #### deal with requests on port 80 <VirtualHost *:80> Alias / /users/www-data/web2py/applications ### admin requires SSL <LocationMatch "^/admin"> SSLRequireSSL </LocationMatch> ### appadmin requires SSL <LocationMatch "^/welcome/appadmin/.*"> SSLRequireSSL </LocationMatch> ### serve static files directly <LocationMatch "^/welcome/static/.*"> Order Allow,Deny Allow from all </LocationMatch> ### proxy all the other requests <Location "/welcome"> Order deny,allow Allow from all ProxyPass http://localhost:8000/welcome ProxyPassReverse http://localhost:8000/ </Location> LogFormat "%h %l %u %t "%r" %>s %b" common CustomLog /var/log/apache2/access.log common </VirtualHost> <VirtualHost *:443> SSLEngine On SSLCertificateFile /etc/apache2/ssl/server.crt SSLCertificateKeyFile /etc/apache2/ssl/server.key <Location "/"> Order deny,allow Allow from all ProxyPass http://localhost:8000/ ProxyPassReverse http://localhost:8000/ </Location> LogFormat "%h %l %u %t "%r" %>s %b" common CustomLog /var/log/apache2/access.log common </VirtualHost>
This way, apaches deals with the incomming connections on ports 80 and 443 and then redirects these requests to local web2py default server. This way I'm still secure since appadmin and admin are forced to be over HTTPS and did no bypasses on codes or whatever.
[User (HTTPS)--> Apache (HTTP)--> Web2PyServer]
Thanks!
Reply all
Reply to author
Forward
0 new messages