Can mwlib serve through HTTPS and Apache AuthType?

149 views
Skip to first unread message

Milan.M.Masek

unread,
Mar 19, 2010, 11:33:07 AM3/19/10
to mwlib
Hi folks!
Does anybody know if is possible to run mw-serve and mw-render in a
configuration when access to MediaWiki is protected by HTTPS and
Apache AuthType Basic?

Without https everything goes well. With https I have got an error in
mw-render.log

creating nuwiki in u'/var/cache/mw-serve/45/456edf2d954f2a48/tmp0wpAbm/
nuwiki'
1% fetching 1% fetching 1% fetching 1% fetching Unhandled error in
Deferred:
Traceback (most recent call last):
Failure: exceptions.RuntimeError: could not get collection params
Traceback (most recent call last):
Failure: twisted.web.error.Error: 401 Authorization Required
fatal: could not get collection params [[Failure instance: Traceback
(failure with no frames): twisted.web.error.Error: 401 Authorization
Required
]]
retrying: could not fetch 'https://wiki.bilbo5.praha.tmapy.cz/api.php?
action=query&meta=siteinfo&siprop=general|namespaces|interwikimap|
namespacealiases|magicwords|rightsinfo&format=json'
removing tmpdir u'/var/cache/mw-serve/45/456edf2d954f2a48/tmp0wpAbm'
1% error Traceback (most recent call last):
File "/usr/bin/mw-render", line 7, in ?
sys.exit(
File "/usr/lib64/python2.4/site-packages/mwlib/apps/render.py", line
211, in main
return Main()()
File "/usr/lib64/python2.4/site-packages/mwlib/apps/render.py", line
170, in __call__
env = self.get_environment()
File "/usr/lib64/python2.4/site-packages/mwlib/apps/render.py", line
101, in get_environment
self.zip_filename = make_zip(output=self.options.keep_zip,
options=self.options, metabook=env.metabook, status=self.status)
File "/usr/lib64/python2.4/site-packages/mwlib/apps/buildzip.py",
line 58, in make_zip
make_nuwiki(fsdir, metabook=metabook, options=options,
podclient=podclient, status=status)
File "/usr/lib64/python2.4/site-packages/mwlib/apps/make_nuwiki.py",
line 171, in make_nuwiki
raise RuntimeError(str(val))
RuntimeError: [Failure instance: Traceback (failure with no frames):
exceptions.RuntimeError: could not get collection params


My configuration is:
CentOS 5.4
Python 2.4.3
mwlib==0.12.10

[root@bilbo5 ~]# pip freeze | sort
Warning: cannot find svn location for flup==1.0.3.dev-20100221
docutils==0.6
elementtree==1.2.7-20070827-preview
email==4.0.2
## FIXME: could not find svn URL in dependency_links for this package:
flup==1.0.3.dev-20100221
hashlib==20081119
lockfile==0.8
mwlib.ext==0.12.3
mwlib.rl==0.12.4
mwlib==0.12.10
odfpy==0.9
PIL==1.1.7
Pygments==1.3.1
pyparsing==1.5.2
pyPdf==1.12
simplejson==2.1.0
timelib==0.2.1
Twisted==10.0.0
WebOb==0.9.8
wsgiref==0.1.2
zope.interface==3.5.3

VirtualHost config for Apache:
AuthType Basic
AuthName "Welcome to Wiki, enter your login"
AuthBasicProvider ldap
AuthzLDAPAuthoritative Off
AuthLDAPUrl ..
Require valid-user

LocalSettings.php


Thanks in advance for your ideas.
M.

Richard Ash

unread,
Mar 19, 2010, 5:06:41 PM3/19/10
to mw...@googlegroups.com
I worked round this by customising the apache configuration so that access from localhost to the server doesn't need a password. I forget exactly how I achieved this, but the result is that users have to log in, but the render server doesn't.

Richard

LocalSettings.php

--
You received this message because you are subscribed
> to the Google Groups "mwlib" group.
To post to this group, send email to
> ymailto="mailto:mw...@googlegroups.com"
> href="mailto:mw...@googlegroups.com">mw...@googlegroups.com.
To
> unsubscribe from this group, send email to mwlib+
> ymailto="mailto:unsub...@googlegroups.com"
> href="mailto:unsub...@googlegroups.com">unsub...@googlegroups.com.
For
> more options, visit this group at
> href="http://groups.google.com/group/mwlib?hl=en" target=_blank
> >http://groups.google.com/group/mwlib?hl=en.


Tomas Straupis

unread,
Mar 20, 2010, 2:40:49 AM3/20/10
to mw...@googlegroups.com
2010/3/19 Richard Ash <richard...@yahoo.co.uk>:

> I worked round this by customising the apache configuration so that
> access from localhost to the server doesn't need a password. I forget
> exactly how I achieved this, but the result is that users have to log in,
> but the render server doesn't.

For example give access to api.php from localhost without authorisation.

--
Tomas Straupis

Milan.M.Masek

unread,
Mar 22, 2010, 8:58:22 AM3/22/10
to mwlib
Thanks to all your responds.

One bad thing is an extra mod_rewrite rule in http portion of Apache
virtual host conf.
I have this schema:
<VirtualHost 192.168.120.209:80>
...
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://localhost/.*$ [NC]
RewriteRule ^/ https://%{HTTP_HOST}%{REQUEST_URI} [redirect]
<Directory>
Allow from all
</Directory>
...
</VirtualHost>
<VirtualHost 192.168.120.209:443>
...
AuthType Basic
...
</VirtualHost>

With this I have got "Bad title" while generating PDF.

Bad title
The requested page title was invalid, empty, or an incorrectly linked
inter-language or inter-wiki title. It may contain one or more
characters which cannot be used in titles.

On Mar 20, 7:40 am, Tomas Straupis <tomasstrau...@gmail.com> wrote:
> 2010/3/19 Richard Ash <richardash1...@yahoo.co.uk>:

Milan.M.Masek

unread,
Mar 23, 2010, 11:57:39 AM3/23/10
to mwlib
Hi,
I have reached some improvements. This is not (as I hope) the final
solution, but it works. I have changed Apache conf and rewrite rules
like this:

<VirtualHost 192.168.120.209:80>
...
RewriteEngine on

RewriteCond %{REQUEST_URI} !/*(.png)|(.jpg)|(.jpeg)|(.gif)
RewriteCond %{REQUEST_URI} !/api.php*
RewriteCond %{QUERY_STRING} !writer=rl


RewriteRule ^/ https://%{HTTP_HOST}%{REQUEST_URI} [redirect]

<Directory>
Allow from all
</Directory>
...
</VirtualHost>
<VirtualHost 192.168.120.209:443>
...

<Directory>
RewriteCond %{QUERY_STRING} writer=rl
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R,L]

AuthType Basic
...
</Directory>
...
</VirtualHost>


This configuration generates PDF, images within. One bad thing on this
approach is that user needs to push F5 and reload page twice or ones -
depends if it was already generated or not. Little bit strange
behaviour - but the basis works.

Milan.M.Masek

unread,
Mar 30, 2010, 3:26:37 PM3/30/10
to mwlib
Hi,
no more mod-rewrite rules ;)! It has an issue with adding/removing
pages to the book and in my opinion it is a little bit dirty way.

The final solution is to improve python mwlib code. I wish someone of
mwlib contributors would do this, including all the consequences. The
change is based on example written bellow and I have had to make
changes (in my case) in these files:
/usr/lib64/python2.4/site-packages/mwlib/net/mwapi.py and pod.py.
Search and improve the code where the method client.getPage() is
called.

The next python example fetch wiki page secured by Apache AuthType
Basic.
[milma@bilbo5 ~]$ python webcatmwhttps.py https://wiki.bilbo5.praha.tmapy.cz

Source code:
[milma@bilbo5 ~]$ cat webcatmwhttps.py
from twisted.web import client, error as weberror
from twisted.internet import reactor
import sys, getpass, base64

def printPage(data):
print data
reactor.stop()

def checkHTTPError(failure, url):
failure.trap(weberror.Error)
if failure.value.status == '401':
print >> sys.stderr, failure.getErrorMessage()
#promp for username and password
username = "yourusername"
password = "yourpassword"
basicAuth = base64.encodestring("%s:%s" % (username,
password))
authHeader = "Basic " + basicAuth.strip()
#try to fetch the page again with authentication
return client.getPage(
url, headers={"Authorization": authHeader})
else:
return failure

def printError(failure):
print >> sys.stderr, "Error:", failure.getErrorMessage()
reactor.stop()

if len(sys.argv) == 2:
url = sys.argv[1]
client.getPage(url).addErrback(
checkHTTPError, url).addCallback(
printPage).addErrback(
printError)
reactor.run()
else:
print "Usage: %s <URL>" % sys.argv[0]


Reply all
Reply to author
Forward
0 new messages