api icon indicating copy to clipboard operation
api copied to clipboard

Published 20 hours ago verified publisher icon Tendrl

Sample SSL configuration redirects to ip address

Open mbukatov opened this issue 7 years ago • 6 comments

Description

Suggested SSL configuration based on example /etc/httpd/conf.d/tendrl-ssl.conf.sample as described in https://github.com/Tendrl/api/pull/264 redirects http requests to https using ip address.

Based on @dahorak 's feedback: https://github.com/Tendrl/tendrl-ansible/pull/46#discussion_r140742360 and today's A daily meeting of Tendrl developers.

Version

Recent snapshot build from master branch:

tendrl-api-httpd-1.5.2-20170921T125939.61d8945.noarch

Steps to Reproduce

  1. Prepare machines with GlusterFS cluster, including gluster volume (I used nightly builds and volume_usmqe_alpha_distrep_4x2.create.conf)
  2. Install Tendrl via tendrl-ansible there, using snapshot builds and https://github.com/Tendrl/tendrl-ansible/pull/46/commits/57a4cfd1b4db3d4b4bc0eeb8329f021e90d4f342 from work in progress branch for https://github.com/Tendrl/tendrl-ansible/pull/46
  3. Log into the Tendrl web interface as an admin user, using full hostname and plain http in url
  4. See the redirection

Actual Results

The user is redirected to ip address of the server: eg. from http://mbukatov-usm1-server.example.com/ it redirects to https://10.34.108.90/:

screenshot_20170925_140535

Expected Results

The redirection uses full hostname (fqdn).

mbukatov avatar Sep 25 '17 12:09 mbukatov

@r0h4n @brainfunked @dahorak so far this seems to me to be a minor configuration change (affecting the default config sample and tendrl-ansible), what do you think?

mbukatov avatar Sep 25 '17 12:09 mbukatov

I have tried to reconfigure the redirection using fqdn:

$ git diff roles/tendrl-server/tasks/httpd-ssl.yml                                                                                                           
diff --git a/roles/tendrl-server/tasks/httpd-ssl.yml b/roles/tendrl-server/tasks/httpd-ssl.yml                                                               
index 829f48a..a33730f 100644
--- a/roles/tendrl-server/tasks/httpd-ssl.yml
+++ b/roles/tendrl-server/tasks/httpd-ssl.yml
@@ -85,7 +85,7 @@
   lineinfile:
     path: /etc/httpd/conf.d/tendrl.conf
     regexp: ' *#? *Redirect permanent / https://.*/'
-    line: "  Redirect permanent / https://{{ httpd_ip_address }}/"
+    line: "  Redirect permanent / https://{{ ansible_fqdn }}/"
   notify:
     - restart httpd

and at first sight, it seems to work fine for me:

screenshot_20170925_141541

mbukatov avatar Sep 25 '17 12:09 mbukatov

@mbukatov your solution is good, please use it.

brainfunked avatar Sep 26 '17 17:09 brainfunked

@brainfunked ack

mbukatov avatar Sep 27 '17 08:09 mbukatov

Fix is part of https://github.com/Tendrl/tendrl-ansible/pull/46

mbukatov avatar Oct 03 '17 16:10 mbukatov

@mbukatov Is this still relevant or can we close this?

shirshendu avatar Mar 05 '18 09:03 shirshendu