First Last Prev Next    This bug is not in your last search results.
Bug 44124 - UMC redirects to install-time DNS entry
UMC redirects to install-time DNS entry
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: UMC (Generic)
UCS 4.2
Other Linux
: P5 normal (vote)
: UCS 4.2
Assigned To: Florian Best
Erik Damrose
: interim-4
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-03-29 11:01 CEST by Erik Damrose
Modified: 2017-05-03 10:40 CEST (History)
1 user (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?: 1: Will affect a very few installed domains
How will those affected feel about the bug?: 4: A User would return the product
User Pain: 0.114
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
redirections when accessing external fqdn (76.42 KB, image/png)
2017-03-29 11:01 CEST, Erik Damrose 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Erik Damrose univentionstaff 2017-03-29 11:01:06 CEST 
Created attachment 8678 [details]
redirections when accessing external fqdn

UMC, at least the portal, redirects to the DNS entry that was registered at install-time. One cannot visit the UCS server by another external DNS name, that exists in an e.g. cloud environment.

I tried setting up SSO for an external DNS entry, according to http://sdb.univention.de/1352

But I cannot even get to the UCS login - when visiting /univention/portal or /univention/management i get redirected (HTTP 301), see screenshot

external FQDN: externaldns.ucsmaster.example, install-time FQDN: master.ucs.local
Comment 1 Florian Best univentionstaff 2017-03-29 11:31:44 CEST 
I have no clue what is causing this. My guess is that it has to do with the ServerName directive of apache and https SNI.
Comment 2 Erik Damrose univentionstaff 2017-03-29 11:39:23 CEST 
Note: I completed the steps in the article, the apache ServerName is set there.
Comment 3 Florian Best univentionstaff 2017-03-29 11:45:32 CEST 
Can you paste the output of apache2ctl -S?
Comment 4 Erik Damrose univentionstaff 2017-03-29 11:51:16 CEST 
# apache2ctl -S
VirtualHost configuration:
*:80                   master.ucs.local (/etc/apache2/sites-enabled/000-default.conf:13)
*:443                  master.ucs.local (/etc/apache2/sites-enabled/default-ssl.conf:16)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/lock/apache2" mechanism=fcntl 
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
Define: ENABLE_USR_LIB_CGI_BIN
User: name="www-data" id=33
Group: name="www-data" id=33
Comment 5 Florian Best univentionstaff 2017-03-29 11:54:31 CEST 
Can you do:

echo "ServerName $FQDN" >>/etc/apache2/ucs-sites.conf.d/servername.conf

Restart apache and show the output of the command again?
Comment 6 Florian Best univentionstaff 2017-03-29 13:10:26 CEST 
Okay, the redirect seems to be here:

[Wed Mar 29 13:07:18.890775 2017] [rewrite:trace2] [pid 3548] mod_rewrite.c(475): [client 10.205.1.206:47094] 10.205.1.206 - - [foobar/sid#7f3c3292f540][rid#7f3c328610a0/initial] init rewrite engine with requested uri /univention/portal/
[Wed Mar 29 13:07:18.890802 2017] [rewrite:trace3] [pid 3548] mod_rewrite.c(475): [client 10.205.1.206:47094] 10.205.1.206 - - [foobar/sid#7f3c3292f540][rid#7f3c328610a0/initial] applying pattern '^/univention/setup/' to uri '/univention/portal/'
[Wed Mar 29 13:07:18.890838 2017] [rewrite:trace3] [pid 3548] mod_rewrite.c(475): [client 10.205.1.206:47094] 10.205.1.206 - - [foobar/sid#7f3c3292f540][rid#7f3c328610a0/initial] applying pattern '^/?simplesamlphp/(.*)' to uri '/univention/portal/'
[Wed Mar 29 13:07:18.890870 2017] [rewrite:trace3] [pid 3548] mod_rewrite.c(475): [client 10.205.1.206:47094] 10.205.1.206 - - [foobar/sid#7f3c3292f540][rid#7f3c328610a0/initial] applying pattern '.*' to uri '/univention/portal/'
[Wed Mar 29 13:07:18.890909 2017] [rewrite:trace4] [pid 3548] mod_rewrite.c(475): [client 10.205.1.206:47094] 10.205.1.206 - - [foobar/sid#7f3c3292f540][rid#7f3c328610a0/initial] RewriteCond: input='/univention/portal/' pattern='^/univention/js/.*/i18n/[^/]*/.*\\.json' => not-matched
[Wed Mar 29 13:07:18.890936 2017] [rewrite:trace4] [pid 3548] mod_rewrite.c(475): [client 10.205.1.206:47094] 10.205.1.206 - - [foobar/sid#7f3c3292f540][rid#7f3c328610a0/initial] RewriteCond: input='/univention/portal/' pattern='^/univention/management/modules/i18n/[^/]*/.*\\.json' => not-matched
[Wed Mar 29 13:07:18.890961 2017] [rewrite:trace4] [pid 3548] mod_rewrite.c(475): [client 10.205.1.206:47094] 10.205.1.206 - - [foobar/sid#7f3c3292f540][rid#7f3c328610a0/initial] RewriteCond: input='/univention/portal/' pattern='^/univention/i18n/[^/]*/.*\\.json' => not-matched
[Wed Mar 29 13:07:18.890989 2017] [rewrite:trace4] [pid 3548] mod_rewrite.c(475): [client 10.205.1.206:47094] 10.205.1.206 - - [foobar/sid#7f3c3292f540][rid#7f3c328610a0/initial] RewriteCond: input='/univention/portal/' pattern='^/univention/(management|portal|login|server-overview|self-service|setup)/i18n/[^/]*/.*\\.json' => not-matched
[Wed Mar 29 13:07:18.891011 2017] [rewrite:trace3] [pid 3548] mod_rewrite.c(475): [client 10.205.1.206:47094] 10.205.1.206 - - [foobar/sid#7f3c3292f540][rid#7f3c328610a0/initial] applying pattern '^/univention/(.*)$' to uri '/univention/portal/'
[Wed Mar 29 13:07:18.891054 2017] [rewrite:trace4] [pid 3548] mod_rewrite.c(475): [client 10.205.1.206:47094] 10.205.1.206 - - [foobar/sid#7f3c3292f540][rid#7f3c328610a0/initial] RewriteCond: input='foobar' pattern='^foobar$' => matched
[Wed Mar 29 13:07:18.891079 2017] [rewrite:trace4] [pid 3548] mod_rewrite.c(475): [client 10.205.1.206:47094] 10.205.1.206 - - [foobar/sid#7f3c3292f540][rid#7f3c328610a0/initial] RewriteCond: input='/univention/portal/' pattern='^/univention/(login|management|self-service|portal|server-overview)/$' => matched
[Wed Mar 29 13:07:18.891100 2017] [rewrite:trace2] [pid 3548] mod_rewrite.c(475): [client 10.205.1.206:47094] 10.205.1.206 - - [foobar/sid#7f3c3292f540][rid#7f3c328610a0/initial] rewrite '/univention/portal/' -> 'http://xen3.school.local/univention/portal/'
[Wed Mar 29 13:07:18.891138 2017] [rewrite:trace2] [pid 3548] mod_rewrite.c(475): [client 10.205.1.206:47094] 10.205.1.206 - - [foobar/sid#7f3c3292f540][rid#7f3c328610a0/initial] explicitly forcing redirect with http://xen3.school.local/univention/portal/
[Wed Mar 29 13:07:18.891157 2017] [rewrite:trace8] [pid 3548] mod_rewrite.c(475): [client 10.205.1.206:47094] 10.205.1.206 - - [foobar/sid#7f3c3292f540][rid#7f3c328610a0/initial] Rule has END flag, no further rewriting for this request
[Wed Mar 29 13:07:18.891177 2017] [rewrite:trace1] [pid 3548] mod_rewrite.c(475): [client 10.205.1.206:47094] 10.205.1.206 - - [foobar/sid#7f3c3292f540][rid#7f3c328610a0/initial] escaping http://xen3.school.local/univention/portal/ for redirect
[Wed Mar 29 13:07:18.891197 2017] [rewrite:trace1] [pid 3548] mod_rewrite.c(475): [client 10.205.1.206:47094] 10.205.1.206 - - [foobar/sid#7f3c3292f540][rid#7f3c328610a0/initial] redirect to http://xen3.school.local/univention/portal/ [REDIRECT/301]
Comment 7 Florian Best univentionstaff 2017-03-29 13:19:13 CEST 
univention-management-console (9.0.79-1):
r78463 | Bug #44124: fix redirection when ucs/server/sso/virtualhost is false

univention-apache (9.0.5-4):
r78461 | Bug #44124: add .conf suffix to files in /etc/apache2/ucs-sites.conf.d/
Comment 8 Erik Damrose univentionstaff 2017-03-29 17:49:45 CEST 
Verified: No more redirections with external DNS entry. Great!
Comment 9 Stefan Gohmann univentionstaff 2017-04-04 18:28:57 CEST 
UCS 4.2 has been released:
 https://docs.software-univention.de/release-notes-4.2-0-en.html
 https://docs.software-univention.de/release-notes-4.2-0-de.html

If this error occurs again, please use "Clone This Bug".
First Last Prev Next    This bug is not in your last search results.