Bug 39198 - Provide mod_proxy configuration
Provide mod_proxy configuration
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Docker
UCS 4.1
Other Linux
: P5 normal (vote)
: UCS 4.1
Assigned To: Dirk Wiesenthal
Stefan Gohmann
: interim-1
Depends on:
Blocks: 41525
  Show dependency treegraph
 
Reported: 2015-08-17 10:05 CEST by Stefan Gohmann
Modified: 2016-06-10 14:44 CEST (History)
2 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Gohmann univentionstaff 2015-08-17 10:05:44 CEST
Every App can include a mod_proxy configuration. By default every App get its own apache namespace via mod_proxy.
Comment 1 Dirk Wiesenthal univentionstaff 2015-09-25 11:07:20 CEST
(In reply to Stefan Gohmann from comment #0)
> Every App can include a mod_proxy configuration.

Currently there is no way to easily include its own mod_proxy configuration. One may add the configuration in the join script (with sed or echo...). But there is no real interface for it.

(In reply to Stefan Gohmann from comment #0)
> By default every App get
> its own apache namespace via mod_proxy.

This is possible. In the ini file:
WebInterface=/myapp
WebInterfacePortHTTP=[80]
WebInterfacePortHTTPS=[443]
AutoModProxy=[True]

will result in ProxyPass directives for ssl and non-ssl.
So effectively local.docker.container:80 -> fqdn.docker.host:40000 and local.docker.container:443 -> fqdn.docker.host:40001
as well as
fqdn.docker.host:80/myapp -> fqdn.docker.host:40000/myapp and
fqdn.docker.host:443/myapp -> fqdn.docker.host:40001/myapp

So the docker ports go from 40k up to 41k and the docker container has to make /myapp accessible internally. I thought about making this configurable, but haven't done so yet.

If you feel this is not sufficient, REOPEN the bug (or enter a new one with the required enhancements).
Comment 2 Stefan Gohmann univentionstaff 2015-09-30 07:37:19 CEST
OK, it works and I think it is enough for the moment. I've added a test case for this: 80_docker/55_app_modproxy
Comment 3 Stefan Gohmann univentionstaff 2015-11-17 12:12:45 CET
UCS 4.1 has been released:
 https://docs.software-univention.de/release-notes-4.1-0-en.html
 https://docs.software-univention.de/release-notes-4.1-0-de.html

If this error occurs again, please use "Clone This Bug".
Comment 4 Michel Smidt 2016-06-10 14:06:59 CEST
After installing the jenkins app following error messages appears in "fqdn/jenkins/manage":
"It appears that your reverse proxy set up is broken." 
According to [1] this can be fixed with the options "nocanon" & "AllowEncodedSlashes NoDecode" in the virtualHost reverse proxy entry.

Full configuration:
<VirtualHost *:80>
        Include /etc/apache2/ucs-sites.conf.d

        ProxyPass /jenkins/ http://127.0.0.1:40001/jenkins/ nocanon retry=0
        ProxyPassReverse /jenkins/ http://127.0.0.1:40001/jenkins/
        AllowEncodedSlashes NoDecode
</VirtualHost>

So, it would be nice to get this configurable.

[1] https://wiki.jenkins-ci.org/display/JENKINS/Running+Jenkins+behind+Apache