Bug 43657 – Docker Apps with ModProxy integration: WebInterface still support HTTP even when HTTPPort is set to 0

Bug 43657 - Docker Apps with ModProxy integration: WebInterface still support HTTP even when HTTPPort is set to 0


Summary:	Docker Apps with ModProxy integration: WebInterface still support HTTP even w...

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	App Center
Version:	UCS 4.1
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 4.1-4-errata
Assigned To:	Dirk Wiesenthal
QA Contact:	Felix Botner

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2017-02-27 17:34 CET by Dirk Wiesenthal
Modified:	2017-03-01 15:23 CET (History)
CC List:	0 users

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?:	1: Will affect a very few installed domains
How will those affected feel about the bug?:	3: A User would likely not purchase the product
User Pain:	0.086
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:	Yes
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Dirk Wiesenthal

2017-02-27 17:34:10 CET

ModProxy=True
WebInterfacePortHTTP=0
WebInterfacePortHTTPS=80
WebInterfaceScheme=http

Expected:
HTTP is disabled, HTTPS is enabled, using the container's port 80!
=>
ModProxy adds an entry from host's 400xx -> container's 80 in apache2/ssl BUT NOT IN apache2/default.
App Center links to HTTPS link, regardless of UMC used with HTTP or HTTPS.
ucs-overview links to HTTPS link, even when visited with HTTP.

Actually:
ModProxy adds an entry in apache2/ssl BUT NOT IN apache2/default.
App Center links to HTTPS link, regardless of UMC used with HTTP or HTTPS.
*** ucs-overview links to HTTP link when visited with HTTP ***

Comment 1 Dirk Wiesenthal

2017-02-27 17:34:32 CET

Add a test case

Comment 2 Dirk Wiesenthal

2017-02-28 13:43:56 CET

Fixed in
  univention-appcenter (5.0.23-62)
tested in
  ucs-test (6.0.37-57)

Comment 3 Felix Botner

2017-02-28 17:57:02 CET

OK - WebInterfacePortHTTP=0 disables http and http overview link goes to https
OK - WebInterfacePortHTTP=80 WebInterfacePortHTTPS=443 still works
OK - /80_docker/55_app_modproxy

OK - univention-appcenter merged to 4.2
OK - ucs-test merged to 4.2
OK - univention-appcenter.yaml

Comment 4 Felix Botner

2017-03-01 11:05:36 CET

http://jenkins.knut.univention.de:8080/job/UCS-4.1/job/UCS-4.1-4/job/AutotestJoin/SambaVersion=s3,Systemrolle=master/lastCompletedBuild/testReport/80_docker/74_app_ports_webinterface/test/

fails

and this looks all strange

with
  WebInterfacePortHTTP=8080
  WebInterfacePortHTTPS=8443
  AutoModProxy=True
i get 
  ucs/web/overview/entries/service/True/port_http=80
  ucs/web/overview/entries/service/True/port_https=443
why, shouldn't that be 8080 and 8443 (as defined in WebInterfacePortHTTP(s))?

and the tests fails because it wants the ucr vars to be empty in this case, why? What has AutoModProxy to do with the ports in the overview?

I don't understand the behavior now but i also do not understand the behavior prior this change


Before
if app.auto_mod_proxy:
 port_http = port_https = None

Now
if app.auto_mod_proxy:
  port_http = 80
  port_https = 443
  if app.web_interface_port_http == 0:
    port_http = None
  if app.web_interface_port_https == 0:
    port_https = None app.auto_mod_proxy:

Comment 5 Dirk Wiesenthal

2017-03-01 12:33:56 CET

I have adjusted the test case. Now the ports are not empty, but instead 80 and 443.

The part I changed for this Bug is just for ucs-overview variables. Everything else worked fine.

The variables were set empty before, because 80 and 443 are the correct ports in case of mod_proxy == True. mod_proxy handles the ports and allows using the standard ports. If a container has its web interface running on 8080, but wants to use mod_proxy, we take care of pointing to the right port when accessing via the standard ports.

This Bug was that the UCRVs regarding the port in ucs-overview were always empty. This makes ucs-overview think that it is okay to present a HTTP link. If we disable HTTP by WebInterfacePortHTTP=0, the link is still generated.

After the fix, only ucs/web/.../port_https=443 is set. This makes ucs-overview think that it should only present a HTTPS link even on its HTTP-page. This is intended.

Comment 6 Felix Botner

2017-03-01 13:09:15 CET

(In reply to Dirk Wiesenthal from comment #5)
> I have adjusted the test case. Now the ports are not empty, but instead 80
> and 443.
> 
> The part I changed for this Bug is just for ucs-overview variables.
> Everything else worked fine.
> 
> The variables were set empty before, because 80 and 443 are the correct
> ports in case of mod_proxy == True. mod_proxy handles the ports and allows
> using the standard ports. If a container has its web interface running on
> 8080, but wants to use mod_proxy, we take care of pointing to the right port
> when accessing via the standard ports.
> 
> This Bug was that the UCRVs regarding the port in ucs-overview were always
> empty. This makes ucs-overview think that it is okay to present a HTTP link.
> If we disable HTTP by WebInterfacePortHTTP=0, the link is still generated.
> 
> After the fix, only ucs/web/.../port_https=443 is set. This makes
> ucs-overview think that it should only present a HTTPS link even on its
> HTTP-page. This is intended.

OK, test works now and the change does the right thing.
OK - YAML

Comment 7 Janek Walkenhorst

2017-03-01 15:23:14 CET

<http://errata.software-univention.de/ucs/4.1/406.html>