Univention Bugzilla – Bug 43657
Docker Apps with ModProxy integration: WebInterface still support HTTP even when HTTPPort is set to 0
Last modified: 2017-03-01 15:23:14 CET
ModProxy=True WebInterfacePortHTTP=0 WebInterfacePortHTTPS=80 WebInterfaceScheme=http Expected: HTTP is disabled, HTTPS is enabled, using the container's port 80! => ModProxy adds an entry from host's 400xx -> container's 80 in apache2/ssl BUT NOT IN apache2/default. App Center links to HTTPS link, regardless of UMC used with HTTP or HTTPS. ucs-overview links to HTTPS link, even when visited with HTTP. Actually: ModProxy adds an entry in apache2/ssl BUT NOT IN apache2/default. App Center links to HTTPS link, regardless of UMC used with HTTP or HTTPS. *** ucs-overview links to HTTP link when visited with HTTP ***
Add a test case
Fixed in univention-appcenter (5.0.23-62) tested in ucs-test (6.0.37-57)
OK - WebInterfacePortHTTP=0 disables http and http overview link goes to https OK - WebInterfacePortHTTP=80 WebInterfacePortHTTPS=443 still works OK - /80_docker/55_app_modproxy OK - univention-appcenter merged to 4.2 OK - ucs-test merged to 4.2 OK - univention-appcenter.yaml
http://jenkins.knut.univention.de:8080/job/UCS-4.1/job/UCS-4.1-4/job/AutotestJoin/SambaVersion=s3,Systemrolle=master/lastCompletedBuild/testReport/80_docker/74_app_ports_webinterface/test/ fails and this looks all strange with WebInterfacePortHTTP=8080 WebInterfacePortHTTPS=8443 AutoModProxy=True i get ucs/web/overview/entries/service/True/port_http=80 ucs/web/overview/entries/service/True/port_https=443 why, shouldn't that be 8080 and 8443 (as defined in WebInterfacePortHTTP(s))? and the tests fails because it wants the ucr vars to be empty in this case, why? What has AutoModProxy to do with the ports in the overview? I don't understand the behavior now but i also do not understand the behavior prior this change Before if app.auto_mod_proxy: port_http = port_https = None Now if app.auto_mod_proxy: port_http = 80 port_https = 443 if app.web_interface_port_http == 0: port_http = None if app.web_interface_port_https == 0: port_https = None app.auto_mod_proxy:
I have adjusted the test case. Now the ports are not empty, but instead 80 and 443. The part I changed for this Bug is just for ucs-overview variables. Everything else worked fine. The variables were set empty before, because 80 and 443 are the correct ports in case of mod_proxy == True. mod_proxy handles the ports and allows using the standard ports. If a container has its web interface running on 8080, but wants to use mod_proxy, we take care of pointing to the right port when accessing via the standard ports. This Bug was that the UCRVs regarding the port in ucs-overview were always empty. This makes ucs-overview think that it is okay to present a HTTP link. If we disable HTTP by WebInterfacePortHTTP=0, the link is still generated. After the fix, only ucs/web/.../port_https=443 is set. This makes ucs-overview think that it should only present a HTTPS link even on its HTTP-page. This is intended.
(In reply to Dirk Wiesenthal from comment #5) > I have adjusted the test case. Now the ports are not empty, but instead 80 > and 443. > > The part I changed for this Bug is just for ucs-overview variables. > Everything else worked fine. > > The variables were set empty before, because 80 and 443 are the correct > ports in case of mod_proxy == True. mod_proxy handles the ports and allows > using the standard ports. If a container has its web interface running on > 8080, but wants to use mod_proxy, we take care of pointing to the right port > when accessing via the standard ports. > > This Bug was that the UCRVs regarding the port in ucs-overview were always > empty. This makes ucs-overview think that it is okay to present a HTTP link. > If we disable HTTP by WebInterfacePortHTTP=0, the link is still generated. > > After the fix, only ucs/web/.../port_https=443 is set. This makes > ucs-overview think that it should only present a HTTPS link even on its > HTTP-page. This is intended. OK, test works now and the change does the right thing. OK - YAML
<http://errata.software-univention.de/ucs/4.1/406.html>