Bug 43657 - Docker Apps with ModProxy integration: WebInterface still support HTTP even when HTTPPort is set to 0
Docker Apps with ModProxy integration: WebInterface still support HTTP even w...
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: App Center
UCS 4.1
Other Linux
: P5 normal (vote)
: UCS 4.1-4-errata
Assigned To: Dirk Wiesenthal
Felix Botner
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-02-27 17:34 CET by Dirk Wiesenthal
Modified: 2017-03-01 15:23 CET (History)
0 users

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?: 1: Will affect a very few installed domains
How will those affected feel about the bug?: 3: A User would likely not purchase the product
User Pain: 0.086
Enterprise Customer affected?:
School Customer affected?:
ISV affected?: Yes
Waiting Support:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Dirk Wiesenthal univentionstaff 2017-02-27 17:34:10 CET
ModProxy=True
WebInterfacePortHTTP=0
WebInterfacePortHTTPS=80
WebInterfaceScheme=http

Expected:
HTTP is disabled, HTTPS is enabled, using the container's port 80!
=>
ModProxy adds an entry from host's 400xx -> container's 80 in apache2/ssl BUT NOT IN apache2/default.
App Center links to HTTPS link, regardless of UMC used with HTTP or HTTPS.
ucs-overview links to HTTPS link, even when visited with HTTP.

Actually:
ModProxy adds an entry in apache2/ssl BUT NOT IN apache2/default.
App Center links to HTTPS link, regardless of UMC used with HTTP or HTTPS.
*** ucs-overview links to HTTP link when visited with HTTP ***
Comment 1 Dirk Wiesenthal univentionstaff 2017-02-27 17:34:32 CET
Add a test case
Comment 2 Dirk Wiesenthal univentionstaff 2017-02-28 13:43:56 CET
Fixed in
  univention-appcenter (5.0.23-62)
tested in
  ucs-test (6.0.37-57)
Comment 3 Felix Botner univentionstaff 2017-02-28 17:57:02 CET
OK - WebInterfacePortHTTP=0 disables http and http overview link goes to https
OK - WebInterfacePortHTTP=80 WebInterfacePortHTTPS=443 still works
OK - /80_docker/55_app_modproxy

OK - univention-appcenter merged to 4.2
OK - ucs-test merged to 4.2
OK - univention-appcenter.yaml
Comment 4 Felix Botner univentionstaff 2017-03-01 11:05:36 CET
http://jenkins.knut.univention.de:8080/job/UCS-4.1/job/UCS-4.1-4/job/AutotestJoin/SambaVersion=s3,Systemrolle=master/lastCompletedBuild/testReport/80_docker/74_app_ports_webinterface/test/

fails

and this looks all strange

with
  WebInterfacePortHTTP=8080
  WebInterfacePortHTTPS=8443
  AutoModProxy=True
i get 
  ucs/web/overview/entries/service/True/port_http=80
  ucs/web/overview/entries/service/True/port_https=443
why, shouldn't that be 8080 and 8443 (as defined in WebInterfacePortHTTP(s))?

and the tests fails because it wants the ucr vars to be empty in this case, why? What has AutoModProxy to do with the ports in the overview?

I don't understand the behavior now but i also do not understand the behavior prior this change


Before
if app.auto_mod_proxy:
 port_http = port_https = None

Now
if app.auto_mod_proxy:
  port_http = 80
  port_https = 443
  if app.web_interface_port_http == 0:
    port_http = None
  if app.web_interface_port_https == 0:
    port_https = None app.auto_mod_proxy:
Comment 5 Dirk Wiesenthal univentionstaff 2017-03-01 12:33:56 CET
I have adjusted the test case. Now the ports are not empty, but instead 80 and 443.

The part I changed for this Bug is just for ucs-overview variables. Everything else worked fine.

The variables were set empty before, because 80 and 443 are the correct ports in case of mod_proxy == True. mod_proxy handles the ports and allows using the standard ports. If a container has its web interface running on 8080, but wants to use mod_proxy, we take care of pointing to the right port when accessing via the standard ports.

This Bug was that the UCRVs regarding the port in ucs-overview were always empty. This makes ucs-overview think that it is okay to present a HTTP link. If we disable HTTP by WebInterfacePortHTTP=0, the link is still generated.

After the fix, only ucs/web/.../port_https=443 is set. This makes ucs-overview think that it should only present a HTTPS link even on its HTTP-page. This is intended.
Comment 6 Felix Botner univentionstaff 2017-03-01 13:09:15 CET
(In reply to Dirk Wiesenthal from comment #5)
> I have adjusted the test case. Now the ports are not empty, but instead 80
> and 443.
> 
> The part I changed for this Bug is just for ucs-overview variables.
> Everything else worked fine.
> 
> The variables were set empty before, because 80 and 443 are the correct
> ports in case of mod_proxy == True. mod_proxy handles the ports and allows
> using the standard ports. If a container has its web interface running on
> 8080, but wants to use mod_proxy, we take care of pointing to the right port
> when accessing via the standard ports.
> 
> This Bug was that the UCRVs regarding the port in ucs-overview were always
> empty. This makes ucs-overview think that it is okay to present a HTTP link.
> If we disable HTTP by WebInterfacePortHTTP=0, the link is still generated.
> 
> After the fix, only ucs/web/.../port_https=443 is set. This makes
> ucs-overview think that it should only present a HTTPS link even on its
> HTTP-page. This is intended.

OK, test works now and the change does the right thing.
OK - YAML
Comment 7 Janek Walkenhorst univentionstaff 2017-03-01 15:23:14 CET
<http://errata.software-univention.de/ucs/4.1/406.html>