Bug 51604 – UDM REST-API not accessible in UCS 5.0 due to apache2 behavior change

Bug 51604 - UDM REST-API not accessible in UCS 5.0 due to apache2 behavior change


Summary:	UDM REST-API not accessible in UCS 5.0 due to apache2 behavior change

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	UDM - REST API
Version:	UCS 5.0
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 5.0
Assigned To:	Florian Best
QA Contact:	Jürn Brodersen

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2020-07-03 00:30 CEST by Florian Best
Modified:	2021-05-25 15:58 CEST (History)
CC List:	2 users (show)

See Also:	51521
What kind of report is it?:	Development Internal
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
UCS 4 (loglevel trace8) (12.41 KB, text/plain) 2020-07-03 00:31 CEST, Florian Best	Details
UCS 5 (loglevel trace8) (13.74 KB, text/plain) 2020-07-03 00:32 CEST, Florian Best	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Florian Best

2020-07-03 00:30:31 CEST

The UDM REST-API is not accessible in UCS 5.0 due to an apache2 behavior change:

/etc/apache2/sites-enabled/univention.conf
> Include /etc/apache2/sites-available/univention-proxy.conf
> <LocationMatch "^/(univention|univention-management-console)/(.*)$">
>         ProxyPassMatch http://127.0.0.1:8090/$2 retry=0 timeout=311
→ forwards request for /univention/ to the UMC-Webserver

/etc/apache2/sites-enabled/univention-udm.conf
> ProxyPass /univention/udm/ http://127.0.0.1:9979/udm/ retry=0
→ forwards requests for /univention/udm/ to the UDM REST API Server.

The order (univention.conf first, then univention-udm.conf) seem not being important in the old behavior. But changing the order doesn't yet fix the behavior. Putting the ProxyPass into a LocationMatch doesn't fix it either.

Comment 1 Florian Best

2020-07-03 00:31:54 CEST

Created attachment 10412 [details]
UCS 4 (loglevel trace8)

Comment 2 Florian Best

2020-07-03 00:32:12 CEST

Created attachment 10413 [details]
UCS 5 (loglevel trace8)

Comment 3 Florian Best

2020-07-03 00:34:55 CEST

When comparing both logfiles, one sees that the request to /univention/udm/ is answered by the UMC-Webserver.

Missing in UCS 5 is the block:
  [proxy:trace2] [pid] mod_proxy.c: [client ::1:34426] AH03461: attempting to match URI path '/univention/udm/users/' against pattern '^/(univention|univention-management-console)/(.*)$' for proxying
  [proxy:trace1] [pid] mod_proxy.c: [client ::1:34426] AH03464: URI path '/univention/udm/users/' matches proxy handler 'proxy:http://127.0.0.1:8090/udm/users/'
  [proxy:trace2] [pid] mod_proxy.c: [client ::1:34426] AH03461: attempting to match URI path '/univention/udm/users/' against prefix '/univention/udm/' for proxying
  [proxy:trace1] [pid] mod_proxy.c: [client ::1:34426] AH03464: URI path '/univention/udm/users/' matches proxy handler 'proxy:http://127.0.0.1:9979/udm/users/'
  [proxy:trace2] [pid] mod_proxy.c: [client ::1:34426] AH03461: attempting to match URI path '/univention/udm/users/' against pattern '^/univention/js(/|_.*)' for proxying
  [proxy:trace2] [pid] mod_proxy.c: [client ::1:34426] AH03461: attempting to match URI path '/univention/udm/users/' against pattern '/univention/management/modules/' for proxying
  [proxy:trace2] [pid] mod_proxy.c: [client ::1:34426] AH03461: attempting to match URI path '/univention/udm/users/' against prefix '/univention/portal/portal.json' for proxying

Comment 4 Florian Best

2020-07-06 13:26:23 CEST

Some requests are also forwarded to the proxy while they shouldn't:


(In reply to Florian Best from Bug #51521 comment #1)
> The apache rules should ignore /js/ but this seems not the case anymore?!:
> 
> 27.06.20 22:44:05.984  MAIN        ( ERROR   ) : Traceback (most recent call
> last):
>   File "/usr/lib/python3/dist-packages/cherrypy/_cprequest.py", line 670, in
> respond
>     response.body = self.handler()
>   File "/usr/lib/python3/dist-packages/cherrypy/lib/encoding.py", line 220,
> in __call__
>     self.body = self.oldhandler(*args, **kwargs)
>   File "/usr/lib/python3/dist-packages/cherrypy/_cperror.py", line 415, in
> __call__
>     raise self
> cherrypy._cperror.NotFound: (404, "The path
> '/js/dijit/themes/umc/icons/scalable/apps-testapp_htntdqqnyl.svg' was not
> found.")

Comment 5 Florian Best

2020-12-01 18:31:12 CET

Fixed in:

univention-saml (7.0.0-2)
48a6a790d8df | Bug #51604 UMC: unify apache2 conffiles

univention-management-console (12.0.0-8)
0e382b6d7440 | Bug #51604 UMC: WORKAROUND for not being able to UnsetEnv in univention-udm.conf
48a6a790d8df | Bug #51604 UMC: unify apache2 conffiles
aa92db64758b | Bug #51604 UMC: remove obsolete apache2 rewrite rules
68a4df2d2bf2 | Bug #51604 UMC: Fix accessing UDM REST API by defining ProxyPass in VirtualHost context

univention-management-console (12.0.0-13)
c2aeb117957a | Bug #51604 UMC: fix proxying other components under /univention/
314da4eb2a9b | Bug #51604 UMC: fix no-proxying of e.g. /univention/js/

univention-directory-manager-rest (10.0.0-1)
0e382b6d7440 | Bug #51604 UMC: WORKAROUND for not being able to UnsetEnv in univention-udm.conf

Comment 6 Jürn Brodersen

2021-01-12 11:40:04 CET

What I tested:
jenkins -> OK
api -> OK
umc works -> OK
changelog -> OK

Comment 7 Florian Best

2021-05-25 15:58:39 CEST

UCS 5.0 has been released:
 https://docs.software-univention.de/release-notes-5.0-0-en.html
 https://docs.software-univention.de/release-notes-5.0-0-de.html

If this error occurs again, please use "Clone This Bug".