These are chat archives for allegro/ralph

4th
Oct 2016
Pete
@kasim1r
Oct 04 2016 08:42
I successfully have ralph behind the nginx now, but against first impression, the URLs are not correct
I get http URLs instead of https, can I configure that somewhere? Like "the ralph base URL"?
damian1976
@damian1976
Oct 04 2016 08:45
Did you configure server section in nginx configuration for port 80 to redirect to https as described above?
Pete
@kasim1r
Oct 04 2016 08:46
>
upstream ralph-server {
server localhost:8000;
}
server {
listen 443;
server_name ralph.private.domain;
include /etc/nginx/private.ssl.conf;
include /etc/nginx/reverseproxy.conf;
access_log /var/log/nginx/ralph.access.log;
error_log /var/log/nginx/ralph.error.log;
location / {
proxy_pass http://ralph-server/;
proxy_set_header Host $host;
proxy_pass_header Server;
proxy_buffering off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_http_version 1.1;
}
}
Mateusz Kurek
@mkurek
Oct 04 2016 08:48
@kasim1r try to put SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') into your settings
Pete
@kasim1r
Oct 04 2016 08:49
as an export variable?
similar to export DJANGO_SETTINGS_MODULE=ralph.settings.local_settings ?
or in nginx
Mateusz Kurek
@mkurek
Oct 04 2016 08:51
no - to local_settings.py
Pete
@kasim1r
Oct 04 2016 08:52
ok
no, didn't have an effect
easisest example is, when you browse to the root URL, https://ralph.private.domain/ it wants to redirect to /login/?next=/, and that is again an http URL
or add this section BEFORE existing server section http://dpaste.com/3GBR4Q0
Pete
@kasim1r
Oct 04 2016 08:58
that did the trick
thx
cannot redirect from 80 to 443, port 80 not allowed :)
but the both proxy header options in nginx did it!
This message was deleted
damian1976
@damian1976
Oct 04 2016 09:00
probably you have also apache running .check it. if so, stop it
Pete
@kasim1r
Oct 04 2016 09:01
nah, no apache here.
damian1976
@damian1976
Oct 04 2016 09:03
netstat -anp | grep 80
Pete
@kasim1r
Oct 04 2016 09:04
you misunderstood me, probably. it makes no sense for me to redirect from 80 to 443, becuase in that network segment, port 80 is firewalled
like it should be in all good environments where credentials are transmitted :)
runs
damian1976
@damian1976
Oct 04 2016 09:23
ok but when you type ralph address in the browser it tries to go http:// by default, so something should redrects you to 443 (https)
Pete
@kasim1r
Oct 04 2016 09:24
that went away after i did the nginx settings you mentioned (linuxfaq)
which in my understanding means that nginx needs to tell the next instance (=ralph) that "hey, we're using ssl here"
so that ralph can return the correct URLs
so now, when i go to https://ralph.private.domain/, it correctly redirects me to https://ralph.private.domain/login/?next=/
and also the API URLs are correct
damian1976
@damian1976
Oct 04 2016 09:29
ok
the message you had "cannot redirect from 80 to 443, port 80 not allowed" when starting nginx is because you started django also on port 80 (DJANGO_SETTINGS_MODULE=ralph.settings.local ralph runserver)
what I do (guys correct me if I'm wrong) is that I start django/ralph on 8000. then in nginx in "server 80" section redirect to 443 , and in "server 443" section "capture" 8000 port by
location / {
                proxy_pass http://address:8000;
        }
damian1976
@damian1976
Oct 04 2016 09:34
so both 80 and 8000 calls are redirected to 443
Pete
@kasim1r
Oct 04 2016 09:35
that's not a message from nginx, it was just what I told you
damian1976
@damian1976
Oct 04 2016 09:35
ok
Pete
@kasim1r
Oct 04 2016 09:36
because the target machine's port 80 is not reachable, it wouldn't make sense to redirect 80 to 443
Pete
@kasim1r
Oct 04 2016 11:31
how can I populate the business_ownersand technical owners fields?
(in a virtual server)
Pete
@kasim1r
Oct 04 2016 11:37
setting them via PATCH method doesn't change them
but also doesn't return an error
curl -k -H "Content-Type: application/json" -H "Authorization: Token f38a12d6b0dd3457b8c464789c90fad6fa5adfd0" -XPATCH "https://ralph.private.domain/api/virtual-servers/76/" -d '{"business_owners": "RonL"}'
Mateusz Kurek
@mkurek
Oct 04 2016 11:59
this field is ignored in patch/put/post - it's taken from service owenrs
*owners
in other words, read serialization is different than write serialization
Pete
@kasim1r
Oct 04 2016 15:15
would you mind posting a dump of your (working) LDAP settings?