It's easy to use the "RequestHeader append Proxy-Authorization" to create a forward proxy with no authentication that bounce over a password protected one.
But this header is not append to CONNECT requests...
I'm aware of the patch suggested at https://issues.apache.org/bugzilla/show_bug.cgi?id=37355, but it does not seems to be integrated in the trunk/release branch
Is there another way to configure the remote proxy authorization credentials (and could be used in CONNECT transactions) ?
I ported the patch from the 2005 mailing list message to the apache 2.2.X branch (last 2.2) and successfully test it.
Usage :
ProxyRemote * http://[user]:[pswd]#host:port/
(replace also the need of RequestHeader)
https://gist.github.com/131/2a5ffedc2acf61061cf39e966def2ff2
Related
I have a freshly installed fusionpbx server on the cloud and I created a few extensions and I registered my gateway which in this case is flowroute. I created the outbound routes and everything looked OK besides the incoming calls which are not working.
In the access control I added all IP addresses that flowroute has on their website. I made sure to add :5080 but it still doesn't work.
I made sure flowroute is sending it to :5080. I added all IP adresses in the ACL list. And if I use "sngrep" it doesn't even show any incoming calls. And when I check in flowroute it says "Unavailable - No trunk or registration 604".
I can't find a way to figure out where is the host name configuration provided for the SPA application to connect to.
The command passed into the application from ASP.NET Core server while running the SPA is
ng serve --port 44472 --ssl --ssl-cert %APPDATA%\ASP.NET\https\%npm_package_name%.pem --ssl-key %APPDATA%\ASP.NET\https\%npm_package_name%.key
And I could not find any of the above strings localhost:7219, or 5219, or 7219 in the ClientApp / ClientApp/src folder (7219 and 5219 are the server ports and 44472 is the client npm port).
Do the server URLs passed from launchSettings.json asp project directly?
If so, if there a way to configure the server URLs directly from ClientApp if the client application is run from a different host, other than localhost (any where the settings (are | should be) stored)?
I can see the #Injected service everywhere but where does it store the settings is unclear (for how to configure this injected BASE_URL?):
constructor(http: HttpClient, #Inject('BASE_URL') baseUrl: string) {
http.get<WeatherForecast[]>(baseUrl + 'weatherforecast').subscribe((result : any) => {
this.forecasts = result;
}, (error : any) => console.error(error));
}
The derived question is: should by default the client Bearer authorization also work for a remote host?
The remote host for example is github pages. How to properly set the remote host configuration within client application for a particular webpack deployment with angular-cli-ghpages if the CORS hosts are configured within Program.cs? Should the client configuration for a remote host (apart from localhost) or server CORS configuration, include additional "Bearer-Cors" configuration (as for the certificate npm start script mentioned in the question above – should it be just skipped without any parameters passed in it)?
Are there any comprehensive guidelines on this subject?
Half of the answer to this question is that the template uses proxy config, which is described here https://angular.io/guide/build#proxying-to-a-backend-server and stores the configuration in proxy.conf.js within ClientApp folder. I will try to extend my answer with any found information in the future.
Update: The second part of the answer is to add the Cookie.SameSite = SameSiteMode.None; cookie authorization configuration in Startup.cs / Program.cs. Take a look at the solution: https://stackoverflow.com/a/75239406/6897369
By following many docs/tutorials I implemented SSL with Kernel and reverse proxy in my SF.
I made it work but the access point Url is as follow : https://mycluster.westeurope.cloudapp.azure.com:19081
before I implemented https, I had a CNAME mycustomdomain.com redirecting to mycluster.westeurope.cloudapp.azure.com which was working fine.
So now, I would like to know if there's a way to call http://mycustomdomain.com
and access the actual Uri. Is there a way with what I already have in place through probes/lbrules for example? Or do I have to implement an Application Gateway or use API management or something else?
Edit : LBRules+Probes
AppPortProbe : 44338 (backend ssl port in the SF)
FabricGatewayProbe : 19000
FabricHttpGatewayProbe : 19080
SFReverseProxyProbe : 19081
[Rule : Probe]
[AppPortLBRule (TCP/80 to TCP/19081) : 19081]
[LBHttpRule (TCP/19080) : 19080]
[LBRule (TCP/19000) : 19000]
[LBSFReverseProxyRule (TCP/19081 to TCP/44338) : 44338]
You question is too broad, there are too many questions that might bring many answers, I will try to answer with a few options:
In your scenario, to access the same url you should use https://mycustomdomain.com:19081 instead.
The problem here is, when you setup the cluster, the certificate used by the cluster is valid only for the domain 'mycluster.westeurope.cloudapp.azure.com' in your case your domain is not valid in the certificate used by SF and it will fail once you make any request to it.
You can skip certificate validation errors on your browser and continue. In your applications you could do the same, the problem is that is not a friendly way doing it.
To be able to use the domain without any conflicts, you have to register your own certificate created for the domain you own.
Because you are using reverse proxy, you also have to define the certificate in the cluster configuration, look for: reverseProxyCertificate in this link
For deploying applications using SSL will happen something similar, but in your application you can define the certificate you want to use on startup, in the cluster you have to define it in the cluster configuration.
You can find more information here:
Manage service fabric cluster security certificates
If the problem is the port, you have two options:
Create a 'Port forwarding' rule in the load balancer, to forward any
request in the port 80 to port 19081. You can find here how to do that with powershell.
Update the cluster/service configuration to listen in the port
80 instead of 19081. check it here
go to godaddy or whichever domain provider you use and add a transfert to your your azure domain : https://mycluster.westeurope.cloudapp.azure.com
Consider the following setup for a deployed Grails application.
the Grails application is deployed on a Tomcat server (tomcat7)
in front of Tomcat an Apache webserver is deployed
Apache does SSL offloading, and acts as a proxy for Tomcat
So far a quite standard setup, which I have used succesfully many times. My issue is now with the links generated by the Grails application, especially those for the redirects (the standard controller redirects, which occur all the time e.g. after succesfully posting a form).
One configuration is different from all the other applications so far: in this Grails application no serverURL is configured. The application is a multi-tenant application, where each tenant is given it's own subdomain. (So if the application in general is running under https://www.example.com, a tenant can use https://tenant.example.com.) Subdomains are set automagically, that is without any configuration at DNS or Apache level. Grails can do so perfectly, by leaving out the serverURL property in Config.groovy: it then resolves all url's by inspecting the client host.
However: when generating redirect-url's, Grails is not aware the website is running under https. All redirect url's start with http... I guess this is no surprise, because nowhere in the application it is configured we are using https: there is no serverURL config, and technically the application is running on the standard http port of Tomcat, because of the SSL offloading and proxying by Apache.
So, bottom line: what can I do to make Grails generate proper redirects?
I have tried to extend the DefaultLinkGenerator and override the makeServerURL() method. Like this:
class MyLinkGenerator extends DefaultLinkGenerator {
MyLinkGenerator(String serverBaseURL, String contextPath) {
super(serverBaseURL, contextPath)
}
MyLinkGenerator(String serverBaseURL) {
super(serverBaseURL)
}
def grailsApplication
/**
* #return serverURL adapted to deployed scheme
*/
String makeServerURL() {
// get configured protocol
def scheme = grailsApplication.config.grails.twt.baseProtocol ?: 'https://'
println "Application running under protocol $scheme"
// get url from super
String surl = super.makeServerURL()
println "> super.makeServerURL(): $surl"
if (surl) {
// if super url not matching scheme, change scheme
if (scheme=='https://' && surl?.startsWith('http://')) {
surl = scheme + surl?.substring(7)
println "> re-written: $surl"
}
}
return surl
}
}
(Maybe not the most beautiful code, but I hope it explains what I'd like to do. And I left out the bit about configuring this class in resources.groovy.)
When running this code strange things happen:
In the log you see the code being executed, and a changed url (http > https) being produced, but...
The redirect sent to the browser is the unchanged url (http)
And even worse: all the resources in the generated views are crippled: they now all start with // (so what should be a relative "/css/myapp.css" is now "//css/myapp.css")
Any help or insight would be appreciated!
Grails version is 2.1.1 by the way (running a bit behind on upgrades...).
It seems you're always talking https to the outside world, so your cleanest option is to solve the problem where it originates, at your Apache webserver. Add to httpd.conf Header edit Location ^http://(.*)$ https://$1, and you're done.
If you have limitations that force you to solve this in your application you could do the rewrite of the Location header field in a Grails after interceptor. Details of that solution are in this post.
Some years have past since this question was written, but problems remain the same or at least similar ;-)
Just in case anyone hits the same/similar issue (that Grails redirect-URLs are http instead of https) ... We had this issue with a Grails 3.3.9 application running on OpenShift. The application was running in HTTP mode (on Port 8080) and the OpenShift Loadbalancer was doing the SSL-Termination.
We solved it by putting
server:
use-forward-headers: true
into our application.yml. After that Grails works perfect and all the redirects created were correct with https://.
Hint: We have do not use grails.serverURL in our configuration
I am using Apache Jackrabbit Webdav library for svn checkin operation.
I am using MAKActivity method to start the transaction.
But I dont know how to add commit message. Following is the code
RandomStringGenerator rsg = new RandomStringGenerator(32);
String random = rsg.nextString();
String url = getRepoAddress() + "!svn/act/" + random;
MkActivityMethod activityMethod = null;
try
{
activityMethod = new MkActivityMethod(url);
client.executeMethod(activityMethod);
}
catch(Exception e)
{
e.printStackTrace();
}
This code executes successfully but I dont unserstand how to write log message in this.
Any help will be appreciable.
First of all I'd suggest that you not reinvent the wheel that's already been done twice now and instead using a library that knows Subversion's DAV based protocol. Note that while Subversion is mostly WebDAV and DeltaV compatible, it does have non-standard extensions.
To that end I'd point you to JavaHL or SVNKit. JavaHL comes with Subversion and uses JNI to access the Subversion libraries. SVNKit is an independent Java only implementation and includes a couple different interfaces, including one that is JavaHL compatible. If the use of the native libraries by JavaHL doesn't present a problem for you I'd recommend this since you'll have the benefit of using the same libraries as nearly every Subversion client.
If however your goal is to understand how Subversion implements the protocol on top of WebDAV and DeltaV then perhaps you want to just use a generic WebDAV and DeltaV client library to help. I'd recommend that you refer to these documents that describe how WebDAV and DeltaV are implemented within Subversion.
One thing you might want to understand is that as of Subversion 1.7 we support what we refer to as HTTPv2. HTTPv2 varies somewhat from the DeltaV standard in particular. Instead of using MKACTIVITY to start a transaction on the server we use a POST. Which has a body with a syntax something like this:
(create-txn)
or
( create-txn-with-props (PROPNAME PROPVAL [PROPNAME PROPVAL ...])
The older style which you must use with MKACTIVITY (and can use with the POST if you use create-txn instead of create-txn-with-props) is to use a PROPPATCH on the transaction or the working baseline URL.
The working baseline URL is used with MKACTIVITY and the transaction URL is used with the POST.
When using MKACTIVITY you have to use a PROPFIND on the root URL to get the version-controlled-configuration. Then do a CHECKOUT against the URL you received in response to that PROPFIND providing the activity-set href as the URL you used with MKACTIVITY. You'll get the working baseline URL back as the Location header from the CHECKOUT request. Which you can then use to issue a PROPPATCH to apply the revision properties.
When using POST, you get the transaction stub from the headers in the OPTIONS request response, the transaction name from the SVN-Txn-Name header in the response to the POST, and execute a PROPPATCH against the $transaction_stub/$transaction_name URL.
Probably the best ways to figure all this out is to setup a Subversion server and do some commits while running Subversion through a debugging proxy server such as Charles. You can force the traffic through the proxy on the svn command line with these options --config-option servers:global:http-proxy-port=8888 --config-option servers:global:http-proxy-host=127.0.0.1. If you want to see the old protocol you can include SVNAdvertiseV2Protocol off in your http configuration.
In order to support the broadest range of Subversion servers you need to implement the HTTPv1 protocol, which has more round trips and is more difficult to implement. If you want to only implement HTTPv2 you'll be limited to supporting Subversion servers newer than 1.7. In order to use HTTPv2 with maximum compatibility you'll have to detect the presence from the OPTIONS response.
As you can see it gets rather complicated so it's really not worth trying to write your own client if all you want to do is implement some basic functionality.
So you are trying to do a SVN commit using WebDAV via the SVNAutoversioning on directive?
http://svnbook.red-bean.com/en/1.7/svn.webdav.autoversioning.html
AFAIK, the spec does not allow you to provide a commit message and the server will always create one for you. Perhaps you want to look at the SVNKit library if you are trying to create SVN transactions via Java.
http://svnkit.com