Changeset 32432


Ignore:
Timestamp:
2018-09-07T19:39:40+12:00 (6 years ago)
Author:
ak19
Message:
  1. Since there's a chance that 127.0.0.1 isn't always the loopback address or may not always work, we allow this to be specified by the new property localhost.server.http in build.properties. Updating recently commited code that is affected by this and where I had been hardcoding 127.0.0.1. 2. Fixing up the port and now the server host name used by the solr extension: these should be the correct property names, which are localhost.port.http and the new localhost.server.http instead of tomcat.server and the default port for the default protocol, since all GS3 internal communications with solr are done through the local HTTP url, whatever the public URL (with default protocol, matching port and server name) might be. I also updated the get-solr-servlet-url target in build.xml to use the local http base URL (see point 3), so that solr building will work correctly. 3. build.xml now has 2 new targets, one to get the local http base URL and one to get the local http default servlet URL. Both also use the new localhost.server.http property, besides the recently introduced localhost.port.http property. 4. Now the default behaviour of util.pm::get_full_greenstone_url_prefix() is to call the new get-local-http-servlet-url ant target, since only activate.pl's servercontrol.pm helper module uses it. If you want util.pm::get_full_greenstone_url_prefix() to return the non-local (public) servlet URL, pass in 1 (true) for the new 3rd parameter. The important decision here is that activate will use the internal (i.e. local http) greenstone servlet URL to issue pinging and (de)activating commands, since localhost (specifically 127.0.0.1) over http is now always available and because a domain named server over https will create complications to do with certification checks by wget, when wget gets run by activate.pl. Alternatively, activate.pl/servercontrol.pm could run wget with the no-cert-checking flag or we could make wget check the GS3 https certificate if one exists. But all that is convoluted and unnecessary: we've so far always worked with http, and usually with localhost over the httpport, and activate.pl so far has worked well with this, so have some confidence that using the local http URL internally should still work, even if the default GS3 URL has been set up to be a public (https) URL.
Files:
9 edited

Legend:

Unmodified
Added
Removed

  • gs3-extensions/solr/trunk/src/gs3-setup.bat

    r31755 r32432  
    1212:: sets the SOLR_PORT and SOLR_HOST to the values of tomcat.port and tomcat.host properties
    1313
    14 set SOLR_PORT=8983
    15 set SOLR_HOST=localhost
     14set SOLR_PORT=8383
     15set SOLR_HOST=127.0.0.1
    1616
    1717setlocal enabledelayedexpansion
    1818set FOUNDPROPS=
     19:: The Solr servlet should only be locally accessible, thus restricting the protocol to http as
     20:: https certificates can't be issued for localhost/127.0.0.1 (https://letsencrypt.org/docs/certificates-for-localhost/)
     21:: This means we use the properties localhost.server.http (defaults to 127.0.0.1) and localhost.port.http
     22:: to construct the solr servlet url, rather than properties tomcat.server and tomcat.port.https
    1923:: Loosely based on
    2024:: http://stackoverflow.com/questions/7708681/how-to-read-from-a-properties-file-using-batch-script
     
    2428:: for alternative suggestions useful in other instances
    2529FOR /F "usebackq tokens=1,2 delims==" %%G IN ("%GSDL3SRCHOME%\build.properties") DO (
    26     if "%%G"=="tomcat.server" set SOLR_HOST=%%H& set FOUNDPROPS=!FOUNDPROPS!found
    27     if "%%G"=="tomcat.port" set SOLR_PORT=%%H& set FOUNDPROPS=!FOUNDPROPS!found
     30    if "%%G"=="localhost.server.http" set SOLR_HOST=%%H& set FOUNDPROPS=!FOUNDPROPS!found
     31    if "%%G"=="localhost.port.http" set SOLR_PORT=%%H& set FOUNDPROPS=!FOUNDPROPS!found
    2832    :: break out of the loop as soon as both properties are found
    2933    if "!FOUNDPROPS!" == "foundfound" goto foundall

  • gs3-extensions/solr/trunk/src/gs3-setup.sh

    r31138 r32432  
    1515# The following sets the field separator IFS to the = sign, then reads the file line by
    1616# line, setting propname and propval (which are fields separated by '=') for each line read
    17 SOLR_PORT=8983
    18 SOLR_HOST=localhost
     17SOLR_PORT=8383
     18SOLR_HOST=127.0.0.1
    1919file=$GSDL3SRCHOME/build.properties
     20# The Solr servlet should only be locally accessible, thus restricting the protocol to http as
     21# https certificates can't be issued for localhost/127.0.0.1 (https://letsencrypt.org/docs/certificates-for-localhost/)
     22# This means we use the properties localhost.server.http (defaults to 127.0.0.1) and localhost.port.http
     23# to construct the solr servlet url, rather than properties tomcat.server and tomcat.port.https
    2024while IFS== read propname propval; do
    21     if [ "x$propname" = "xtomcat.server" ] ; then
     25    if [ "x$propname" = "xlocalhost.server.http" ] ; then
    2226    SOLR_HOST=$propval
    2327    fi
    24     if [ "x$propname" = "xtomcat.port" ] ; then
     28    if [ "x$propname" = "xlocalhost.port.http" ] ; then
    2529    SOLR_PORT=$propval
    2630    fi         

  • main/trunk/greenstone2/perllib/servercontrol.pm

    r32166 r32432  
    385385    # For GS2, we derive the URL from the llssite.cfg file.
    386386
    387     my $url = &util::get_full_greenstone_url_prefix($gs_mode, $lib_name); # found largely identical method copied
    388             # into util. Don't want duplicates, so calling that from here.
    389    
    390     # either the url is still undef or it is now set
     387    # note that unless we pass in $get_public_url=1, we now get the local http URL
     388    # by default (e.g. http://127.0.0.1:httpPort/greenstone/library)
     389    my $url = &util::get_full_greenstone_url_prefix($gs_mode, $lib_name); # found largely identical method copied
     390        # into util.pm. Don't want duplicates, so calling that from here.
     391   
     392    # either the url is still undef or it is now set
    391393    #print STDERR "\n@@@@@ final URL:|$url|\n" if $url;     
    392394    #print STDERR "\n@@@@@ URL still undef\n" if !$url;

  • main/trunk/greenstone2/perllib/util.pm

    r32345 r32432  
    12921292#
    12931293# Designed to work with a server included with GS.
    1294 #  - For GS3, we ask ant for the library URL.
    12951294#  - For GS2, we derive the URL from the llssite.cfg file.
     1295#  - For GS3, we ask ant for the library URL. For GS3, we get the local *http* URL
     1296# by default, something like http://127.0.0.1:<httpPort>/greenstone3/library).
     1297# Pass in $get_public_url=1 to get something like
     1298# <default.protocol>://<tomcat.server>:<default.port>/greenstone/library
    12961299
    12971300sub get_full_greenstone_url_prefix
    12981301{   
    1299     my ($gs_mode, $lib_name) = @_;
     1302    my ($gs_mode, $lib_name, $get_public_url) = @_;
    13001303   
    13011304    # if already set on a previous occasion, just return that
     
    13711374    # app.name is stored in app.path by build.xml. Need to move app.name in build.properties from build.xml
    13721375   
    1373     # Or, run the new target get-default-servlet-url
     1376    # Or, run the new target get-local-http-servlet-url / get-default-servlet-url
    13741377    # the output can look like:
    13751378    #
     
    13851388    # - see http://stackoverflow.com/questions/799968/whats-the-difference-between-perls-backticks-system-and-exec
    13861389   
    1387     # The get-default-servlet-url ant target can be run from anywhere by specifying the
     1390    # The get-local-http-servlet-url (or get-default-servlet-url) ant target can be run from anywhere by specifying the
    13881391    # location of GS3's ant build.xml buildfile. Activate.pl can be run from anywhere for GS3
    13891392    # GSDL3SRCHOME will be set for GS3 by gs3-setup.sh, a step that would have been necessary
    13901393    # to run the activate.pl script in the first place
    13911394   
     1395    # The default is to get-local-http-servlet-url (of the form http://127.0.0.1:<httpPort>/greentone3/library)
    13921396    my $full_build_xml = &FileUtils::javaFilenameConcatenate($ENV{'GSDL3SRCHOME'},"build.xml");
    13931397
    1394     my $perl_command = "ant -buildfile \"$full_build_xml\" get-default-servlet-url";
     1398    my $perl_command = $get_public_url ? "get-default-servlet-url" : "get-local-http-servlet-url";
     1399    $perl_command = "ant -buildfile \"$full_build_xml\" $perl_command";
    13951400   
    13961401    if (open(PIN, "$perl_command |")) {

  • main/trunk/greenstone3/build.properties.svn

    r32429 r32432  
    3636# (on the hostname denoted by tomcat.server at the port number denoted by localhost.port.http)
    3737localhost.port.http=8383
     38
     39# The local server host address. Since 127.0.0.1 is safer than localhost,
     40# leave this property as-is unless your local loopback address is not 127.0.0.1.
     41# See also https://letsencrypt.org/docs/certificates-for-localhost/
     42localhost.server.http=127.0.0.1
    3843
    3944# Tomcat's shutdown port - this may need to be changed if you are running two or more Tomcats

  • main/trunk/greenstone3/build.xml

    r32429 r32432  
    258258    But 'localhost' (or actually, 127.0.0.1) needed for solr: solr servlet not accessible to outside world
    259259    -->
    260     <property name="local.http.url" value="http://127.0.0.1:${localhost.port.http}"/>
     260    <condition property="local.http.url" value="http://${localhost.server.http}" else="http://${localhost.server.http}:${localhost.port.http}">
     261      <equals arg1="${localhost.port.http}" arg2="80" trim="true"/>
     262    </condition>
    261263
    262264    <!-- On linux, if testing https certification, pass in minus-minus-staging. If not testing on linux, nothing extra to pass in.
     
    10381040  </target>
    10391041
     1042  <!-- returns the base local URL, something like HTTP://127.0.0.1:<HTTPport>
     1043       or some sane equivalent for 127.0.0.1 -->
     1044  <target name="get-local-base-http-url">
     1045    <echo>${local.http.url}</echo>
     1046  </target>
     1047  <!-- Returns something like HTTP://127.0.0.1:<HTTPport>/greenstone3/library -->
     1048  <target name="get-local-http-servlet-url">
     1049    <echo>${local.http.url}${app.path}${server.default.servlet}</echo>
     1050  </target>
     1051
    10401052  <!-- solr should only be accessible locally, which therefore also means only over http.
    1041   But for http,  use 127.0.0.1 instead of localhost (as localhost can be mapped to something other than 127.0.0.1
    1042   and is therefore not safe). See https://letsencrypt.org/docs/certificates-for-localhost/ -->
     1053  Note that for http, 127.0.0.1 is safer than localhost (as localhost can be mapped to something
     1054  other than 127.0.0.1). See also https://letsencrypt.org/docs/certificates-for-localhost/ -->
    10431055  <target name="get-solr-servlet-url">
    10441056    <!--<echo>${default.server.protocol}://${tomcat.server}:${default.tomcat.port}/${solr.context}</echo>-->
    1045     <echo>http://127.0.0.1:${localhost.port.http}/${solr.context}</echo>
     1057    <echo>${local.http.url}/${solr.context}</echo>
    10461058  </target>
    10471059
     
    15441556    <filter token="tomcat.server" value="${tomcat.server}"/>
    15451557    <filter token="default.tomcat.port" value="${default.tomcat.port}"/>
     1558    <filter token="localhost.server.http" value="${localhost.server.http}"/>
    15461559    <filter token="localhost.port.http" value="${localhost.port.http}"/>
    15471560    <filter token="tomcat.port.https" value="${tomcat.port.https}"/>   
     
    17381751       
    17391752        In this case "fullchain_and_prvtkey.pfx" is generated, which is the windows value of ${keystore.file} property
     1753
     1754        Helpful for debugging: https://stackoverflow.com/questions/10302489/ant-script-have-exec-tag-dump-out-entire-command-line
    17401755        -->
    17411756    <exec executable="cmd" osfamily="windows" dir="${basedir}/bin/${os.bin.dir}" spawn="false">
     
    18121827      <!-- Finally, mkdir ${packages.home}/tomcat/conf/https_cert
    18131828       and copy the file /tmp/${tomcat.server}_fullchain_and_key.p12 into it
    1814        and rename to a slightly shorter and simpler name.
     1829       and rename to a slightly shorter and simpler name,
     1830       see https://stackoverflow.com/questions/8971187/ant-renaming-while-copying-file
    18151831       The file in tmp has root permissions. But copying it from tmp into
    18161832       the local account will give the copy local account permissions.

  • main/trunk/greenstone3/resources/web/global.properties.svn

    r32429 r32432  
    2626[email protected]@
    2727localhost.protocol.http=http
    28 localhost.server.http=127.0.0.1
     28localhost.server.http=@localhost.server.http@
    2929[email protected]@
    3030[email protected]@

  • main/trunk/greenstone3/src/java/org/greenstone/util/GlobalProperties.java

    r32429 r32432  
    224224            String httpPort = properties.getProperty("localhost.port.http");
    225225            localhost_http_web_address = properties.getProperty("localhost.protocol.http") + "://"
    226                 + properties.getProperty("localhost.server.http") // always uses 127.0.0.1 (not localhost, which can be modified and is therefore unsafe!)
     226                + properties.getProperty("localhost.server.http", "127.0.0.1") // likely to be 127.0.0.1 rather than localhost, since localhost can be modified and is therefore unsafe
    227227                + httpPort;
    228228

  • main/trunk/greenstone3/src/java/org/greenstone/util/ProtocolPortProperties.java

    r32429 r32432  
    6060    private boolean supportsHttps = false;
    6161    private String defaultPortPropertyName = "localhost.port.http";
     62    private String localHttpURL;
    6263
    6364    // default protocol if multiple supported
     
    8687    public boolean hadError() { return errorCode != ALL_CORRECT; }
    8788
    88     // Use 127.0.0.1 instead of localhost since localhost is unsafe (can be mapped
    89     // to something other than 127.0.0.1). See https://letsencrypt.org/docs/certificates-for-localhost/
     89    // returns the local http base URL, something like http://127.0.0.1:<httpPort>
    9090    public String getLocalHttpBaseAddress() {
    91     // httpPort is set during the constructor,
    92     // so knowing httpPort, we can set the internal/local access http URL:
    93     String portSuffix = httpPort.equals("80") ? "" : (":"+httpPort);
    94     return "http://127.0.0.1"+portSuffix;
    95    
     91    return localHttpURL;   
    9692    }
     93
    9794
    9895    // Constructor that will throw an Exception on ports/protocol configuration error or inconsistency
     
    116113    }
    117114   
     115    // Setting the internal/local access url, which has to be over http (see
     116    // https://letsencrypt.org/docs/certificates-for-localhost/)
     117    // localhost.server.http defaults to 127.0.0.1 instead of localhost, since
     118    // localhost is unsafe as it can be mapped to something other than 127.0.0.1.
     119    localHttpURL = "http://" + props.getProperty("localhost.server.http", "127.0.0.1");
     120    if(!httpPort.equals("80")) {
     121        localHttpURL = localHttpURL + ":" + httpPort;
     122    }
     123
    118124    String supportedProtocols = props.getProperty("server.protocols");
    119125    if(supportedProtocols == null || supportedProtocols.equals("")) {
Note: See TracChangeset for help on using the changeset viewer.