Changeset 32432 for main

Show
Ignore:
Timestamp:
07.09.2018 19:39:40 (10 months ago)
Author:
ak19
Message:

1. Since there's a chance that 127.0.0.1 isn't always the loopback address or may not always work, we allow this to be specified by the new property localhost.server.http in build.properties. Updating recently commited code that is affected by this and where I had been hardcoding 127.0.0.1. 2. Fixing up the port and now the server host name used by the solr extension: these should be the correct property names, which are localhost.port.http and the new localhost.server.http instead of tomcat.server and the default port for the default protocol, since all GS3 internal communications with solr are done through the local HTTP url, whatever the public URL (with default protocol, matching port and server name) might be. I also updated the get-solr-servlet-url target in build.xml to use the local http base URL (see point 3), so that solr building will work correctly. 3. build.xml now has 2 new targets, one to get the local http base URL and one to get the local http default servlet URL. Both also use the new localhost.server.http property, besides the recently introduced localhost.port.http property. 4. Now the default behaviour of util.pm::get_full_greenstone_url_prefix() is to call the new get-local-http-servlet-url ant target, since only activate.pl's servercontrol.pm helper module uses it. If you want util.pm::get_full_greenstone_url_prefix() to return the non-local (public) servlet URL, pass in 1 (true) for the new 3rd parameter. The important decision here is that activate will use the internal (i.e. local http) greenstone servlet URL to issue pinging and (de)activating commands, since localhost (specifically 127.0.0.1) over http is now always available and because a domain named server over https will create complications to do with certification checks by wget, when wget gets run by activate.pl. Alternatively, activate.pl/servercontrol.pm could run wget with the no-cert-checking flag or we could make wget check the GS3 https certificate if one exists. But all that is convoluted and unnecessary: we've so far always worked with http, and usually with localhost over the httpport, and activate.pl so far has worked well with this, so have some confidence that using the local http URL internally should still work, even if the default GS3 URL has been set up to be a public (https) URL.

Location:
main/trunk
Files:
7 modified

Legend:

Unmodified
Added
Removed
  • main/trunk/greenstone2/perllib/servercontrol.pm

    r32166 r32432  
    385385    # For GS2, we derive the URL from the llssite.cfg file. 
    386386 
    387     my $url = &util::get_full_greenstone_url_prefix($gs_mode, $lib_name); # found largely identical method copied 
    388             # into util. Don't want duplicates, so calling that from here. 
    389      
    390     # either the url is still undef or it is now set 
     387    # note that unless we pass in $get_public_url=1, we now get the local http URL 
     388    # by default (e.g. http://127.0.0.1:httpPort/greenstone/library) 
     389    my $url = &util::get_full_greenstone_url_prefix($gs_mode, $lib_name); # found largely identical method copied 
     390        # into util.pm. Don't want duplicates, so calling that from here. 
     391     
     392    # either the url is still undef or it is now set 
    391393    #print STDERR "\n@@@@@ final URL:|$url|\n" if $url;      
    392394    #print STDERR "\n@@@@@ URL still undef\n" if !$url; 
  • main/trunk/greenstone2/perllib/util.pm

    r32345 r32432  
    12921292# 
    12931293# Designed to work with a server included with GS. 
    1294 #  - For GS3, we ask ant for the library URL. 
    12951294#  - For GS2, we derive the URL from the llssite.cfg file. 
     1295#  - For GS3, we ask ant for the library URL. For GS3, we get the local *http* URL 
     1296# by default, something like http://127.0.0.1:<httpPort>/greenstone3/library). 
     1297# Pass in $get_public_url=1 to get something like 
     1298# <default.protocol>://<tomcat.server>:<default.port>/greenstone/library 
    12961299 
    12971300sub get_full_greenstone_url_prefix 
    12981301{    
    1299     my ($gs_mode, $lib_name) = @_; 
     1302    my ($gs_mode, $lib_name, $get_public_url) = @_; 
    13001303     
    13011304    # if already set on a previous occasion, just return that 
     
    13711374    # app.name is stored in app.path by build.xml. Need to move app.name in build.properties from build.xml 
    13721375     
    1373     # Or, run the new target get-default-servlet-url 
     1376    # Or, run the new target get-local-http-servlet-url / get-default-servlet-url 
    13741377    # the output can look like: 
    13751378    # 
     
    13851388    # - see http://stackoverflow.com/questions/799968/whats-the-difference-between-perls-backticks-system-and-exec 
    13861389     
    1387     # The get-default-servlet-url ant target can be run from anywhere by specifying the 
     1390    # The get-local-http-servlet-url (or get-default-servlet-url) ant target can be run from anywhere by specifying the 
    13881391    # location of GS3's ant build.xml buildfile. Activate.pl can be run from anywhere for GS3 
    13891392    # GSDL3SRCHOME will be set for GS3 by gs3-setup.sh, a step that would have been necessary 
    13901393    # to run the activate.pl script in the first place 
    13911394     
     1395    # The default is to get-local-http-servlet-url (of the form http://127.0.0.1:<httpPort>/greentone3/library) 
    13921396    my $full_build_xml = &FileUtils::javaFilenameConcatenate($ENV{'GSDL3SRCHOME'},"build.xml"); 
    13931397 
    1394     my $perl_command = "ant -buildfile \"$full_build_xml\" get-default-servlet-url"; 
     1398    my $perl_command = $get_public_url ? "get-default-servlet-url" : "get-local-http-servlet-url"; 
     1399    $perl_command = "ant -buildfile \"$full_build_xml\" $perl_command";  
    13951400     
    13961401    if (open(PIN, "$perl_command |")) { 
  • main/trunk/greenstone3/build.properties.svn

    r32429 r32432  
    3636# (on the hostname denoted by tomcat.server at the port number denoted by localhost.port.http) 
    3737localhost.port.http=8383 
     38 
     39# The local server host address. Since 127.0.0.1 is safer than localhost, 
     40# leave this property as-is unless your local loopback address is not 127.0.0.1. 
     41# See also https://letsencrypt.org/docs/certificates-for-localhost/ 
     42localhost.server.http=127.0.0.1 
    3843 
    3944# Tomcat's shutdown port - this may need to be changed if you are running two or more Tomcats 
  • main/trunk/greenstone3/build.xml

    r32429 r32432  
    258258    But 'localhost' (or actually, 127.0.0.1) needed for solr: solr servlet not accessible to outside world  
    259259    --> 
    260     <property name="local.http.url" value="http://127.0.0.1:${localhost.port.http}"/> 
     260    <condition property="local.http.url" value="http://${localhost.server.http}" else="http://${localhost.server.http}:${localhost.port.http}"> 
     261      <equals arg1="${localhost.port.http}" arg2="80" trim="true"/> 
     262    </condition> 
    261263 
    262264    <!-- On linux, if testing https certification, pass in minus-minus-staging. If not testing on linux, nothing extra to pass in. 
     
    10381040  </target> 
    10391041 
     1042  <!-- returns the base local URL, something like HTTP://127.0.0.1:<HTTPport> 
     1043       or some sane equivalent for 127.0.0.1 --> 
     1044  <target name="get-local-base-http-url"> 
     1045    <echo>${local.http.url}</echo> 
     1046  </target> 
     1047  <!-- Returns something like HTTP://127.0.0.1:<HTTPport>/greenstone3/library --> 
     1048  <target name="get-local-http-servlet-url"> 
     1049    <echo>${local.http.url}${app.path}${server.default.servlet}</echo> 
     1050  </target> 
     1051 
    10401052  <!-- solr should only be accessible locally, which therefore also means only over http. 
    1041   But for http,  use 127.0.0.1 instead of localhost (as localhost can be mapped to something other than 127.0.0.1 
    1042   and is therefore not safe). See https://letsencrypt.org/docs/certificates-for-localhost/ --> 
     1053  Note that for http, 127.0.0.1 is safer than localhost (as localhost can be mapped to something 
     1054  other than 127.0.0.1). See also https://letsencrypt.org/docs/certificates-for-localhost/ --> 
    10431055  <target name="get-solr-servlet-url"> 
    10441056    <!--<echo>${default.server.protocol}://${tomcat.server}:${default.tomcat.port}/${solr.context}</echo>--> 
    1045     <echo>http://127.0.0.1:${localhost.port.http}/${solr.context}</echo> 
     1057    <echo>${local.http.url}/${solr.context}</echo> 
    10461058  </target> 
    10471059 
     
    15441556    <filter token="tomcat.server" value="${tomcat.server}"/> 
    15451557    <filter token="default.tomcat.port" value="${default.tomcat.port}"/> 
     1558    <filter token="localhost.server.http" value="${localhost.server.http}"/> 
    15461559    <filter token="localhost.port.http" value="${localhost.port.http}"/> 
    15471560    <filter token="tomcat.port.https" value="${tomcat.port.https}"/>     
     
    17381751         
    17391752        In this case "fullchain_and_prvtkey.pfx" is generated, which is the windows value of ${keystore.file} property 
     1753 
     1754        Helpful for debugging: https://stackoverflow.com/questions/10302489/ant-script-have-exec-tag-dump-out-entire-command-line 
    17401755        --> 
    17411756    <exec executable="cmd" osfamily="windows" dir="${basedir}/bin/${os.bin.dir}" spawn="false"> 
     
    18121827      <!-- Finally, mkdir ${packages.home}/tomcat/conf/https_cert 
    18131828       and copy the file /tmp/${tomcat.server}_fullchain_and_key.p12 into it 
    1814        and rename to a slightly shorter and simpler name.  
     1829       and rename to a slightly shorter and simpler name, 
     1830       see https://stackoverflow.com/questions/8971187/ant-renaming-while-copying-file 
    18151831       The file in tmp has root permissions. But copying it from tmp into 
    18161832       the local account will give the copy local account permissions. 
  • main/trunk/greenstone3/resources/web/global.properties.svn

    r32429 r32432  
    2626tomcat.port.https=@tomcat.port.https@ 
    2727localhost.protocol.http=http 
    28 localhost.server.http=127.0.0.1 
     28localhost.server.http=@localhost.server.http@ 
    2929localhost.port.http=@localhost.port.http@ 
    3030restrict.http.to.local=@restrict.http.to.local@ 
  • main/trunk/greenstone3/src/java/org/greenstone/util/GlobalProperties.java

    r32429 r32432  
    224224            String httpPort = properties.getProperty("localhost.port.http"); 
    225225            localhost_http_web_address = properties.getProperty("localhost.protocol.http") + "://" 
    226                 + properties.getProperty("localhost.server.http") // always uses 127.0.0.1 (not localhost, which can be modified and is therefore unsafe!) 
     226                + properties.getProperty("localhost.server.http", "127.0.0.1") // likely to be 127.0.0.1 rather than localhost, since localhost can be modified and is therefore unsafe 
    227227                + httpPort; 
    228228 
  • main/trunk/greenstone3/src/java/org/greenstone/util/ProtocolPortProperties.java

    r32429 r32432  
    6060    private boolean supportsHttps = false; 
    6161    private String defaultPortPropertyName = "localhost.port.http"; 
     62    private String localHttpURL; 
    6263 
    6364    // default protocol if multiple supported 
     
    8687    public boolean hadError() { return errorCode != ALL_CORRECT; } 
    8788 
    88     // Use 127.0.0.1 instead of localhost since localhost is unsafe (can be mapped 
    89     // to something other than 127.0.0.1). See https://letsencrypt.org/docs/certificates-for-localhost/ 
     89    // returns the local http base URL, something like http://127.0.0.1:<httpPort> 
    9090    public String getLocalHttpBaseAddress() { 
    91     // httpPort is set during the constructor,  
    92     // so knowing httpPort, we can set the internal/local access http URL: 
    93     String portSuffix = httpPort.equals("80") ? "" : (":"+httpPort); 
    94     return "http://127.0.0.1"+portSuffix; 
    95      
     91    return localHttpURL;     
    9692    } 
     93 
    9794 
    9895    // Constructor that will throw an Exception on ports/protocol configuration error or inconsistency 
     
    116113    } 
    117114     
     115    // Setting the internal/local access url, which has to be over http (see 
     116    // https://letsencrypt.org/docs/certificates-for-localhost/) 
     117    // localhost.server.http defaults to 127.0.0.1 instead of localhost, since 
     118    // localhost is unsafe as it can be mapped to something other than 127.0.0.1. 
     119    localHttpURL = "http://" + props.getProperty("localhost.server.http", "127.0.0.1"); 
     120    if(!httpPort.equals("80")) { 
     121        localHttpURL = localHttpURL + ":" + httpPort; 
     122    } 
     123 
    118124    String supportedProtocols = props.getProperty("server.protocols"); 
    119125    if(supportedProtocols == null || supportedProtocols.equals("")) {