Changeset 32432 for main/trunk

07.09.2018 19:39:40 (22 months ago)

1. Since there's a chance that isn't always the loopback address or may not always work, we allow this to be specified by the new property localhost.server.http in Updating recently commited code that is affected by this and where I had been hardcoding 2. Fixing up the port and now the server host name used by the solr extension: these should be the correct property names, which are localhost.port.http and the new localhost.server.http instead of tomcat.server and the default port for the default protocol, since all GS3 internal communications with solr are done through the local HTTP url, whatever the public URL (with default protocol, matching port and server name) might be. I also updated the get-solr-servlet-url target in build.xml to use the local http base URL (see point 3), so that solr building will work correctly. 3. build.xml now has 2 new targets, one to get the local http base URL and one to get the local http default servlet URL. Both also use the new localhost.server.http property, besides the recently introduced localhost.port.http property. 4. Now the default behaviour of is to call the new get-local-http-servlet-url ant target, since only's helper module uses it. If you want to return the non-local (public) servlet URL, pass in 1 (true) for the new 3rd parameter. The important decision here is that activate will use the internal (i.e. local http) greenstone servlet URL to issue pinging and (de)activating commands, since localhost (specifically over http is now always available and because a domain named server over https will create complications to do with certification checks by wget, when wget gets run by Alternatively, could run wget with the no-cert-checking flag or we could make wget check the GS3 https certificate if one exists. But all that is convoluted and unnecessary: we've so far always worked with http, and usually with localhost over the httpport, and so far has worked well with this, so have some confidence that using the local http URL internally should still work, even if the default GS3 URL has been set up to be a public (https) URL.

7 modified


  • main/trunk/greenstone2/perllib/

    r32166 r32432  
    385385    # For GS2, we derive the URL from the llssite.cfg file. 
    387     my $url = &util::get_full_greenstone_url_prefix($gs_mode, $lib_name); # found largely identical method copied 
    388             # into util. Don't want duplicates, so calling that from here. 
    390     # either the url is still undef or it is now set 
     387    # note that unless we pass in $get_public_url=1, we now get the local http URL 
     388    # by default (e.g. 
     389    my $url = &util::get_full_greenstone_url_prefix($gs_mode, $lib_name); # found largely identical method copied 
     390        # into Don't want duplicates, so calling that from here. 
     392    # either the url is still undef or it is now set 
    391393    #print STDERR "\n@@@@@ final URL:|$url|\n" if $url;      
    392394    #print STDERR "\n@@@@@ URL still undef\n" if !$url; 
  • main/trunk/greenstone2/perllib/

    r32345 r32432  
    12931293# Designed to work with a server included with GS. 
    1294 #  - For GS3, we ask ant for the library URL. 
    12951294#  - For GS2, we derive the URL from the llssite.cfg file. 
     1295#  - For GS3, we ask ant for the library URL. For GS3, we get the local *http* URL 
     1296# by default, something like<httpPort>/greenstone3/library). 
     1297# Pass in $get_public_url=1 to get something like 
     1298# <default.protocol>://<tomcat.server>:<default.port>/greenstone/library 
    12971300sub get_full_greenstone_url_prefix 
    1299     my ($gs_mode, $lib_name) = @_; 
     1302    my ($gs_mode, $lib_name, $get_public_url) = @_; 
    13011304    # if already set on a previous occasion, just return that 
    13711374    # is stored in app.path by build.xml. Need to move in from build.xml 
    1373     # Or, run the new target get-default-servlet-url 
     1376    # Or, run the new target get-local-http-servlet-url / get-default-servlet-url 
    13741377    # the output can look like: 
    13751378    # 
    13851388    # - see 
    1387     # The get-default-servlet-url ant target can be run from anywhere by specifying the 
     1390    # The get-local-http-servlet-url (or get-default-servlet-url) ant target can be run from anywhere by specifying the 
    13881391    # location of GS3's ant build.xml buildfile. can be run from anywhere for GS3 
    13891392    # GSDL3SRCHOME will be set for GS3 by, a step that would have been necessary 
    13901393    # to run the script in the first place 
     1395    # The default is to get-local-http-servlet-url (of the form<httpPort>/greentone3/library) 
    13921396    my $full_build_xml = &FileUtils::javaFilenameConcatenate($ENV{'GSDL3SRCHOME'},"build.xml"); 
    1394     my $perl_command = "ant -buildfile \"$full_build_xml\" get-default-servlet-url"; 
     1398    my $perl_command = $get_public_url ? "get-default-servlet-url" : "get-local-http-servlet-url"; 
     1399    $perl_command = "ant -buildfile \"$full_build_xml\" $perl_command";  
    13961401    if (open(PIN, "$perl_command |")) { 
  • main/trunk/greenstone3/

    r32429 r32432  
    3636# (on the hostname denoted by tomcat.server at the port number denoted by localhost.port.http) 
     39# The local server host address. Since is safer than localhost, 
     40# leave this property as-is unless your local loopback address is not 
     41# See also 
    3944# Tomcat's shutdown port - this may need to be changed if you are running two or more Tomcats 
  • main/trunk/greenstone3/build.xml

    r32429 r32432  
    258258    But 'localhost' (or actually, needed for solr: solr servlet not accessible to outside world  
    259259    --> 
    260     <property name="local.http.url" value="${localhost.port.http}"/> 
     260    <condition property="local.http.url" value="http://${localhost.server.http}" else="http://${localhost.server.http}:${localhost.port.http}"> 
     261      <equals arg1="${localhost.port.http}" arg2="80" trim="true"/> 
     262    </condition> 
    262264    <!-- On linux, if testing https certification, pass in minus-minus-staging. If not testing on linux, nothing extra to pass in. 
    10381040  </target> 
     1042  <!-- returns the base local URL, something like HTTP://<HTTPport> 
     1043       or some sane equivalent for --> 
     1044  <target name="get-local-base-http-url"> 
     1045    <echo>${local.http.url}</echo> 
     1046  </target> 
     1047  <!-- Returns something like HTTP://<HTTPport>/greenstone3/library --> 
     1048  <target name="get-local-http-servlet-url"> 
     1049    <echo>${local.http.url}${app.path}${server.default.servlet}</echo> 
     1050  </target> 
    10401052  <!-- solr should only be accessible locally, which therefore also means only over http. 
    1041   But for http,  use instead of localhost (as localhost can be mapped to something other than 
    1042   and is therefore not safe). See --> 
     1053  Note that for http, is safer than localhost (as localhost can be mapped to something 
     1054  other than See also --> 
    10431055  <target name="get-solr-servlet-url"> 
    10441056    <!--<echo>${default.server.protocol}://${tomcat.server}:${default.tomcat.port}/${solr.context}</echo>--> 
    1045     <echo>${localhost.port.http}/${solr.context}</echo> 
     1057    <echo>${local.http.url}/${solr.context}</echo> 
    10461058  </target> 
    15441556    <filter token="tomcat.server" value="${tomcat.server}"/> 
    15451557    <filter token="default.tomcat.port" value="${default.tomcat.port}"/> 
     1558    <filter token="localhost.server.http" value="${localhost.server.http}"/> 
    15461559    <filter token="localhost.port.http" value="${localhost.port.http}"/> 
    15471560    <filter token="tomcat.port.https" value="${tomcat.port.https}"/>     
    17391752        In this case "fullchain_and_prvtkey.pfx" is generated, which is the windows value of ${keystore.file} property 
     1754        Helpful for debugging: 
    17401755        --> 
    17411756    <exec executable="cmd" osfamily="windows" dir="${basedir}/bin/${os.bin.dir}" spawn="false"> 
    18121827      <!-- Finally, mkdir ${packages.home}/tomcat/conf/https_cert 
    18131828       and copy the file /tmp/${tomcat.server}_fullchain_and_key.p12 into it 
    1814        and rename to a slightly shorter and simpler name.  
     1829       and rename to a slightly shorter and simpler name, 
     1830       see 
    18151831       The file in tmp has root permissions. But copying it from tmp into 
    18161832       the local account will give the copy local account permissions. 
  • main/trunk/greenstone3/resources/web/

    r32429 r32432  
    28 localhost.server.http= 
  • main/trunk/greenstone3/src/java/org/greenstone/util/

    r32429 r32432  
    224224            String httpPort = properties.getProperty("localhost.port.http"); 
    225225            localhost_http_web_address = properties.getProperty("localhost.protocol.http") + "://" 
    226                 + properties.getProperty("localhost.server.http") // always uses (not localhost, which can be modified and is therefore unsafe!) 
     226                + properties.getProperty("localhost.server.http", "") // likely to be rather than localhost, since localhost can be modified and is therefore unsafe 
    227227                + httpPort; 
  • main/trunk/greenstone3/src/java/org/greenstone/util/

    r32429 r32432  
    6060    private boolean supportsHttps = false; 
    6161    private String defaultPortPropertyName = "localhost.port.http"; 
     62    private String localHttpURL; 
    6364    // default protocol if multiple supported 
    8687    public boolean hadError() { return errorCode != ALL_CORRECT; } 
    88     // Use instead of localhost since localhost is unsafe (can be mapped 
    89     // to something other than See 
     89    // returns the local http base URL, something like<httpPort> 
    9090    public String getLocalHttpBaseAddress() { 
    91     // httpPort is set during the constructor,  
    92     // so knowing httpPort, we can set the internal/local access http URL: 
    93     String portSuffix = httpPort.equals("80") ? "" : (":"+httpPort); 
    94     return ""+portSuffix; 
     91    return localHttpURL;     
    9692    } 
    9895    // Constructor that will throw an Exception on ports/protocol configuration error or inconsistency 
    116113    } 
     115    // Setting the internal/local access url, which has to be over http (see 
     116    // 
     117    // localhost.server.http defaults to instead of localhost, since 
     118    // localhost is unsafe as it can be mapped to something other than 
     119    localHttpURL = "http://" + props.getProperty("localhost.server.http", ""); 
     120    if(!httpPort.equals("80")) { 
     121        localHttpURL = localHttpURL + ":" + httpPort; 
     122    } 
    118124    String supportedProtocols = props.getProperty("server.protocols"); 
    119125    if(supportedProtocols == null || supportedProtocols.equals("")) {