Changeset 32432 for main/trunk
- Timestamp:
- 2018-09-07T19:39:40+12:00 (6 years ago)
- Location:
- main/trunk
- Files:
-
- 7 edited
Legend:
- Unmodified
- Added
- Removed
-
main/trunk/greenstone2/perllib/servercontrol.pm
r32166 r32432 385 385 # For GS2, we derive the URL from the llssite.cfg file. 386 386 387 my $url = &util::get_full_greenstone_url_prefix($gs_mode, $lib_name); # found largely identical method copied 388 # into util. Don't want duplicates, so calling that from here. 389 390 # either the url is still undef or it is now set 387 # note that unless we pass in $get_public_url=1, we now get the local http URL 388 # by default (e.g. http://127.0.0.1:httpPort/greenstone/library) 389 my $url = &util::get_full_greenstone_url_prefix($gs_mode, $lib_name); # found largely identical method copied 390 # into util.pm. Don't want duplicates, so calling that from here. 391 392 # either the url is still undef or it is now set 391 393 #print STDERR "\n@@@@@ final URL:|$url|\n" if $url; 392 394 #print STDERR "\n@@@@@ URL still undef\n" if !$url; -
main/trunk/greenstone2/perllib/util.pm
r32345 r32432 1292 1292 # 1293 1293 # Designed to work with a server included with GS. 1294 # - For GS3, we ask ant for the library URL.1295 1294 # - For GS2, we derive the URL from the llssite.cfg file. 1295 # - For GS3, we ask ant for the library URL. For GS3, we get the local *http* URL 1296 # by default, something like http://127.0.0.1:<httpPort>/greenstone3/library). 1297 # Pass in $get_public_url=1 to get something like 1298 # <default.protocol>://<tomcat.server>:<default.port>/greenstone/library 1296 1299 1297 1300 sub get_full_greenstone_url_prefix 1298 1301 { 1299 my ($gs_mode, $lib_name ) = @_;1302 my ($gs_mode, $lib_name, $get_public_url) = @_; 1300 1303 1301 1304 # if already set on a previous occasion, just return that … … 1371 1374 # app.name is stored in app.path by build.xml. Need to move app.name in build.properties from build.xml 1372 1375 1373 # Or, run the new target get- default-servlet-url1376 # Or, run the new target get-local-http-servlet-url / get-default-servlet-url 1374 1377 # the output can look like: 1375 1378 # … … 1385 1388 # - see http://stackoverflow.com/questions/799968/whats-the-difference-between-perls-backticks-system-and-exec 1386 1389 1387 # The get- default-servlet-urlant target can be run from anywhere by specifying the1390 # The get-local-http-servlet-url (or get-default-servlet-url) ant target can be run from anywhere by specifying the 1388 1391 # location of GS3's ant build.xml buildfile. Activate.pl can be run from anywhere for GS3 1389 1392 # GSDL3SRCHOME will be set for GS3 by gs3-setup.sh, a step that would have been necessary 1390 1393 # to run the activate.pl script in the first place 1391 1394 1395 # The default is to get-local-http-servlet-url (of the form http://127.0.0.1:<httpPort>/greentone3/library) 1392 1396 my $full_build_xml = &FileUtils::javaFilenameConcatenate($ENV{'GSDL3SRCHOME'},"build.xml"); 1393 1397 1394 my $perl_command = "ant -buildfile \"$full_build_xml\" get-default-servlet-url"; 1398 my $perl_command = $get_public_url ? "get-default-servlet-url" : "get-local-http-servlet-url"; 1399 $perl_command = "ant -buildfile \"$full_build_xml\" $perl_command"; 1395 1400 1396 1401 if (open(PIN, "$perl_command |")) { -
main/trunk/greenstone3/build.properties.svn
r32429 r32432 36 36 # (on the hostname denoted by tomcat.server at the port number denoted by localhost.port.http) 37 37 localhost.port.http=8383 38 39 # The local server host address. Since 127.0.0.1 is safer than localhost, 40 # leave this property as-is unless your local loopback address is not 127.0.0.1. 41 # See also https://letsencrypt.org/docs/certificates-for-localhost/ 42 localhost.server.http=127.0.0.1 38 43 39 44 # Tomcat's shutdown port - this may need to be changed if you are running two or more Tomcats -
main/trunk/greenstone3/build.xml
r32429 r32432 258 258 But 'localhost' (or actually, 127.0.0.1) needed for solr: solr servlet not accessible to outside world 259 259 --> 260 <property name="local.http.url" value="http://127.0.0.1:${localhost.port.http}"/> 260 <condition property="local.http.url" value="http://${localhost.server.http}" else="http://${localhost.server.http}:${localhost.port.http}"> 261 <equals arg1="${localhost.port.http}" arg2="80" trim="true"/> 262 </condition> 261 263 262 264 <!-- On linux, if testing https certification, pass in minus-minus-staging. If not testing on linux, nothing extra to pass in. … … 1038 1040 </target> 1039 1041 1042 <!-- returns the base local URL, something like HTTP://127.0.0.1:<HTTPport> 1043 or some sane equivalent for 127.0.0.1 --> 1044 <target name="get-local-base-http-url"> 1045 <echo>${local.http.url}</echo> 1046 </target> 1047 <!-- Returns something like HTTP://127.0.0.1:<HTTPport>/greenstone3/library --> 1048 <target name="get-local-http-servlet-url"> 1049 <echo>${local.http.url}${app.path}${server.default.servlet}</echo> 1050 </target> 1051 1040 1052 <!-- solr should only be accessible locally, which therefore also means only over http. 1041 But for http, use 127.0.0.1 instead of localhost (as localhost can be mapped to something other than 127.0.0.11042 and is therefore not safe). Seehttps://letsencrypt.org/docs/certificates-for-localhost/ -->1053 Note that for http, 127.0.0.1 is safer than localhost (as localhost can be mapped to something 1054 other than 127.0.0.1). See also https://letsencrypt.org/docs/certificates-for-localhost/ --> 1043 1055 <target name="get-solr-servlet-url"> 1044 1056 <!--<echo>${default.server.protocol}://${tomcat.server}:${default.tomcat.port}/${solr.context}</echo>--> 1045 <echo> http://127.0.0.1:${localhost.port.http}/${solr.context}</echo>1057 <echo>${local.http.url}/${solr.context}</echo> 1046 1058 </target> 1047 1059 … … 1544 1556 <filter token="tomcat.server" value="${tomcat.server}"/> 1545 1557 <filter token="default.tomcat.port" value="${default.tomcat.port}"/> 1558 <filter token="localhost.server.http" value="${localhost.server.http}"/> 1546 1559 <filter token="localhost.port.http" value="${localhost.port.http}"/> 1547 1560 <filter token="tomcat.port.https" value="${tomcat.port.https}"/> … … 1738 1751 1739 1752 In this case "fullchain_and_prvtkey.pfx" is generated, which is the windows value of ${keystore.file} property 1753 1754 Helpful for debugging: https://stackoverflow.com/questions/10302489/ant-script-have-exec-tag-dump-out-entire-command-line 1740 1755 --> 1741 1756 <exec executable="cmd" osfamily="windows" dir="${basedir}/bin/${os.bin.dir}" spawn="false"> … … 1812 1827 <!-- Finally, mkdir ${packages.home}/tomcat/conf/https_cert 1813 1828 and copy the file /tmp/${tomcat.server}_fullchain_and_key.p12 into it 1814 and rename to a slightly shorter and simpler name. 1829 and rename to a slightly shorter and simpler name, 1830 see https://stackoverflow.com/questions/8971187/ant-renaming-while-copying-file 1815 1831 The file in tmp has root permissions. But copying it from tmp into 1816 1832 the local account will give the copy local account permissions. -
main/trunk/greenstone3/resources/web/global.properties.svn
r32429 r32432 26 26 [email protected]@ 27 27 localhost.protocol.http=http 28 localhost.server.http= 127.0.0.128 localhost.server.http=@localhost.server.http@ 29 29 [email protected]@ 30 30 [email protected]@ -
main/trunk/greenstone3/src/java/org/greenstone/util/GlobalProperties.java
r32429 r32432 224 224 String httpPort = properties.getProperty("localhost.port.http"); 225 225 localhost_http_web_address = properties.getProperty("localhost.protocol.http") + "://" 226 + properties.getProperty("localhost.server.http" ) // always uses 127.0.0.1 (not localhost, which can be modified and is therefore unsafe!)226 + properties.getProperty("localhost.server.http", "127.0.0.1") // likely to be 127.0.0.1 rather than localhost, since localhost can be modified and is therefore unsafe 227 227 + httpPort; 228 228 -
main/trunk/greenstone3/src/java/org/greenstone/util/ProtocolPortProperties.java
r32429 r32432 60 60 private boolean supportsHttps = false; 61 61 private String defaultPortPropertyName = "localhost.port.http"; 62 private String localHttpURL; 62 63 63 64 // default protocol if multiple supported … … 86 87 public boolean hadError() { return errorCode != ALL_CORRECT; } 87 88 88 // Use 127.0.0.1 instead of localhost since localhost is unsafe (can be mapped 89 // to something other than 127.0.0.1). See https://letsencrypt.org/docs/certificates-for-localhost/ 89 // returns the local http base URL, something like http://127.0.0.1:<httpPort> 90 90 public String getLocalHttpBaseAddress() { 91 // httpPort is set during the constructor, 92 // so knowing httpPort, we can set the internal/local access http URL: 93 String portSuffix = httpPort.equals("80") ? "" : (":"+httpPort); 94 return "http://127.0.0.1"+portSuffix; 95 91 return localHttpURL; 96 92 } 93 97 94 98 95 // Constructor that will throw an Exception on ports/protocol configuration error or inconsistency … … 116 113 } 117 114 115 // Setting the internal/local access url, which has to be over http (see 116 // https://letsencrypt.org/docs/certificates-for-localhost/) 117 // localhost.server.http defaults to 127.0.0.1 instead of localhost, since 118 // localhost is unsafe as it can be mapped to something other than 127.0.0.1. 119 localHttpURL = "http://" + props.getProperty("localhost.server.http", "127.0.0.1"); 120 if(!httpPort.equals("80")) { 121 localHttpURL = localHttpURL + ":" + httpPort; 122 } 123 118 124 String supportedProtocols = props.getProperty("server.protocols"); 119 125 if(supportedProtocols == null || supportedProtocols.equals("")) {
Note:
See TracChangeset
for help on using the changeset viewer.