Changeset 32432 for main/trunk/greenstone3/build.xml

Timestamp:

2018-09-07T19:39:40+12:00 (6 years ago)

Author:

ak19

Message:

1. Since there's a chance that 127.0.0.1 isn't always the loopback address or may not always work, we allow this to be specified by the new property localhost.server.http in build.properties. Updating recently commited code that is affected by this and where I had been hardcoding 127.0.0.1. 2. Fixing up the port and now the server host name used by the solr extension: these should be the correct property names, which are localhost.port.http and the new localhost.server.http instead of tomcat.server and the default port for the default protocol, since all GS3 internal communications with solr are done through the local HTTP url, whatever the public URL (with default protocol, matching port and server name) might be. I also updated the get-solr-servlet-url target in build.xml to use the local http base URL (see point 3), so that solr building will work correctly. 3. build.xml now has 2 new targets, one to get the local http base URL and one to get the local http default servlet URL. Both also use the new localhost.server.http property, besides the recently introduced localhost.port.http property. 4. Now the default behaviour of util.pm::get_full_greenstone_url_prefix() is to call the new get-local-http-servlet-url ant target, since only activate.pl's servercontrol.pm helper module uses it. If you want util.pm::get_full_greenstone_url_prefix() to return the non-local (public) servlet URL, pass in 1 (true) for the new 3rd parameter. The important decision here is that activate will use the internal (i.e. local http) greenstone servlet URL to issue pinging and (de)activating commands, since localhost (specifically 127.0.0.1) over http is now always available and because a domain named server over https will create complications to do with certification checks by wget, when wget gets run by activate.pl. Alternatively, activate.pl/servercontrol.pm could run wget with the no-cert-checking flag or we could make wget check the GS3 https certificate if one exists. But all that is convoluted and unnecessary: we've so far always worked with http, and usually with localhost over the httpport, and activate.pl so far has worked well with this, so have some confidence that using the local http URL internally should still work, even if the default GS3 URL has been set up to be a public (https) URL.

File:

• main/trunk/greenstone3/build.xml (modified) (5 diffs)

main/trunk/greenstone3/build.xml

@@ -258 +258 @@
     But 'localhost' (or actually, 127.0.0.1) needed for solr: solr servlet not accessible to outside world 
     -->
-    <property name="local.http.url" value="http://127.0.0.1:${localhost.port.http}"/>
+    <condition property="local.http.url" value="http://${localhost.server.http}" else="http://${localhost.server.http}:${localhost.port.http}">
+      <equals arg1="${localhost.port.http}" arg2="80" trim="true"/>
+    </condition>
 
     <!-- On linux, if testing https certification, pass in minus-minus-staging. If not testing on linux, nothing extra to pass in.
@@ -1038 +1040 @@
   </target>
 
+  <!-- returns the base local URL, something like HTTP://127.0.0.1:<HTTPport>
+       or some sane equivalent for 127.0.0.1 -->
+  <target name="get-local-base-http-url">
+    <echo>${local.http.url}</echo>
+  </target>
+  <!-- Returns something like HTTP://127.0.0.1:<HTTPport>/greenstone3/library -->
+  <target name="get-local-http-servlet-url">
+    <echo>${local.http.url}${app.path}${server.default.servlet}</echo>
+  </target>
+
   <!-- solr should only be accessible locally, which therefore also means only over http.
-  But for http,  use 127.0.0.1 instead of localhost (as localhost can be mapped to something other than 127.0.0.1
-  and is therefore not safe). See https://letsencrypt.org/docs/certificates-for-localhost/ -->
+  Note that for http, 127.0.0.1 is safer than localhost (as localhost can be mapped to something
+  other than 127.0.0.1). See also https://letsencrypt.org/docs/certificates-for-localhost/ -->
   <target name="get-solr-servlet-url">
     <!--<echo>${default.server.protocol}://${tomcat.server}:${default.tomcat.port}/${solr.context}</echo>-->
-    <echo>http://127.0.0.1:${localhost.port.http}/${solr.context}</echo>
+    <echo>${local.http.url}/${solr.context}</echo>
   </target>
 
@@ -1544 +1556 @@
     <filter token="tomcat.server" value="${tomcat.server}"/>
     <filter token="default.tomcat.port" value="${default.tomcat.port}"/>
+    <filter token="localhost.server.http" value="${localhost.server.http}"/>
     <filter token="localhost.port.http" value="${localhost.port.http}"/>
     <filter token="tomcat.port.https" value="${tomcat.port.https}"/>    
@@ -1738 +1751 @@
         
         In this case "fullchain_and_prvtkey.pfx" is generated, which is the windows value of ${keystore.file} property
+
+        Helpful for debugging: https://stackoverflow.com/questions/10302489/ant-script-have-exec-tag-dump-out-entire-command-line
         -->
     <exec executable="cmd" osfamily="windows" dir="${basedir}/bin/${os.bin.dir}" spawn="false">
@@ -1812 +1827 @@
       <!-- Finally, mkdir ${packages.home}/tomcat/conf/https_cert
        and copy the file /tmp/${tomcat.server}_fullchain_and_key.p12 into it
-       and rename to a slightly shorter and simpler name. 
+       and rename to a slightly shorter and simpler name,
+       see https://stackoverflow.com/questions/8971187/ant-renaming-while-copying-file
        The file in tmp has root permissions. But copying it from tmp into
        the local account will give the copy local account permissions.