Uploaded image for project: 'Nuxeo ECM Build/Test Environment'
  1. Nuxeo ECM Build/Test Environment
  2. NXBT-2568

Make rainforest.nuxeo.com HTTPS only

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Continuous Integration

      Description

      NXBT-2256 requested for HTTPs on rainforest
      It appears that some URLs are still accessible to HTTP too.
      That was not expected and may lead to some issues.

      karin
      Over the past few weeks we have been observing some differences in behavior between http://nightly-rainforest.nuxeo.com and https://nightly-rainforest.nuxeo.com (ie/ we find bugs when using https, but can't reproduce in http or on nightly).
      Here are some examples:
      https://jira.nuxeo.com/browse/NXP-25946
      https://jira.nuxeo.com/browse/NXP-25958
      https://jira.nuxeo.com/browse/NXP-25524
      Do you have any ideas as to what could be causing this?

      I suspect this might be the problem affecting our Drive tests too.

      Julien Carsique
      hello, sorry no specific idea;
      that needs some investigation, there should be some related logs
      I'm afraid that we can't help you here :confused:

      karin
      I ask because Alexis and/or Stephane made configuration changes in order to resolve https://jira.nuxeo.com/browse/NXBT-2256... which ultimately led to this problem since these are all only reproduced on https.

      I have been investigating this at nearly every weekly test run but this involves part of the configuration that I am not familiar with.

      Julien Carsique
      I got it: we can better describe what has been done to solve NXBT-2256 if that helps

      karin
      Well we won't know until we try, will we?

      The issue is that if we discover we don't have a testable instance, all the regression tests will have to be done manually for 10.3 – and we don't have enough staff for that.

      It would be great if we could figure out how this configuration differs from nightly.

      Julien Carsique
      neither do we; I'm not sure what you ask for and what we can do, given our respective scope and resources
      if you ask for technical help, that is envisageable although there may be other people more available and as competent as we

      are you saying that the nightly HTTPs does not behave the same as the nightly-rainforest ?
      I was not sure if I properly understood this point when you said "we find bugs when using https, but can't reproduce in http or on nightly"
      => there is a difference in HTTPs between the two instances?

      got it: we're checking the optional differences between both; starting with the redirect from http to https

      The rainforest configuration cannot be compared with the nightly: they do not rely on the same technologies.
      nightly uses static Apache conf
      rainforest uses dynamic Traefik
      => we can look at restricting to HTTPs only and that it follows the Nuxeo requirements
      https://doc.nuxeo.com/nxdoc/http-and-https-reverse-proxy-configuration/

      If that reveals Nuxeo issues (hidden by the usual Apache conf) or additional requirements (as for Nginx), then that may rather be a mission for the Core team.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  PagerDuty

                  Error rendering 'com.pagerduty.jira-server-plugin:PagerDuty'. Please contact your Jira administrators.