-
Type:
Improvement
-
Status: Resolved
-
Priority:
Blocker
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: Continuous Integration
-
Backlog priority:2,000
-
Sprint:DevTools-04
NXBT-2256 requested for HTTPs on rainforest
It appears that some URLs are still accessible to HTTP too.
That was not expected and may lead to some issues.
karin
Over the past few weeks we have been observing some differences in behavior between http://nightly-rainforest.nuxeo.com and https://nightly-rainforest.nuxeo.com (ie/ we find bugs when using https, but can't reproduce in http or on nightly).
Here are some examples:
https://jira.nuxeo.com/browse/NXP-25946
https://jira.nuxeo.com/browse/NXP-25958
https://jira.nuxeo.com/browse/NXP-25524
Do you have any ideas as to what could be causing this?I suspect this might be the problem affecting our Drive tests too.
Julien Carsique
hello, sorry no specific idea;
that needs some investigation, there should be some related logs
I'm afraid that we can't help you here :confused:karin
I ask because Alexis and/or Stephane made configuration changes in order to resolve https://jira.nuxeo.com/browse/NXBT-2256... which ultimately led to this problem since these are all only reproduced on https.I have been investigating this at nearly every weekly test run but this involves part of the configuration that I am not familiar with.
Julien Carsique
I got it: we can better describe what has been done to solveNXBT-2256if that helpskarin
Well we won't know until we try, will we?The issue is that if we discover we don't have a testable instance, all the regression tests will have to be done manually for 10.3 – and we don't have enough staff for that.
It would be great if we could figure out how this configuration differs from nightly.
Julien Carsique
neither do we; I'm not sure what you ask for and what we can do, given our respective scope and resources
if you ask for technical help, that is envisageable although there may be other people more available and as competent as weare you saying that the nightly HTTPs does not behave the same as the nightly-rainforest ?
I was not sure if I properly understood this point when you said "we find bugs when using https, but can't reproduce in http or on nightly"
=> there is a difference in HTTPs between the two instances?got it: we're checking the optional differences between both; starting with the redirect from http to https
The rainforest configuration cannot be compared with the nightly: they do not rely on the same technologies.
nightly uses static Apache conf
rainforest uses dynamic Traefik
=> we can look at restricting to HTTPs only and that it follows the Nuxeo requirements
https://doc.nuxeo.com/nxdoc/http-and-https-reverse-proxy-configuration/
If that reveals Nuxeo issues (hidden by the usual Apache conf) or additional requirements (as for Nginx), then that may rather be a mission for the Core team.
- depends on
-
NXBT-2256 Make rainforest.nuxeo.com HTTPS
-
- Resolved
-
- is required by
-
NXDRIVE-1387 Fix authentication to Drive
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
