Request failed: HTTPSConnectionPool(host='proxy', port=443): Max retries exceeded with url: /api (Caused by SSLError(CertificateError("hostname 'proxy' doesn't match either of '*.crim.ca', 'crim.ca'")))
The above proxy seems to be related to the nginx service doing the redirect.
Maybe the configuration is missing some proxy_set_header Host $host; / proxy_set_header X-Forwarded-Proto $real_scheme; definitions or similar.
Summary
Bug related to protected GeoServer requests.
Details
https://github.com/bird-house/birdhouse-deploy/blob/eaa09c2819e5e5dc5bd36dae6827562f3beef1c5/birdhouse/optional-components/README.rst#test-geoserver-secured-access was made available (as
/geoserver-secured) to evaluate GeoServer behind Twitcher.However,
/geoserveris already available through Twitcher verify pre-request whenGEOSERVER_SKIP_AUTH=False(default) is set: https://github.com/bird-house/birdhouse-deploy/blob/eaa09c2819e5e5dc5bd36dae6827562f3beef1c5/birdhouse/components/geoserver/config/proxy/conf.extra-service.d/geoserver.conf.template https://github.com/bird-house/birdhouse-deploy/blob/eaa09c2819e5e5dc5bd36dae6827562f3beef1c5/birdhouse/components/geoserver/default.env#L30-L31Testing this configuration seems to do the Magpie/Twitcher pre-request as expected, but the resulting request with GeoServer fails.
For example, https://hirondelle.crim.ca/twitcher/ows/proxy/geoserver/api returns (HTTP 400):
The above
proxyseems to be related to the nginx service doing the redirect. Maybe the configuration is missing someproxy_set_header Host $host;/proxy_set_header X-Forwarded-Proto $real_scheme;definitions or similar.To Reproduce
Steps to reproduce the behavior:
Environment
Concerned Organizations