search

camptocamp / c2cgeoportal

c2cgeoportal application
http://geomapfish.org
Other
64 stars 46 forks source link

403 errors on tiles after upgrade to 2.2 #3331

Closed rbovard closed 6 years ago

rbovard commented 6 years ago

After upgrade to 2.2, my tiles are no more accessible (503), see background in https://map-demo.nyon.ch/dev/

It works fine in 2.1.

rbovard commented 6 years ago

FYI DEV instance is down because of https://github.com/camptocamp/c2cgeoportal/issues/3308#issuecomment-350992861

ochriste commented 6 years ago

hello

the 403 on tiles are caused by the special "# Secure WMTS" apache rules in the file apache/private.conf

so you will have to fix the this rules if you want the tiles to display correctly

rbovard commented 6 years ago

But I didn't changed this rule and it was working in 2.1.

ochriste commented 6 years ago

well all I can say is now the rule dont work, I havent analysed why yet

ochriste commented 6 years ago

this rule has never worked for dev:

Allow from env=map Allow from env=map-demo Allow from env=geoadmin because the dev env is not included

maybe it has worked by error if the dev project was using demo tile urls or something like that

rbovard commented 6 years ago

No, my dev was working as excepted in 2.1.

ochriste commented 6 years ago

well, Im sorry it doesnt work anymore and I have no explanation why because it was not logical it had ever worked, I can try to adapt your rule to make it work though, I will have a look.

rbovard commented 6 years ago

Something had changed in 2.2: Require ip 127.0.0.1 ::1 is added?!

DEMO (OK):

<Location /demo/tiles>
    ...
    Allow from 127.0.0.1 ::1
    ...
</Location>

DEV (KO):

<Location /dev/tiles>
    ...
    Allow from 127.0.0.1 ::1
Require ip 127.0.0.1 ::1
    ...
</Location>
rbovard commented 6 years ago

I found the commit: https://github.com/camptocamp/c2cgeoportal/commit/9b3f23c1789b156c8a17fb1312eb0efd300051cb

ochriste commented 6 years ago

ah I see, you re-used the "mapserv_allow" variable in your private.conf.mako, then just make a new variable in your .mk that doesnt include the "Require ip" statement

rbovard commented 6 years ago

Yes because I wanted to use the same protection as for MapServer...

Why does it not work for /tiles and work for /mapserv and /mapserv_proxy? What does the Require ip 127.0.0.1 ::1?

ochriste commented 6 years ago

because /mapserv is only accessed from localhost, while /tiles is accessed from outside, so you cant use the same access rules

I do not know why the Require ip was added, I will ask @sbrunner

rbovard commented 6 years ago

/mapserv_proxy is accessed from outside and it works with Require ip 127.0.0.1 ::1 (I have tested this morning)

ochriste commented 6 years ago

/mapserv is not /mapserv_proxy

rbovard commented 6 years ago

I know... But I can access it from outside with Require ip 127.0.0.1 ::1 https://github.com/camptocamp/nyon_c2cgeoportal/blob/v22/apache/private.conf.mako#L17

ochriste commented 6 years ago

Im sorry, I do not understand what you want exactly.

rbovard commented 6 years ago

Never mind, I'll close this issue since it's related to my config...