search

cianfrocco-lab / COSMIC-CryoEM-Gateway

Web platform for analyzing cryo-EM data on Comet cluster at San Diego Supercomputer Center
http://cosmic-cryoem.org
GNU General Public License v3.0
9 stars 1 forks source link

http redirect to https not working #213

Closed monaw closed 4 years ago

monaw commented 4 years ago

http://cosmic2.sdsc.edu is showing a server error and not redirecting to https. However http://cosmic2.sdsc.edu:8080 is redirecting to https.

monaw commented 4 years ago

Modified Tomcat's conf/server.xml and conf/web.xml (original file saved to *.bak) according to https://tkurek.blogspot.com/2013/07/tomcat-7-http-to-https-redirect.html. Restarted tomcat but redirect still not working...

monaw commented 4 years ago

From Andrew Ferbert @ SDSC:

As Tomcat runs as a standard user, it can't bind to ports 80 or 443. The easiest way around this is to run a local Apache HTTPD or NGINX server which does natively bind as root and then can do the redirects. In addition, since you're doing a URL redirect and needing to append the "/gateway" path, we can't just make use of an iptables forwarding rule. That rule would only work if it was a straight https://cosmic2.sdsc.edu -> https://cosmic2.sdsc.edu:8443

The first step i started was to look at the SSL configuration of the Tomcat services to see if we can re-use the keys from that service. Tomcat wants keys in the Java Keystore (JKS) format, so it's not immediately re-usable but we could extract.

@mcianfrocco - couple of questions for you, is it ok if the gateway URL changes so no "/gateway" is needed?

mcianfrocco commented 4 years ago

Yes - ok with me!

On Tue, Dec 17, 2019 at 8:06 PM monaw notifications@github.com wrote:

From Andrew Ferbert @ SDSC:

As Tomcat runs as a standard user, it can't bind to ports 80 or 443. The easiest way around this is to run a local Apache HTTPD or NGINX server which does natively bind as root and then can do the redirects. In addition, since you're doing a URL redirect and needing to append the "/gateway" path, we can't just make use of an iptables forwarding rule. That rule would only work if it was a straight https://cosmic2.sdsc.edu -> https://cosmic2.sdsc.edu:8443

The first step i started was to look at the SSL configuration of the Tomcat services to see if we can re-use the keys from that service. Tomcat wants keys in the Java Keystore (JKS) format, so it's not immediately re-usable but we could extract.

@mcianfrocco https://github.com/mcianfrocco - couple of questions for you, is it ok if the gateway URL changes so no "/gateway" is needed?

— You are receiving this because you were mentioned.

Reply to this email directly, view it on GitHub https://github.com/cianfrocco-lab/COSMIC-CryoEM-Gateway/issues/213?email_source=notifications&email_token=AALFRFLH2VAWMSVQPCKOCHTQZFZRBA5CNFSM4JYV664KYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEHEP3RQ#issuecomment-566820294, or unsubscribe https://github.com/notifications/unsubscribe-auth/AALFRFPD2HWQWJLTVYS5ZEDQZFZRBANCNFSM4JYV664A .

--

Michael A. Cianfrocco, Ph.D. Assistant Professor, Department of Biological Chemistry Research Assistant Professor, Life Sciences Institute University of Michigan Pronouns: he, him, his