Unable to access locally set-up project URLs via HTTPS

[hristog]

Hello,

I'd like to preface my question with the fact that I do realize that the problem probably has to do with my local setup (including some implicitly implied step for securing SSL access attempts to localhost via a self-signed certificate or something along similar lines) rather than something intrinsically wrong with the repository.

Problem:

• I am able to access the HTTP portions of any Cosmology@Home content, served via a locally running server, but none of the HTTPS counterparts.

Steps to reproduce:

$ git checkout --recursive https://github.com/marius311/cosmohome.git
$ cd cosmohome
$ make up # also attempted anew with `docker-compose up --build`

I've added localhost www.cosmologyathome.org to my /etc/hosts file. Then, accessing http://www.cosmologyathome.org and http://localhost does work, while accessing https://www.cosmologyathome.org and https://localhost doesn't. Additionally, I'm unable to add the project via BOINC Manager either:

15-Apr-2020 19:10:56 [---] [http] [ID#3] Info:    Trying 127.0.0.1...
15-Apr-2020 19:10:56 [---] [http] [ID#3] Info:  Connected to www.cosmologyathome.org (127.0.0.1) port 443 (#17)
15-Apr-2020 19:10:56 [---] [http] [ID#3] Info:  ALPN, offering http/1.1
15-Apr-2020 19:10:56 [---] [http] [ID#3] Info:  Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
15-Apr-2020 19:10:56 [---] [http] [ID#3] Info:  successfully set certificate verify locations:
15-Apr-2020 19:10:56 [---] [http] [ID#3] Info:    CAfile: /etc/ssl/certs/ca-certificates.crt
15-Apr-2020 19:10:56 [---] [http] [ID#3] Info:    CApath: /etc/ssl/certs
15-Apr-2020 19:10:56 [---] [http] [ID#3] Info:  TLSv1.2 (OUT), TLS header, Certificate Status (22):
15-Apr-2020 19:10:56 [---] [http] [ID#3] Info:  TLSv1.2 (OUT), TLS handshake, Client hello (1):
15-Apr-2020 19:10:56 [---] [http] [ID#3] Info:  error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
15-Apr-2020 19:10:56 [---] [http] [ID#3] Info:  Closing connection 17
15-Apr-2020 19:10:56 [---] [http] HTTP error: SSL connect error
15-Apr-2020 19:10:57 [---] Project communication failed: attempting access to reference site
15-Apr-2020 19:10:57 [---] [http] HTTP_OP::init_get(): https://www.google.com/
15-Apr-2020 19:10:57 [---] [http] [ID#0] Info:  Found bundle for host www.google.com: 0x5633d28f1010 [can pipeline]
15-Apr-2020 19:10:57 [---] [http] [ID#0] Info:  Re-using existing connection! (#2) with host www.google.com
15-Apr-2020 19:10:57 [---] [http] [ID#0] Info:  Connected to www.google.com (216.58.204.228) port 443 (#2)

I've also attempted introducing self-signed certificates via following the intrructons from the following articles:

• https://www.freecodecamp.org/news/how-to-get-https-working-on-your-local-development-environment-in-5-minutes-7af615770eec/
• https://reactpaths.com/how-to-get-https-working-in-localhost-development-environment-f17de34af046?gi=2c06c41b8b1c

I've tried to do this both locally and from inside the running Apache container (the spun up ran via docker-compose up), followed by restarting of the Apache service in the latter case, but neither approach has worked.

Could you, please, provide some directions for attempting to fix this?

Thanks very much for your time!

Update: Wanted to add, for completeness, that I was able to get boinc-server-docker running successfully, without experiencing the same HTTPS issues. I think that there's some difference in how the projects are configured (haven't been able to disable HTTPS, and access the login pages etc, for the sake of experimentation, yet though; I can see that the project config xml - as accessed via get_project_config.php - of Cosmology@Home does have a <web_rpc_url_base>https://www.cosmologyathome.org/</web_rpc_url_base> line, whereas the boinc-server-docker project differs in this regard), but I'm not sure, whether removing HTTPS support would be a good idea, instead of enabling it to work properly.

Update 2: I've commented out the define("SECURE_URL_BASE",str_replace("http","https",$master_url)) line from html/project/project.inc and currently testing to see if this change has had any effect. However, I do believe that such kind of a workaround would only be acceptable for a dev environment, and I would appreciate if you could, please, direct me towards a proper solution which has SSL enabled and honored properly.

Update 3: The change has effectively worked as expected. Now trying to figure out how to implement the proper solution with SSL support.

[marius311]

Hi Hristog, I need to remind myself how exactly I set everything up, this repo was never meant for as general use as boinc-server-docker (I'm happy to help further though, although I am curious why you want to run this vs. the generic boinc-server-docker?)

But what I can tell you is that in production, what I do is simply log in to C@H server and run certbot from inside the apache container to set up SSL via letsencrypt. You can see letsencrypt is a volume which is mounted, so the cetificates all get stored there and also survive any restarts of the containers. Also certbot is installed in the apache container here, so you could copy that e.g. for your custom project built from the boinc-server-docker containers.

[hristog]

(I'm happy to help further though, although I am curious why you want to run this vs. the generic boinc-server-docker?)

I'm new to BOINC development (although I had SETI@Home running back in 2011 for a while) and want to understand better the workings of a real-world project, like Cosmology@Home.

I like your boinc-server-docker approach very much, and my intention has been to complement my understanding of how the various components communicate via getting a local version of Cosmology@Home running. I've got other BOINC open source projects on my list to study, but chose Cosmology@Home as a starting point, because the technologies used within the project seem to be closest to my own skills and experience.

Your second paragraph does answer my question. Thanks for offering to help further, though! At the current stage, I wouldn't want to bother you more about this, as I still need to do my homework properly and play around with a few more codebases besides yours.

I'm closing the issue. Thanks for your time :)