Accessing non-SSL via IP yields INCORROUT

viccross / ansible-playbooks

My collection of Ansible playbooks for various tasks (dominated by Openshift, currently)

Apache License 2.0

2 stars 3 forks source link

Accessing non-SSL via IP yields INCORROUT #193

Closed viccross closed 8 months ago

viccross commented 8 months ago

When the non-secure site is accessed via IP, a typical situation in initial setup when DNS/names are not available, the page does not render:

No topline header or menu
Garbage in the "GO!" button

viccross commented 8 months ago

In the nonssl.conf, the definition of the non-secure site is selected using

<VirtualHost {{ guest_install_hostname }}.{{ cluster_domain_name }}:8080>

So it will only ever apply if the site is accessed using the exact host name. If not, the default definitions apply and the SSIs do not get processed.

Changing to

<VirtualHost *:8080>

will allow for the site to be viewed properly no matter what address/name is used to access.

viccross commented 8 months ago

Reopening. Turns out that accessing the RHOCP install-time content is affected slightly by the config in nonssl.conf. Specifically, the FilesMatch that blocks PHP and certain HTML files overrides the Options Indexes specification, which means that the bootfiles and install sections cannot be indexed.

viccross commented 8 months ago

Added <Directory> stanzas that enable the required Indexes and FollowSymlinks options for bootfiles and install (and also disabling the SymlinksIfOwnerMatch option for install). To fully enable indexing however it was necessary to add a <FilesMatch> for index.php, even though there is no such file.