I have a rails application with apache, passenger, with kerberos protection.
One of the controllers (UsersController) provides one action (responds with json) that must be available externally.
When i try to access it ($ curl ...), the server returns Kerberos authentication error.
What should i do in this kind of situations. Configure httpd.conf to 'allow any' for one specific file, isolating the externally available methods in one file or is it a better solution?
I solved it configuring the specific dir in apache httpd.conf
<Location "/users/user_action.json*">
Order allow,deny
Allow from all
satisfy any
</Location>
Thanks
Related
I have a server where I am hosting several apps. They are all accessible on their own subdirectories through the same server name, so my app foo is found at www.servername.com/foo and bar is found at www.servername.com/bar and so on. Most of these apps are Flask apps with the route and the static files configured through apache VirtualHost *:443 to run SSL.
I have been given another Flask app, baz, to run on the server which has been configured to spin up into two Docker containers, one for the app and one for the database. I have managed to adjust my apache .conf file as follows:
<VirtualHost *:443>
ServerName www.servername.com
# some additional config for my other apps, in Directories and static aliases
ProxyPreserveHost On
SSLProxyEngine On
<Proxy *>
Allow from *
</Proxy>
ProxyPass "/baz" "http://<IP address>:5000"
ProxyPassReverse "/baz" "http://<IP address>:5000"
</VirtualHost>
I think the configuration is reaching the running container, because when I go to www.servername.com/baz it redirects to www.servername.com/login. It should redirect to www.servername.com/baz/login, but clearly something hasn't gone right. How can I get the proxy to correctly direct all baz traffic through the /baz subdirectory?
Additionally, I can manually navigate to www.servername.com/baz/login to see the login page for the baz app, but it appears not to have loaded the CSS, so I assume the static files are not being loaded. Do I need to set up an alias for these static files too, like I do with my other non-Docker Flask apps? If so, the standard format that I usually use:
Alias baz/static /path/to/baz/static
is not working. On a whim, I also tried something weirder just to see if it would work:
Alias "baz/static" "http://<IP address>:5000/static"
but this didn't work either. Perhaps it will be fixed by addressing the proxy routing issue above, but how can I make the static files accessible to the baz app?
It sounds like the website that is running under /baz doesn't know that's where it's running and so is rendering URLs under / instead. You have a couple of options:
Use subdomains: baz.servername.com. Then the Flask apps can just use / freely without conflicts.
Make the Flask apps aware of where they're serving, so your Flask app is configured to use /baz to prefix every URL it serves.
I'm using mod-mono for deploying an asp.net mvc application on Ubuntu Server 10.04. The following packages were installed: mono-apache-server4 libapache2-mod-mono apache2.
There are several blogs that configure mod-mono virtual hosts via the sites-available Apache configuration. For example, I could modify /etc/apache2/sites-available/default configuration like this:
<VirtualHost *:80>
ServerAdmin webmaster#localhost
MonoApplications "/:/var/www"
MonoServerPath /usr/bin/mod-mono-server4
... more default configuration
But then there are also sites that advise to use an webapp file for mod-mono virtual host configuration. For example, I could modify /etc/mono-server4/debian.webapp like this:
<apps>
<web-application>
<name>default</name>
<vpath>/</vpath>
<path>/var/www/</path>
<vhost>127.0.0.1</vhost>
</web-application>
</apps>
Both approaches however need an apache site SetHandler mono configuration setting.
The only difference I noticed is that for sites configuration I have to explicitly define mod-mono-server4 (otherwise the system is trying to start a server2 instance which is not installed). When configured via sites configuration it also seems that there is an additional mono_server process spawned.
I guess I should go with the webapp option, but are there any "big" differences between this two approaches? Is webapp configuration distribution specific or why are there two options anyway?
Webapp config file approach can also be used with stand-alone XSP4, without the need of apache.
For example, you can run:
xsp4 --appconfigfile etc/mono-server4/debian.webapp
And you'll get XSP4 working with your webapp config file.
I have a Rails server (Passenger/Apache) that is running for all intents and purposes, LDAP authentication.
<Directory "/railsapp/public">
AllowOverride All
Allow from all
Require valid-user
Options -MultiViews
</Directory>
I use the REMOTE_USER variable in conjunction with a local database for user authentication. However, I have a set of special hosts that need to be able to wget a route from this rails application. The application already has the logic to not check REMOTE_USER for these routes.
Possible solutions are configuring a .htaccess for a special user and password to use for authentication, but this would grant access to the application. Instead, I was thinking of whitelisting the mostly static list of hosts such that Require valid-user would not apply to these hosts.
How would I setup /railsapp/public/.htaccess and/or the vhost.conf for this?
I tried (in .htaccess)
allow from myhost.mydomain.com
and restarted apache, but I still get 401 Authorization Required when trying from myhost.
How would I go about avoiding the authentication I put on my webapp? Solutions need not be restricted to how I'm trying to go about this, but I absolutely need the LDAP REMOTE_USER for my primary application.
Add the Satisfy directive
Satisfy Any
as well as
allow from myhost.mydomain.com
to your .htaccess.
I've searched the web, but I can only find information on sharing code between multiple sites and on separating the database to isolated models. This is not what I want.
I want to run a single rails server, with a single DNS address and a single port - http://myportal.com - that will handle several other sites - http://myportal.com/site1, http://myportal.com/site2 etc.
I want each site to have it's own folder(and SCM repository), it's own database, it's own routing - it's own everything. That is - I want to be able to develop each site as a standalone - that means I need to be able to run site1 site as http://localhost:3000 and not http://localhost:3000/site1.
On the server, the root site(the one that responds to the http://myportal.com address should be the one I run the server from, and it should know the absolute paths of the other sites(which will be in different directories on the server, not in child directories of the root site) and provide routing information for them - but it should also chain to the other sites routes.rb files. That means that if I go to address http://myportal.com/site1/books/ the root site should handle http://myportal.com/site1, and site1 should handle /books/. The root site should not need to know about the other sites' internal routing structures.
Is this possible? Right now I'm running the rails server that comes with the gem(rails server from the command line) on a Windows Server 2008 server, but I'm willing to install another server if that's what needed to accomplish the goal I described.
Thanks in advance!
You should be able to do this with Apache or nginx and possibly IIS if configured correctly. I'm most familiar with Apache and the flexible mod_rewrite and mod_proxy components that can facilitate this.
The idea is you rewrite http://example.com/ to be http://example.com:3000/ and http://example.com/site2 as http://example.com:3001/site2 and so forth.
It's also possible to do this with Passenger and some clever use of the VirtualHost directive, but you may have to fiddle to get a configuration that works for you. Remember that rewriting the headers to route internally has no effect on the resulting HTML your servers emit.
Create a symlink:
cd ~/Sites
ln -s /Users/hg/Developer/Rails/railsproj1/public ./railsproj1
modify apache config file
<VirtualHost *:80>
ServerName localhost
DocumentRoot /Users/hg/Sites
<Directory /Users/hg/Sites>
AllowOverride All
Options Indexes FollowSymLinks MultiViews
Order allow,deny
Allow from all
</Directory>
RailsBaseURI /railsproj1
RailsEnv development
</VirtualHost>
Answer source: http://collab.stat.ucla.edu/users/jose/weblog/9e335/
I'm currently developing on my local pc, to which I have complete access of course.
However to my production server I have only FTP access.
Now, this step
http://www.symfony-project.org/getting-started/1_4/en/05-Web-Server-Configuration
On Symfony's installation guide, suggests that I need to edit the httpd.conf
I was wondering if there's an alternative since I don't have access to it on production.
Try reading this. I haven't tried installing Symfony on a shared host, but I see no reason for it not to work.
Generally shared hosts allow you to set configuration parameters in .htaccess files, so you can override httpd.conf without modifying it.