[OOTB-infra] misdirecting honeycomb instance (@heiko)

Heiko Robert heiko.orderofthebee.info at ecm4u.de
Tue Jun 9 17:30:41 BST 2015 

Hi Martin,

why putting this on the mailing list and not in a ticket and document
conclusions in a wiki page? I feel not very comfortable with searching
in hundreds of emails for documentation months later ...

To your question:

You and Lanre have full access to all components

Documentation can be found here:
https://support.orderofthebee.org/projects/infra/wiki/VMs_external_and_internal_network

Ports and IPs are managed with pfsense, vhost redirection is handled
with apache on web.dmz[n].orderofthebee.org

Could you please elaborate on what you mean with "the honeycomb build
also includes configuration for these things"? Do you have your own
reverse proxy components (apache/nginx)? Even though it would be
possible to chain the requests with and without SSL termination. The
most important thing is to configure the tomcat connectors the right way
and to handle the http header as expected on all involved hops.

You should support a flag in your puppet script to allow existing
reverse proxys and not to start your own - or to allow your local one to
cooperate with others.

But before going into more detail: What is the expected behavior for
your puppet build? Do you expect to run behind a reverse proxy (which
would be the default for most real world scenarios) or is your intention
to forward the full port to your VM? In the latter case you'll loose the
port on the external IP and you'll need a separate IP for every VM. On
our infrastructure we have only 1 public IP for several use cases. If
you still think it is necessary to forward the full port to your VM you
can open an unused port on the firewall and forward it to your target VM.

I suggest you scribble an image we may discuss on?

I didn't get the positioning of the puppet build yet and why we need
puppet for a general honeycomb build. Hosters would be happy but the
rest may be overwhelmed? Positioning would help to find the best use
case and solution for the problem you discuss here.

Heiko

Am 09.06.2015 um 17:43 schrieb Martin Cosgrave:
> 
> Hey all
> 
> this needs to be recorded here but at the moment only heiko can fix AFAIK
> 
> at the moment there is a default setup for vhosts which includes
> redirection and ssl-termination; unfortunately the honeycomb build also
> includes configuration for these things in its puppet config and so we
> end up conflicting, in particular the redirection rules are conflicting
> so https://beehive.orderofthebee.org/ gets a redirect error.
> 
> probably the ssl termination is an issue too since we firewall the
> non-ssl ports
> 
> is there a way to get an unmodified request to the backend and let it
> deal with ssl termination etc.?
> 
> 
> _______________________________________________
> OOTB-infra mailing list
> OOTB-infra at xtreamlab.net
> http://www.xtreamlab.net/mailman/listinfo/ootb-infra

More information about the OOTB-infra mailing list