[OOTB-infra] misdirecting honeycomb instance (@heiko)

Martin Cosgrave martin at ocretail.com
Tue Jun 9 19:04:35 BST 2015 

Hi Heiko

We don't have a tickets system. I guess I could have raised a github 
issue but the way we deal with things is on the public list and in 
github. The wiki and redmine thing are not really seriously our 
infrastructure as far as I know.

I just want to know if it is possible to have a virtual host proxy 
without any ssl termination or url rewriting, as our instance already 
handles that.

Thanks
Martin

On 09/06/15 18:30, Heiko Robert wrote:
> Hi Martin,
>
> why putting this on the mailing list and not in a ticket and document
> conclusions in a wiki page? I feel not very comfortable with searching
> in hundreds of emails for documentation months later ...
>
> To your question:
>
> You and Lanre have full access to all components
>
> Documentation can be found here:
> https://support.orderofthebee.org/projects/infra/wiki/VMs_external_and_internal_network
>
> Ports and IPs are managed with pfsense, vhost redirection is handled
> with apache on web.dmz[n].orderofthebee.org
>
> Could you please elaborate on what you mean with "the honeycomb build
> also includes configuration for these things"? Do you have your own
> reverse proxy components (apache/nginx)? Even though it would be
> possible to chain the requests with and without SSL termination. The
> most important thing is to configure the tomcat connectors the right way
> and to handle the http header as expected on all involved hops.
>
> You should support a flag in your puppet script to allow existing
> reverse proxys and not to start your own - or to allow your local one to
> cooperate with others.
>
> But before going into more detail: What is the expected behavior for
> your puppet build? Do you expect to run behind a reverse proxy (which
> would be the default for most real world scenarios) or is your intention
> to forward the full port to your VM? In the latter case you'll loose the
> port on the external IP and you'll need a separate IP for every VM. On
> our infrastructure we have only 1 public IP for several use cases. If
> you still think it is necessary to forward the full port to your VM you
> can open an unused port on the firewall and forward it to your target VM.
>
> I suggest you scribble an image we may discuss on?
>
> I didn't get the positioning of the puppet build yet and why we need
> puppet for a general honeycomb build. Hosters would be happy but the
> rest may be overwhelmed? Positioning would help to find the best use
> case and solution for the problem you discuss here.
>
> Heiko
>
> Am 09.06.2015 um 17:43 schrieb Martin Cosgrave:
>> Hey all
>>
>> this needs to be recorded here but at the moment only heiko can fix AFAIK
>>
>> at the moment there is a default setup for vhosts which includes
>> redirection and ssl-termination; unfortunately the honeycomb build also
>> includes configuration for these things in its puppet config and so we
>> end up conflicting, in particular the redirection rules are conflicting
>> so https://beehive.orderofthebee.org/ gets a redirect error.
>>
>> probably the ssl termination is an issue too since we firewall the
>> non-ssl ports
>>
>> is there a way to get an unmodified request to the backend and let it
>> deal with ssl termination etc.?
>>
>>
>> _______________________________________________
>> OOTB-infra mailing list
>> OOTB-infra at xtreamlab.net
>> http://www.xtreamlab.net/mailman/listinfo/ootb-infra
> _______________________________________________
> OOTB-infra mailing list
> OOTB-infra at xtreamlab.net
> http://www.xtreamlab.net/mailman/listinfo/ootb-infra

More information about the OOTB-infra mailing list