Hi Brian,
Something to try would be to add:
os.environ['HTTPS'] = 'on'
to htdocs/reviewboard.wsgi.
See if that makes a difference. I noticed this at one point as well. We
need to change things to generate this by default if using https, or find a
beter way to turn it on by default.
Christian
--
Christian Hammond - chip...@chipx86.com
Review Board - http://www.reviewboard.org
VMware, Inc. - http://www.vmware.com
On Wed, Dec 5, 2012 at 4:31 PM, Brian Lewis <*@brianlewis.us> wrote:
> Hello All,
>
> I've been racking my brain on this for a couple of days and figured I'd
> post here before I refactor my entire setup. Basically what we are doing
> is, we have two servers - one is a standard apache web node that acts as a
> proxy server and terminates SSL, then we have reviewboard being proxied
> behind that.
>
> I've got everything setup and working with the exception of one piece. I
> can upload a diff, I can add titles, descriptions, reviewers, etc. Tracing
> the requests I can see that https is being returned as the request URL,
> HOWEVER, when you go to publish a review, we get a 304 error and the
> request URL is a non-https link.
>
> I'm doing the rewriting from the web node directly, with a mod_rewrite
> specifically calling out that its proxied (but changing or completely
> removing the options doesn't make any difference) For reference, here's the
> rewrite ::
>
> RewriteCond %{HTTPS} off
> RewriteRule .* https://%{HTTP_HOST}%{REQUEST_**URI} [R=301,P,PT,L]
>
>
> When I click on publish, essentially I see two requests (and nothing at
> all in the debug logs, etc) The first ::
>
> Request URL:*https://reviewboard.boku.com/reviews/api/review-
> requests/189/?api_format=json*
> Request Method:GET
> Status Code:304 NOT MODIFIED
> Request Headersview source
> Accept:application/json, text/javascript, */*
> Accept-Charset:ISO-8859-1,utf-**8;q=0.7,*;q=0.3
> Accept-Encoding:gzip,deflate,**sdch
> Accept-Language:en-US,en;q=0.8
> Cache-Control:max-age=0
> Connection:keep-alive
> Cookie:rbsessionid=**bbf077166394571eaaf514053e6c46**91;
> __utma=109258518.568604164.**1352840613.1352938162.**1354736370.4;
> __utmc=109258518; __utmz=109258518.1352929269.2.**2.utmcsr=google|utmccn=(
> **organic)|utmcmd=organic|**utmctr=(not%20provided); csrftoken=**
> b6dec71b9219e2090d9d98acf203e1**f4
> Host:reviewboard.boku.com
> If-Modified-Since:Wed, 05 Dec 2012 22:02:11 GMT
> Referer:https://reviewboard.**boku.com/reviews/r/189/<https://reviewboard.boku.com/reviews/r/189/>
> User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5)
> AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.95 Safari/537.11
> X-Requested-With:**XMLHttpRequest
> Query String Parametersview URL encoded
> api_format:json
> Response Headersview source
> Cache-Control:max-age=0
> Connection:close
> Date:Thu, 06 Dec 2012 00:12:46 GMT
> Expires:Thu, 06 Dec 2012 00:12:48 GMT
> Server:Apache/2.2.15 (CentOS)
> Vary:Accept,Cookie,Accept-**Language
>
> The second ::
>
>
> Request URL:*http://reviewboard.boku.com/reviews/api/review-
> requests/189/draft/*
> Request Method:OPTIONS
> Status Code:200 OK
> Request Headersview source
> Accept:*/*
> Accept-Charset:ISO-8859-1,utf-**8;q=0.7,*;q=0.3
> Accept-Encoding:gzip,deflate,**sdch
> Accept-Language:en-US,en;q=0.8
> Access-Control-Request-**Headers:origin, x-requested-with, content-type,
> accept
> Access-Control-Request-Method:**PUT
> Connection:keep-alive
> Host:reviewboard.boku.com
> Origin:https://reviewboard.**boku.com <https://reviewboard.boku.com/>
> User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5)
> AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.95 Safari/537.11
> Response Headersview source
> Allow:GET,HEAD,POST,OPTIONS
> Connection:close
> Content-Length:0
> Content-Type:text/plain; charset=UTF-8
> Date:Thu, 06 Dec 2012 00:12:48 GMT
> Server:Apache
>
>
> literally every other request comes in via HTTPS, clicking on links,
> performing actions, etc. the ONLY thing that fails is publishing. I'm not
> sure what to do next at this point so I wanted to see if anyone had ever
> run into this. Below I will also paste the apache config for the proxy/ssl
> term server and the web head for comparison.
>
>
> SSL Proxy ::
>
> <VirtualHost 192.168.200.124:443>
>
> ServerName reviewboard.COMPANYNAME.com<http://reviewboard.companyname.com/>
>
> SSLEngine on
>
> SSLProtocol all -SSLv2
>
> SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+**RSA:+HIGH:+MEDIUM:+LOW
>
> SSLCertificateFile /etc/pki/entrust-certs/star.**COMPANYNAME.com/star.**
> COMPANYNAME.com.crt <http://star.companyname.com/star.COMPANYNAME.com.crt>
>
> SSLCertificateKeyFile /etc/pki/entrust-certs/star.**
> COMPANYNAME.com/star.**COMPANYNAME.com.key<http://star.companyname.com/star.COMPANYNAME.com.key>
>
> SSLCACertificateFile /etc/pki/entrust-certs/star.**COMPANYNAME.com/star.
> **COMPANYNAME.com_bundle.crt<http://star.companyname.com/star.COMPANYNAME.com_bundle.crt>
>
> # SSLCertificateFile /etc/pki/tls/certs/**COMPANYNAME.com.crt
>
> # SSLCertificateKeyFile /etc/pki/tls/certs/**COMPANYNAME.com.key
>
> # SSLCACertificateFile /etc/pki/tls/certs/gd_bundle.**crt
>
>
> # Default to not cache anything
>
> ExpiresActive On
>
> ExpiresDefault "access plus 0 seconds"
>
>
> # Cache just images
>
> ExpiresByType image/gif "access plus 10 minutes"
>
> ExpiresByType image/jpg "access plus 10 minutes"
>
> ExpiresByType image/png "access plus 10 minutes"
>
>
> proxyPreserveHost On
>
> ProxyRequests On
>
>
> ProxyPass /
> http://reviewboard01.local-**COMPANYNAME.net:8080/<http://reviewboard01.local-companyname.net:8080/>
>
> ProxyPassReverse /
> http://reviewboard01.local-**COMPANYNAME.net:8080/<http://reviewboard01.local-companyname.net:8080/>
>
> <Location />
>
> ProxyPassReverse /
>
> Order deny,allow
>
> Allow from all
>
> </Location>
>
> RequestHeader edit Location
> ^http://reviewboard.**COMPANYNAME.com/<http://reviewboard.companyname.com/>
> https://reviewboard.**COMPANYNAME.com/<https://reviewboard.companyname.com/>
>
>
> CustomLog /var/log/httpd/reviewboard.**COMPANYNAME.com-access.log common
>
> ErrorLog /var/log/httpd/reviewboard.**COMPANYNAME.com-error.log
>
> SetEnv HTTPS on
>
>
> </VirtualHost>
>
>
> <VirtualHost *:80>
>
> ServerName reviewboard.COMPANYNAME.com<http://reviewboard.companyname.com/>
>
> #RewriteEngine on
>
>
> # Rewrite traffic back to
> https://reviewboard.**COMPANYNAME.com<https://reviewboard.companyname.com/>
>
> # RewriteCond %{SERVER_NAME}
> reviewboard.COMPANYNAME.com<http://reviewboard.companyname.com/>
>
> # RewriteCond %{HTTPS} !=on
>
> # RewriteRule ^/(.*)$
> https://reviewboard.**COMPANYNAME.com/$1<https://reviewboard.companyname.com/$1>
> [R=301,PT]
>
>
> RewriteCond %{HTTPS} off
>
> RewriteRule .* https://%{HTTP_HOST}%{REQUEST_**URI} [R=301,P,PT,L]
>
>
> CustomLog /var/log/httpd/reviewboard.**COMPANYNAME.com-access.log common
>
> ErrorLog /var/log/httpd/reviewboard.**COMPANYNAME.com-error.log
>
> SetEnv HTTPS on
>
> </VirtualHost>
>
>
>
> Web Node/Node running Reviewboard
>
>
> Listen 8080
>
> <VirtualHost *:8080>
>
> SetEnv HTTPS on
>
> ServerName
> reviewboard01.local-**COMPANYNAME.net<http://reviewboard01.local-companyname.net/>
>
> DocumentRoot "/var/www/reviewboard/htdocs"
>
> #LogLevel debug
>
> # Error handlers
>
> ErrorDocument 500 /errordocs/500.html
>
>
> WSGIPassAuthorization On
>
> WSGIScriptAlias "/reviews" "/var/www/reviewboard/htdocs/**
> reviewboard.wsgi/reviews"
>
> <Directory "/var/www/reviewboard/htdocs">
>
> AllowOverride All
>
> Options -Indexes FollowSymLinks
>
> Allow from all
>
> </Directory>
>
>
> # Alias static media requests to filesystem
>
> Alias /reviews/media "/var/www/reviewboard/htdocs/**media"
>
> Alias /reviews/errordocs "/var/www/reviewboard/htdocs/**errordocs"
>
> Alias /reviews/favicon.ico "/var/www/reviewboard/htdocs/**
> media/rbcommons/images/**favicon.png"
>
>
> Any help here would be greatly appreciated!
>
>
> Best,
>
> Brian
>
> --
> Want to help the Review Board project? Donate today at
> http://www.reviewboard.org/donate/
> Happy user? Let us know at http://www.reviewboard.org/users/
> -~----------~----~----~----~------~----~------~--~---
> To unsubscribe from this group, send email to
> reviewboard+unsubscr...@googlegroups.com
> For more options, visit this group at
> http://groups.google.com/group/reviewboard?hl=en
>
>
>
--
Want to help the Review Board project? Donate today at
http://www.reviewboard.org/donate/
Happy user? Let us know at http://www.reviewboard.org/users/
-~----------~----~----~----~------~----~------~--~---
To unsubscribe from this group, send email to
reviewboard+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/reviewboard?hl=en
