Hi Brian, Something to try would be to add:
os.environ['HTTPS'] = 'on' to htdocs/reviewboard.wsgi. See if that makes a difference. I noticed this at one point as well. We need to change things to generate this by default if using https, or find a beter way to turn it on by default. Christian -- Christian Hammond - chip...@chipx86.com Review Board - http://www.reviewboard.org VMware, Inc. - http://www.vmware.com On Wed, Dec 5, 2012 at 4:31 PM, Brian Lewis <*@brianlewis.us> wrote: > Hello All, > > I've been racking my brain on this for a couple of days and figured I'd > post here before I refactor my entire setup. Basically what we are doing > is, we have two servers - one is a standard apache web node that acts as a > proxy server and terminates SSL, then we have reviewboard being proxied > behind that. > > I've got everything setup and working with the exception of one piece. I > can upload a diff, I can add titles, descriptions, reviewers, etc. Tracing > the requests I can see that https is being returned as the request URL, > HOWEVER, when you go to publish a review, we get a 304 error and the > request URL is a non-https link. > > I'm doing the rewriting from the web node directly, with a mod_rewrite > specifically calling out that its proxied (but changing or completely > removing the options doesn't make any difference) For reference, here's the > rewrite :: > > RewriteCond %{HTTPS} off > RewriteRule .* https://%{HTTP_HOST}%{REQUEST_**URI} [R=301,P,PT,L] > > > When I click on publish, essentially I see two requests (and nothing at > all in the debug logs, etc) The first :: > > Request URL:*https://reviewboard.boku.com/reviews/api/review- > requests/189/?api_format=json* > Request Method:GET > Status Code:304 NOT MODIFIED > Request Headersview source > Accept:application/json, text/javascript, */* > Accept-Charset:ISO-8859-1,utf-**8;q=0.7,*;q=0.3 > Accept-Encoding:gzip,deflate,**sdch > Accept-Language:en-US,en;q=0.8 > Cache-Control:max-age=0 > Connection:keep-alive > Cookie:rbsessionid=**bbf077166394571eaaf514053e6c46**91; > __utma=109258518.568604164.**1352840613.1352938162.**1354736370.4; > __utmc=109258518; __utmz=109258518.1352929269.2.**2.utmcsr=google|utmccn=( > **organic)|utmcmd=organic|**utmctr=(not%20provided); csrftoken=** > b6dec71b9219e2090d9d98acf203e1**f4 > Host:reviewboard.boku.com > If-Modified-Since:Wed, 05 Dec 2012 22:02:11 GMT > Referer:https://reviewboard.**boku.com/reviews/r/189/<https://reviewboard.boku.com/reviews/r/189/> > User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) > AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.95 Safari/537.11 > X-Requested-With:**XMLHttpRequest > Query String Parametersview URL encoded > api_format:json > Response Headersview source > Cache-Control:max-age=0 > Connection:close > Date:Thu, 06 Dec 2012 00:12:46 GMT > Expires:Thu, 06 Dec 2012 00:12:48 GMT > Server:Apache/2.2.15 (CentOS) > Vary:Accept,Cookie,Accept-**Language > > The second :: > > > Request URL:*http://reviewboard.boku.com/reviews/api/review- > requests/189/draft/* > Request Method:OPTIONS > Status Code:200 OK > Request Headersview source > Accept:*/* > Accept-Charset:ISO-8859-1,utf-**8;q=0.7,*;q=0.3 > Accept-Encoding:gzip,deflate,**sdch > Accept-Language:en-US,en;q=0.8 > Access-Control-Request-**Headers:origin, x-requested-with, content-type, > accept > Access-Control-Request-Method:**PUT > Connection:keep-alive > Host:reviewboard.boku.com > Origin:https://reviewboard.**boku.com <https://reviewboard.boku.com/> > User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) > AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.95 Safari/537.11 > Response Headersview source > Allow:GET,HEAD,POST,OPTIONS > Connection:close > Content-Length:0 > Content-Type:text/plain; charset=UTF-8 > Date:Thu, 06 Dec 2012 00:12:48 GMT > Server:Apache > > > literally every other request comes in via HTTPS, clicking on links, > performing actions, etc. the ONLY thing that fails is publishing. I'm not > sure what to do next at this point so I wanted to see if anyone had ever > run into this. Below I will also paste the apache config for the proxy/ssl > term server and the web head for comparison. > > > SSL Proxy :: > > <VirtualHost 192.168.200.124:443> > > ServerName reviewboard.COMPANYNAME.com<http://reviewboard.companyname.com/> > > SSLEngine on > > SSLProtocol all -SSLv2 > > SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+**RSA:+HIGH:+MEDIUM:+LOW > > SSLCertificateFile /etc/pki/entrust-certs/star.**COMPANYNAME.com/star.** > COMPANYNAME.com.crt <http://star.companyname.com/star.COMPANYNAME.com.crt> > > SSLCertificateKeyFile /etc/pki/entrust-certs/star.** > COMPANYNAME.com/star.**COMPANYNAME.com.key<http://star.companyname.com/star.COMPANYNAME.com.key> > > SSLCACertificateFile /etc/pki/entrust-certs/star.**COMPANYNAME.com/star. > **COMPANYNAME.com_bundle.crt<http://star.companyname.com/star.COMPANYNAME.com_bundle.crt> > > # SSLCertificateFile /etc/pki/tls/certs/**COMPANYNAME.com.crt > > # SSLCertificateKeyFile /etc/pki/tls/certs/**COMPANYNAME.com.key > > # SSLCACertificateFile /etc/pki/tls/certs/gd_bundle.**crt > > > # Default to not cache anything > > ExpiresActive On > > ExpiresDefault "access plus 0 seconds" > > > # Cache just images > > ExpiresByType image/gif "access plus 10 minutes" > > ExpiresByType image/jpg "access plus 10 minutes" > > ExpiresByType image/png "access plus 10 minutes" > > > proxyPreserveHost On > > ProxyRequests On > > > ProxyPass / > http://reviewboard01.local-**COMPANYNAME.net:8080/<http://reviewboard01.local-companyname.net:8080/> > > ProxyPassReverse / > http://reviewboard01.local-**COMPANYNAME.net:8080/<http://reviewboard01.local-companyname.net:8080/> > > <Location /> > > ProxyPassReverse / > > Order deny,allow > > Allow from all > > </Location> > > RequestHeader edit Location > ^http://reviewboard.**COMPANYNAME.com/<http://reviewboard.companyname.com/> > https://reviewboard.**COMPANYNAME.com/<https://reviewboard.companyname.com/> > > > CustomLog /var/log/httpd/reviewboard.**COMPANYNAME.com-access.log common > > ErrorLog /var/log/httpd/reviewboard.**COMPANYNAME.com-error.log > > SetEnv HTTPS on > > > </VirtualHost> > > > <VirtualHost *:80> > > ServerName reviewboard.COMPANYNAME.com<http://reviewboard.companyname.com/> > > #RewriteEngine on > > > # Rewrite traffic back to > https://reviewboard.**COMPANYNAME.com<https://reviewboard.companyname.com/> > > # RewriteCond %{SERVER_NAME} > reviewboard.COMPANYNAME.com<http://reviewboard.companyname.com/> > > # RewriteCond %{HTTPS} !=on > > # RewriteRule ^/(.*)$ > https://reviewboard.**COMPANYNAME.com/$1<https://reviewboard.companyname.com/$1> > [R=301,PT] > > > RewriteCond %{HTTPS} off > > RewriteRule .* https://%{HTTP_HOST}%{REQUEST_**URI} [R=301,P,PT,L] > > > CustomLog /var/log/httpd/reviewboard.**COMPANYNAME.com-access.log common > > ErrorLog /var/log/httpd/reviewboard.**COMPANYNAME.com-error.log > > SetEnv HTTPS on > > </VirtualHost> > > > > Web Node/Node running Reviewboard > > > Listen 8080 > > <VirtualHost *:8080> > > SetEnv HTTPS on > > ServerName > reviewboard01.local-**COMPANYNAME.net<http://reviewboard01.local-companyname.net/> > > DocumentRoot "/var/www/reviewboard/htdocs" > > #LogLevel debug > > # Error handlers > > ErrorDocument 500 /errordocs/500.html > > > WSGIPassAuthorization On > > WSGIScriptAlias "/reviews" "/var/www/reviewboard/htdocs/** > reviewboard.wsgi/reviews" > > <Directory "/var/www/reviewboard/htdocs"> > > AllowOverride All > > Options -Indexes FollowSymLinks > > Allow from all > > </Directory> > > > # Alias static media requests to filesystem > > Alias /reviews/media "/var/www/reviewboard/htdocs/**media" > > Alias /reviews/errordocs "/var/www/reviewboard/htdocs/**errordocs" > > Alias /reviews/favicon.ico "/var/www/reviewboard/htdocs/** > media/rbcommons/images/**favicon.png" > > > Any help here would be greatly appreciated! > > > Best, > > Brian > > -- > Want to help the Review Board project? Donate today at > http://www.reviewboard.org/donate/ > Happy user? Let us know at http://www.reviewboard.org/users/ > -~----------~----~----~----~------~----~------~--~--- > To unsubscribe from this group, send email to > reviewboard+unsubscr...@googlegroups.com > For more options, visit this group at > http://groups.google.com/group/reviewboard?hl=en > > > -- Want to help the Review Board project? Donate today at http://www.reviewboard.org/donate/ Happy user? Let us know at http://www.reviewboard.org/users/ -~----------~----~----~----~------~----~------~--~--- To unsubscribe from this group, send email to reviewboard+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/reviewboard?hl=en