Hi Brian, One more thing to sanity check. If you go to your General Settings page, do you have the server set as http://blah, or https://blah ?
Christian -- Christian Hammond - chip...@chipx86.com Review Board - http://www.reviewboard.org VMware, Inc. - http://www.vmware.com On Wed, Dec 5, 2012 at 4:59 PM, Brian Lewis <*@brianlewis.us> wrote: > Hi Christian, > > Yes - I just stopped apache and manually restarted it as well just to make > sure. Here's a copy of the reviewboard.wsgi file :: > > > import os > import sys > > os.environ['DJANGO_SETTINGS_MODULE'] = "reviewboard.settings" > os.environ['PYTHON_EGG_CACHE'] = "/var/www/reviewboard/tmp/egg_cache" > os.environ['HOME'] = "/var/www/reviewboard/data" > os.environ['HTTPS'] = 'on' > sys.path = ['/var/www/reviewboard/conf'] + sys.path > > import django.core.handlers.wsgi > application = django.core.handlers.wsgi.WSGIHandler() > > > > On Wednesday, December 5, 2012 4:52:12 PM UTC-8, Christian Hammond wrote: > >> Just to sanity check, did you reload Apache? >> >> We put in absolute URLs, and we tell Django to build those for us. Django >> will insert "https" if it sees the "HTTPS" environment variable set to >> "on", and "http" otherwise. Provided the process is ending up with this >> environment variable set, and the server is reloaded, it should be working. >> Would you mind pasting the reviewboard.wsgi file? >> >> Christian >> >> -- >> Christian Hammond - chi...@chipx86.com >> Review Board - http://www.reviewboard.org >> VMware, Inc. - http://www.vmware.com >> >> >> >> On Wed, Dec 5, 2012 at 4:46 PM, Brian Lewis <*...@brianlewis.us> wrote: >> >>> Hi Christian, >>> >>> Just tried that and there's no change. Additionally, I notice the >>> response from the first request looks like this (notice the http URL's vs >>> https.. almost like it sees the redirect but doesn't want to follow it!) >>> >>> {"stat": "ok", "review_request": {"status": "pending", "last_updated": >>> "2012-12-05 14:02:11", "description": "", "links": {"diffs": {"href": " >>> http://reviewboard.**COMPANYNAME.com/reviews/api/** >>> review-requests/189/diffs/<http://reviewboard.COMPANYNAME.com/reviews/api/review-requests/189/diffs/>", >>> "method": "GET"}, "repository": {"href": "http://reviewboard.** >>> COMPANYNAME.com/reviews/api/**repositories/3/<http://reviewboard.COMPANYNAME.com/reviews/api/repositories/3/>", >>> "method": "GET", "title": "Puppet"}, "screenshots": {"href": " >>> http://reviewboard.**COMPANYNAME.com/reviews/api/**review-requests/189/* >>> *screenshots/<http://reviewboard.COMPANYNAME.com/reviews/api/review-requests/189/screenshots/>", >>> "method": "GET"}, "self": {"href": "http://reviewboard.** >>> COMPANYNAME.com/reviews/api/**review-requests/189/<http://reviewboard.COMPANYNAME.com/reviews/api/review-requests/189/>", >>> "method": "GET"}, "update": {"href": "http://reviewboard.** >>> COMPANYNAME.com/reviews/api/**review-requests/189/<http://reviewboard.COMPANYNAME.com/reviews/api/review-requests/189/>", >>> "method": "PUT"}, "last_update": {"href": "http://reviewboard.** >>> COMPANYNAME.com/reviews/api/**review-requests/189/last-**update/<http://reviewboard.COMPANYNAME.com/reviews/api/review-requests/189/last-update/>", >>> "method": "GET"}, "reviews": {"href": "http://reviewboard.** >>> COMPANYNAME.com/reviews/api/**review-requests/189/reviews/<http://reviewboard.COMPANYNAME.com/reviews/api/review-requests/189/reviews/>", >>> "method": "GET"}, "draft": {"href": "http://reviewboard.** >>> COMPANYNAME.com/reviews/api/**review-requests/189/draft/<http://reviewboard.COMPANYNAME.com/reviews/api/review-requests/189/draft/>", >>> "method": "GET"}, "file_attachments": {"href": "http://reviewboard.** >>> COMPANYNAME.com/reviews/api/**review-requests/189/file-**attachments/<http://reviewboard.COMPANYNAME.com/reviews/api/review-requests/189/file-attachments/>", >>> "method": "GET"}, "submitter": {"href": "http://reviewboard.** >>> COMPANYNAME.com/reviews/api/**users/admin/<http://reviewboard.COMPANYNAME.com/reviews/api/users/admin/>", >>> "method": "GET", "title": "admin"}, "changes": {"href": " >>> http://reviewboard.**COMPANYNAME.com/reviews/api/** >>> review-requests/189/changes/<http://reviewboard.COMPANYNAME.com/reviews/api/review-requests/189/changes/>", >>> "method": "GET"}, "delete": {"href": "http://reviewboard.** >>> COMPANYNAME.com/reviews/api/**review-requests/189/<http://reviewboard.COMPANYNAME.com/reviews/api/review-requests/189/>", >>> "method": "DELETE"}}, "public": false, "target_groups": [], "bugs_closed": >>> [], "changenum": null, "target_people": [], "testing_done": "", "branch": >>> "", "time_added": "2012-12-05 14:02:11", "summary": "", "id": 189}} >>> >>> On Wednesday, December 5, 2012 4:38:51 PM UTC-8, Christian Hammond wrote: >>> >>>> Hi Brian, >>>> >>>> Something to try would be to add: >>>> >>>> os.environ['HTTPS'] = 'on' >>>> >>>> to htdocs/reviewboard.wsgi. >>>> >>>> See if that makes a difference. I noticed this at one point as well. We >>>> need to change things to generate this by default if using https, or find a >>>> beter way to turn it on by default. >>>> >>>> Christian >>>> >>>> -- >>>> Christian Hammond - chi...@chipx86.com >>>> >>>> Review Board - http://www.reviewboard.org >>>> VMware, Inc. - http://www.vmware.com >>>> >>>> >>>> >>>> On Wed, Dec 5, 2012 at 4:31 PM, Brian Lewis <*...@brianlewis.us> wrote: >>>> >>>>> Hello All, >>>>> >>>>> I've been racking my brain on this for a couple of days and figured >>>>> I'd post here before I refactor my entire setup. Basically what we are >>>>> doing is, we have two servers - one is a standard apache web node that >>>>> acts >>>>> as a proxy server and terminates SSL, then we have reviewboard being >>>>> proxied behind that. >>>>> >>>>> I've got everything setup and working with the exception of one piece. >>>>> I can upload a diff, I can add titles, descriptions, reviewers, etc. >>>>> Tracing the requests I can see that https is being returned as the request >>>>> URL, HOWEVER, when you go to publish a review, we get a 304 error and the >>>>> request URL is a non-https link. >>>>> >>>>> I'm doing the rewriting from the web node directly, with a mod_rewrite >>>>> specifically calling out that its proxied (but changing or completely >>>>> removing the options doesn't make any difference) For reference, here's >>>>> the >>>>> rewrite :: >>>>> >>>>> RewriteCond %{HTTPS} off >>>>> RewriteRule .* https://%{HTTP_HOST}%{REQUEST_******URI} >>>>> [R=301,P,PT,L] >>>>> >>>>> >>>>> When I click on publish, essentially I see two requests (and nothing >>>>> at all in the debug logs, etc) The first :: >>>>> >>>>> Request URL:*https://reviewboard.boku.com/reviews/api/review-requests >>>>> /189/?api_format=json* >>>>> Request Method:GET >>>>> Status Code:304 NOT MODIFIED >>>>> Request Headersview source >>>>> Accept:application/json, text/javascript, */* >>>>> Accept-Charset:ISO-8859-1,utf-******8;q=0.7,*;q=0.3 >>>>> Accept-Encoding:gzip,deflate,**s****dch >>>>> Accept-Language:en-US,en;q=0.8 >>>>> Cache-Control:max-age=0 >>>>> Connection:keep-alive >>>>> Cookie:rbsessionid=**bbf07716639****4571eaaf514053e6c46**91; >>>>> __utma=109258518.568604164.**135****2840613.1352938162.**1354736370.** >>>>> **4; __utmc=109258518; __utmz=109258518.1352929269.2.****** >>>>> 2.utmcsr=google|utmccn=(**organi****c)|utmcmd=organic|**utmctr=(not%** >>>>> **20provided); csrftoken=**b6dec71b9219e2090d9d****98acf203e1**f4 >>>>> Host:reviewboard.boku.com >>>>> If-Modified-Since:Wed, 05 Dec 2012 22:02:11 GMT >>>>> Referer:https://reviewboard.**bo****ku.com/reviews/r/189/<https://reviewboard.boku.com/reviews/r/189/> >>>>> User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) >>>>> AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.95 Safari/537.11 >>>>> X-Requested-With:**XMLHttpReques****t >>>>> Query String Parametersview URL encoded >>>>> api_format:json >>>>> Response Headersview source >>>>> Cache-Control:max-age=0 >>>>> Connection:close >>>>> Date:Thu, 06 Dec 2012 00:12:46 GMT >>>>> Expires:Thu, 06 Dec 2012 00:12:48 GMT >>>>> Server:Apache/2.2.15 (CentOS) >>>>> Vary:Accept,Cookie,Accept-**Lang****uage >>>>> >>>>> The second :: >>>>> >>>>> >>>>> Request URL:*http://reviewboard.boku.com/reviews/api/review-requests/ >>>>> 189/draft/* >>>>> Request Method:OPTIONS >>>>> Status Code:200 OK >>>>> Request Headersview source >>>>> Accept:*/* >>>>> Accept-Charset:ISO-8859-1,utf-******8;q=0.7,*;q=0.3 >>>>> Accept-Encoding:gzip,deflate,**s****dch >>>>> Accept-Language:en-US,en;q=0.8 >>>>> Access-Control-Request-**Headers****:origin, x-requested-with, >>>>> content-type, accept >>>>> Access-Control-Request-Method:******PUT >>>>> Connection:keep-alive >>>>> Host:reviewboard.boku.com >>>>> Origin:https://reviewboard.**bok****u.com<https://reviewboard.boku.com/> >>>>> User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) >>>>> AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.95 Safari/537.11 >>>>> Response Headersview source >>>>> Allow:GET,HEAD,POST,OPTIONS >>>>> Connection:close >>>>> Content-Length:0 >>>>> Content-Type:text/plain; charset=UTF-8 >>>>> Date:Thu, 06 Dec 2012 00:12:48 GMT >>>>> Server:Apache >>>>> >>>>> >>>>> literally every other request comes in via HTTPS, clicking on links, >>>>> performing actions, etc. the ONLY thing that fails is publishing. I'm not >>>>> sure what to do next at this point so I wanted to see if anyone had ever >>>>> run into this. Below I will also paste the apache config for the proxy/ssl >>>>> term server and the web head for comparison. >>>>> >>>>> >>>>> SSL Proxy :: >>>>> >>>>> <VirtualHost 192.168.200.124:**4**43 <http://192.168.200.124:443/>> >>>>> >>>>> ServerName >>>>> reviewboard.**COMPANY**NAME.com<http://reviewboard.companyname.com/> >>>>> >>>>> SSLEngine on >>>>> >>>>> SSLProtocol all -SSLv2 >>>>> >>>>> SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+**RS**** >>>>> A:+HIGH:+MEDIUM:+LOW >>>>> >>>>> SSLCertificateFile /etc/pki/entrust-certs/star.**CO**** >>>>> MPANYNAME.com/star.**COMPANYNAME****.com.crt<http://star.companyname.com/star.COMPANYNAME.com.crt> >>>>> >>>>> SSLCertificateKeyFile /etc/pki/entrust-certs/star.**CO**** >>>>> MPANYNAME.com/star.**COMPANYNAME****.com.key<http://star.companyname.com/star.COMPANYNAME.com.key> >>>>> >>>>> SSLCACertificateFile /etc/pki/entrust-certs/star.**CO**** >>>>> MPANYNAME.com/star.**COMPANYNAME****.com_bundle.crt<http://star.companyname.com/star.COMPANYNAME.com_bundle.crt> >>>>> >>>>> # SSLCertificateFile /etc/pki/tls/certs/**COMPANYNAME****.com.crt >>>>> >>>>> # SSLCertificateKeyFile /etc/pki/tls/certs/**COMPANYNAME****.com.key >>>>> >>>>> # SSLCACertificateFile /etc/pki/tls/certs/gd_bundle.**c****rt >>>>> >>>>> >>>>> # Default to not cache anything >>>>> >>>>> ExpiresActive On >>>>> >>>>> ExpiresDefault "access plus 0 seconds" >>>>> >>>>> >>>>> # Cache just images >>>>> >>>>> ExpiresByType image/gif "access plus 10 minutes" >>>>> >>>>> ExpiresByType image/jpg "access plus 10 minutes" >>>>> >>>>> ExpiresByType image/png "access plus 10 minutes" >>>>> >>>>> >>>>> proxyPreserveHost On >>>>> >>>>> ProxyRequests On >>>>> >>>>> >>>>> ProxyPass / >>>>> http://reviewboard01.local-**C****OMPANYNAME.net:8080/<http://reviewboard01.local-companyname.net:8080/> >>>>> >>>>> ProxyPassReverse / http://reviewboard01.local-**C**** >>>>> OMPANYNAME.net:8080/<http://reviewboard01.local-companyname.net:8080/> >>>>> >>>>> <Location /> >>>>> >>>>> ProxyPassReverse / >>>>> >>>>> Order deny,allow >>>>> >>>>> Allow from all >>>>> >>>>> </Location> >>>>> >>>>> RequestHeader edit Location ^http://reviewboard.**COMPANYNAM**** >>>>> E.com/ <http://reviewboard.companyname.com/> https://reviewboard.**COM >>>>> ****PANYNAME.com/ <https://reviewboard.companyname.com/> >>>>> >>>>> >>>>> CustomLog /var/log/httpd/reviewboard.**COM****PANYNAME.com-access.log >>>>> common >>>>> >>>>> ErrorLog /var/log/httpd/reviewboard.**CO****MPANYNAME.com-error.log >>>>> >>>>> SetEnv HTTPS on >>>>> >>>>> >>>>> </VirtualHost> >>>>> >>>>> >>>>> <VirtualHost *:80> >>>>> >>>>> ServerName >>>>> reviewboard.**COMPANY**NAME.com<http://reviewboard.companyname.com/> >>>>> >>>>> #RewriteEngine on >>>>> >>>>> >>>>> # Rewrite traffic back to >>>>> https://reviewboard.**COMPANY****NAME.com<https://reviewboard.companyname.com/> >>>>> >>>>> # RewriteCond %{SERVER_NAME} >>>>> reviewboard.COMPANYNAME.com<http://reviewboard.companyname.com/> >>>>> >>>>> # RewriteCond %{HTTPS} !=on >>>>> >>>>> # RewriteRule ^/(.*)$ >>>>> https://reviewboard.**CO****MPANYNAME.com/$1<https://reviewboard.companyname.com/$1> >>>>> [R=301,PT] >>>>> >>>>> >>>>> RewriteCond %{HTTPS} off >>>>> >>>>> RewriteRule .* https://%{HTTP_HOST}%{REQUEST_******URI} >>>>> [R=301,P,PT,L] >>>>> >>>>> >>>>> CustomLog /var/log/httpd/reviewboard.**COM****PANYNAME.com-access.log >>>>> common >>>>> >>>>> ErrorLog /var/log/httpd/reviewboard.**CO****MPANYNAME.com-error.log >>>>> >>>>> SetEnv HTTPS on >>>>> >>>>> </VirtualHost> >>>>> >>>>> >>>>> >>>>> Web Node/Node running Reviewboard >>>>> >>>>> >>>>> Listen 8080 >>>>> >>>>> <VirtualHost *:8080> >>>>> >>>>> SetEnv HTTPS on >>>>> >>>>> ServerName >>>>> reviewboard01.**local**-**COMPANYNAME.net<http://reviewboard01.local-companyname.net/> >>>>> >>>>> DocumentRoot "/var/www/reviewboard/htdocs" >>>>> >>>>> #LogLevel debug >>>>> >>>>> # Error handlers >>>>> >>>>> ErrorDocument 500 /errordocs/500.html >>>>> >>>>> >>>>> WSGIPassAuthorization On >>>>> >>>>> WSGIScriptAlias "/reviews" "/var/www/reviewboard/htdocs/**r**** >>>>> eviewboard.wsgi/reviews" >>>>> >>>>> <Directory "/var/www/reviewboard/htdocs"> >>>>> >>>>> AllowOverride All >>>>> >>>>> Options -Indexes FollowSymLinks >>>>> >>>>> Allow from all >>>>> >>>>> </Directory> >>>>> >>>>> >>>>> # Alias static media requests to filesystem >>>>> >>>>> Alias /reviews/media "/var/www/reviewboard/htdocs/**m****edia" >>>>> >>>>> Alias /reviews/errordocs "/var/www/reviewboard/htdocs/**e****rrordocs" >>>>> >>>>> Alias /reviews/favicon.ico "/var/www/reviewboard/htdocs/**m**** >>>>> edia/rbcommons/images/**favicon.****png" >>>>> >>>>> >>>>> Any help here would be greatly appreciated! >>>>> >>>>> >>>>> Best, >>>>> >>>>> Brian >>>>> >>>>> -- >>>>> Want to help the Review Board project? Donate today at >>>>> http://www.reviewboard.org/**don**ate/<http://www.reviewboard.org/donate/> >>>>> Happy user? Let us know at >>>>> http://www.reviewboard.org/**use**rs/<http://www.reviewboard.org/users/> >>>>> -~----------~----~----~----~--****----~----~------~--~--- >>>>> To unsubscribe from this group, send email to reviewboard...@** >>>>> googlegroups.**com >>>>> >>>>> For more options, visit this group at http://groups.google.com/**group >>>>> **/reviewboard?hl=en<http://groups.google.com/group/reviewboard?hl=en> >>>>> >>>>> >>>>> >>>> >>>> -- >>> Want to help the Review Board project? Donate today at >>> http://www.reviewboard.org/**donate/<http://www.reviewboard.org/donate/> >>> Happy user? Let us know at >>> http://www.reviewboard.org/**users/<http://www.reviewboard.org/users/> >>> -~----------~----~----~----~--**----~----~------~--~--- >>> To unsubscribe from this group, send email to reviewboard...@** >>> googlegroups.com >>> For more options, visit this group at http://groups.google.com/** >>> group/reviewboard?hl=en<http://groups.google.com/group/reviewboard?hl=en> >>> >>> >>> >> >> -- > Want to help the Review Board project? Donate today at > http://www.reviewboard.org/donate/ > Happy user? Let us know at http://www.reviewboard.org/users/ > -~----------~----~----~----~------~----~------~--~--- > To unsubscribe from this group, send email to > reviewboard+unsubscr...@googlegroups.com > For more options, visit this group at > http://groups.google.com/group/reviewboard?hl=en > > > -- Want to help the Review Board project? Donate today at http://www.reviewboard.org/donate/ Happy user? Let us know at http://www.reviewboard.org/users/ -~----------~----~----~----~------~----~------~--~--- To unsubscribe from this group, send email to reviewboard+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/reviewboard?hl=en
