Yes, that is exactly the problem so, you may want to consider using host
name from the URL in your url rewrite rules instead.
Changing routing[:endpoint_host] is not a good option. We do not want
scalarizr agent to communicate with Scalr on public IP since (a) it may
require extra routing rules (b) it will require extra firewall rules for
ports 8008-8014 for no good reason.
On Wednesday, August 19, 2015 at 1:28:58 AM UTC-4, Daniele Testa wrote:
>
> routing[:endpoint_host] = 'scalr01.example.com'
>
> Scalr uses that value when redirecting. You could/should set it to your
> external domain.
>
> Regards,
> Daniele
>
>
> On Wednesday, August 19, 2015 at 9:18:51 AM UTC+8, Dmitri Toubelis wrote:
>>
>> That was very helpful. Thank you. It seems that there is some
>> documentation is available on configuration parameters but I could not find
>> much on aliases. It could be something that you may want to improve in
>> thefuture.
>>
>> Also, I think I found a bug with https redirect. So, let me describe it
>> here and you decide if it is bug or feature. Here it comes.
>>
>> - my client has his environment in Amazon VPC and I setup scalr instance
>> for them with the following configuration:
>>
>> routing[:endpoint_scheme] = 'https'
>> routing[:endpoint_host] = 'scalr01.example.com'
>> proxy[:ssl_enable] = true
>> proxy[:ssl_redirect] = true
>> proxy[:ssl_cert_path] = '/etc/ssl/certs/server-chain.pem'
>> proxy[:ssl_key_path] = '/etc/ssl/private/server-key.pem'
>> app[:ip_ranges] = ["10.21.0.0/16", "10.16.10.0/23"]
>> app[:configuration] = {
>> :scalr => {
>> :ec2 => {
>> :instances_connection_policy => 'local',
>> }
>> }
>>
>> - DNS names for scalr instance are set as follows;
>>
>> scalr01.example.com - for internal IP address
>> scalr01-ext.example.com - for external IP address
>>
>> - everything works fine from the local network
>>
>> - however, they want to have access to scalr web interface from the
>> Internet and I opened ports 80 and 443 for them.
>>
>> - when they access Scalr with https://scalr01-ext.example.com everything
>> works fine.
>>
>> - when they access *http:*//*scalr01-ext*.example.com they get
>> redirected to *https*://*scalr01*.example.com, which obviously doesn't
>> work and they complain.
>>
>> I suspect there is a mistake in redirect rules.
>>
>> So far I closed port 80 on the firewall and told them to always specify
>> https:// but they forget and complain anyway. So, I wonder if this is
>> something you could fix in the next release or so.
>>
>> Thanks.
>>
>>
>> On Tuesday, August 18, 2015 at 1:10:58 AM UTC-4, Daniele Testa wrote:
>>>
>>> No, there is no difference.
>>>
>>> The routing[:endpopint_*] are just "shortcuts" to the second example.
>>>
>>> In practice, app[:configuration] should only be used for options that
>>> does not have a "shortcut" option yet.
>>> Best practice is to always use the shortcut option, if available.
>>>
>>> Regards,
>>> Daniele
>>>
>>> On Tuesday, August 18, 2015 at 6:23:20 AM UTC+8, Dmitri Toubelis wrote:
>>>>
>>>> Yep, I think that was the problem since https redirect was enabled.
>>>> However, is there any difference between following two options:
>>>>
>>>> routing[:endpoint_scheme] = 'https'
>>>> routing[:endpoint_host] = 'scalr.example.com'
>>>>
>>>> and:
>>>>
>>>> app[:configuration] = {
>>>> :scalr => {
>>>> :endpoint => {
>>>> :scheme => 'https',
>>>> :host => 'scalr.example.com',
>>>> },
>>>> }
>>>>
>>>> Are they both do the same? What is the recommended way?
>>>>
>>>>
>>>> On Monday, August 17, 2015 at 5:39:30 PM UTC-4, DicsyDel wrote:
>>>>>
>>>>> You also need to add:
>>>>>
>>>>> routing[:endpoint_scheme] = 'https'
>>>>>
>>>>> Regards,
>>>>> Igor
>>>>>
>>>>>
>>>>>
>>>>> On 17 August 2015 at 14:20, Dmitri Toubelis <[email protected]>
>>>>> wrote:
>>>>> > That is all I did:
>>>>> >
>>>>> > proxy[:ssl_enable] = true
>>>>> > proxy[:ssl_redirect] = true
>>>>> > proxy[:ssl_cert_path] = '/etc/ssl/certs/server-chain.pem'
>>>>> > proxy[:ssl_key_path] = '/etc/ssl/private/server-key.pem'
>>>>> >
>>>>> >
>>>>> > On Monday, August 17, 2015 at 4:41:36 PM UTC-4, DicsyDel wrote:
>>>>> >>
>>>>> >> Dmitri,
>>>>> >>
>>>>> >> Can you please let me know how you've configured HTTPs, what
>>>>> settings
>>>>> >> you've added to scalr-server.rb?
>>>>> >>
>>>>> >> Thanks,
>>>>> >> Igor
>>>>> >>
>>>>> >> On 17 August 2015 at 07:43, Dmitri Toubelis <[email protected]>
>>>>> wrote:
>>>>> >> > No, no changes to secrets. I actually disabled https to
>>>>> investigate this
>>>>> >> > issue further and it works again without https.
>>>>> >> >
>>>>> >> > On Monday, August 17, 2015 at 1:21:22 AM UTC-4, Daniele Testa
>>>>> wrote:
>>>>> >> >>
>>>>> >> >> Hi!
>>>>> >> >>
>>>>> >> >> Did you make any changes to the scalr-server-secrets.json file?
>>>>> >> >>
>>>>> >> >> Regards,
>>>>> >> >> Daniele
>>>>> >> >>
>>>>> >> >>
>>>>> >> >> On Monday, August 17, 2015 at 1:12:13 PM UTC+8, Dmitri Toubelis
>>>>> wrote:
>>>>> >> >>>
>>>>> >> >>> I'm testing Scalr open source 5.8.29 and I set it up and I was
>>>>> able to
>>>>> >> >>> create and start instances in amazon cloud. Then I followed
>>>>> >> >>> instructions
>>>>> >> >>> from you wiki on how to enable SSL/TLS and I was able to loging
>>>>> into
>>>>> >> >>> Scalr
>>>>> >> >>> web interface in web browser via https (redirect is enabled as
>>>>> well).
>>>>> >> >>> Right
>>>>> >> >>> after that if I start any new instance it will stay in Pending
>>>>> state
>>>>> >> >>> it is
>>>>> >> >>> terminated upon timeout. I was able to log in into the new
>>>>> instance
>>>>> >> >>> and
>>>>> >> >>> check Slaraizr log files. I found the following:
>>>>> >> >>>
>>>>> >> >>> ...
>>>>> >> >>> 2015-08-16 21:58:53,532-07:00 - WARNING -
>>>>> >> >>> scalarizr.messaging.p2p.producer - Message 'HostInit' not
>>>>> delivered
>>>>> >> >>> (message_id: 319dc9f3-0f9b-44f8-a677-f73388e2902f)
>>>>> >> >>> 2015-08-16 21:58:53,533-07:00 - WARNING -
>>>>> >> >>> scalarizr.messaging.p2p.producer - Cannot authenticate on
>>>>> message
>>>>> >> >>> server.
>>>>> >> >>> 401 Client Error: Signature doesn't match
>>>>> >> >>> ...
>>>>> >> >>>
>>>>> >> >>> What did I do wrong?
>>>>> >> >
>>>>> >> > --
>>>>> >> > You received this message because you are subscribed to the
>>>>> Google
>>>>> >> > Groups
>>>>> >> > "scalr-discuss" group.
>>>>> >> > To unsubscribe from this group and stop receiving emails from it,
>>>>> send
>>>>> >> > an
>>>>> >> > email to [email protected].
>>>>> >> > For more options, visit https://groups.google.com/d/optout.
>>>>> >
>>>>> > --
>>>>> > You received this message because you are subscribed to the Google
>>>>> Groups
>>>>> > "scalr-discuss" group.
>>>>> > To unsubscribe from this group and stop receiving emails from it,
>>>>> send an
>>>>> > email to [email protected].
>>>>> > For more options, visit https://groups.google.com/d/optout.
>>>>>
>>>>
--
You received this message because you are subscribed to the Google Groups
"scalr-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
