[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#32233: Cuirass: Berlin web API times out

From: Clément Lassieur
Subject: bug#32233: Cuirass: Berlin web API times out
Date: Mon, 23 Jul 2018 13:54:43 +0200
User-agent: mu4e 1.0; emacs 26.1

Hello Ludovic,

Ludovic Courtès <address@hidden> writes:

> Hello,
> Clément Lassieur <address@hidden> skribis:
>> https://berlin.guixsd.org:8081/ times out.
> Note that Cuirass listens on localhost:8081, so you cannot reach it from
> the outside (and it’s HTTP, too.)  There’s nginx that proxies things,
> see guix-maintenance.git.

Ha :-)  I had forgotten about it!  So it's not a bug at all, closing it.

> Now, with the version currently running, I can tell you that this URL is
> not very interesting:
> --8<---------------cut here---------------start------------->8---
> $ wget -O -  http://localhost:8081
> --2018-07-23 11:06:22--  http://localhost:8081/
> Resolving localhost (localhost)...
> Connecting to localhost (localhost)||:8081... connected.
> HTTP request sent, awaiting response... 404 Not Found
> 2018-07-23 11:06:22 ERROR 404: Not Found.
> --8<---------------cut here---------------end--------------->8---
> :-)

Well yes, I was expecting 404, because even though it's not very
interesting, it shows that the url handler works.

> Is the Web UI already in the current ‘cuirass’ package?

Soon!  But I think we should change the NGINX config nonetheless because
the json API is useful.

> If so, what do we need to change in the nginx config?

I guess we could add:

--8<---------------cut here---------------start------------->8---
server {
    listen       8081 ssl;
    server_name  berlin.guixsd.org;

    ssl_certificate     /etc/letsencrypt/live/berlin.guixsd.org/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/berlin.guixsd.org/privkey.pem;

    # Make sure SSL is disabled.
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;

    # Disable weak cipher suites.
    ssl_ciphers         HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;

    # Use our own DH parameters created with:
    #    openssl dhparam -out dhparams.pem 2048
    # as suggested at <https://weakdh.org/sysadmin.html>.
    ssl_dhparam         /etc/dhparams.pem;

    access_log  /var/log/nginx/https.access.log;

    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Port $server_port;
    proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;

    location / {
        proxy_pass http://localhost:8081;
--8<---------------cut here---------------end--------------->8---

I can do the commit if you want (and agree with the content), as you


reply via email to

[Prev in Thread] Current Thread [Next in Thread]