Bug 1370582

Summary: Capsule ca-consumer rpm not available on https
Product: Red Hat Satellite Reporter: Peter Vreman <peter.vreman>
Component: InstallationAssignee: satellite6-bugs <satellite6-bugs>
Status: CLOSED DUPLICATE QA Contact: Katello QA List <katello-qa-list>
Severity: high Docs Contact:
Priority: high    
Version: 6.2.0CC: bbuckingham, brubisch, daniele, egolov, jcallaha, johan.bergstrom, rjerrido, stbenjam, will_darton
Target Milestone: UnspecifiedKeywords: PrioBumpPM, Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-04-13 15:36:39 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1122832, 1422756, 1426423    

Description Peter Vreman 2016-08-26 16:14:04 UTC 
Description of problem:
The katello-ca-consumer-latest.noarch.rpm  is not available on port 443 on the capsule.

[crash] root@li-lc-1442:~# curl -k https://li-lc-1589.hag.hilti.com:443/pub/katello-ca-consumer-latest.noarch.rpm
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pub/katello-ca-consumer-latest.noarch.rpm was not found on this server.</p>
</body></html>


In the problem is that the pulp https is ctaching the request to /pub on port 443:

[crash] root@li-lc-1589:/var/log/httpd# tail -n1 /var/log/httpd/pulp-https_error_ssl.log
[Fri Aug 26 16:05:21 2016] [error] [client 10.92.14.90] File does not exist: /usr/share/pulp/wsgi/pub


Log from port 8443 on the reverse proxy

[crash] root@li-lc-1589:/var/log/httpd# tail -n1 /var/log/httpd/katello-reverse-proxy_access_ssl.log
10.92.14.90 - - [26/Aug/2016:16:05:26 +0000] "GET /pub/katello-ca-consumer-latest.noarch.rpm HTTP/1.1" 200 6500 "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.19.1 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2"


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 Peter Vreman 2016-08-26 16:16:40 UTC 
Our security department is not allowing plain http to be configured on a firewall port. Therefor we must be able to use https.
Comment 2 Peter Vreman 2016-08-26 16:34:14 UTC 
Patch is to make the /pub not fixed into the :80 virtual hsot

[crash] root@li-lc-1589:/etc/httpd/conf.d# diff -u 05-capsule.conf.160826-1 05-capsule.conf
--- 05-capsule.conf.160826-1    2016-08-26 12:15:39.550278546 +0000
+++ 05-capsule.conf     2016-08-26 16:33:06.907575532 +0000
@@ -25,6 +25,7 @@

   ## Custom fragment
   Include /etc/pulp/vhosts80/*.conf
+</VirtualHost>

 alias /pub /var/www/html/pub

@@ -34,5 +35,3 @@
   Allow from all

 </Location>
-
-</VirtualHost>
Comment 6 Evgeni Golov 2016-08-31 07:43:50 UTC 
Wouldn't it be cleaner to add a stanza for /pub/ with "PassengerEnabled off" for the 443 VHost? Like documented in https://www.phusionpassenger.com/library/config/apache/reference/#passengerenabled?
Comment 8 Stephen Benjamin 2016-10-13 15:19:58 UTC 
Created redmine issue http://projects.theforeman.org/issues/16904 from this bug
Comment 10 Stephen Benjamin 2017-04-13 15:36:39 UTC 
This one is older, but I already started working on BZ1432580 which is the same issue, so marking this is a dupe.

*** This bug has been marked as a duplicate of bug 1432580 ***