1370582 – Capsule ca-consumer rpm not available on https

Bug 1370582 - Capsule ca-consumer rpm not available on https

Summary: Capsule ca-consumer rpm not available on https

Keywords:
Status:	CLOSED DUPLICATE of bug 1432580
Alias:	None
Product:	Red Hat Satellite
Classification:	Red Hat
Component:	Installer
Sub Component:
Version:	6.2.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high with 1 vote vote
Target Milestone:	Unspecified
Assignee:	satellite6-bugs
QA Contact:	Katello QA List
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1122832 1422756 1426423
TreeView+	depends on / blocked

Reported:	2016-08-26 16:14 UTC by Peter Vreman
Modified:	2021-03-11 14:40 UTC (History)
CC List:	9 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2017-04-13 15:36:39 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Foreman Issue Tracker	16904	0	Normal	New	Capsule ca-consumer rpm not available on https	2020-08-07 13:30:18 UTC
Red Hat Bugzilla	1422756	1	None	None	None	2021-01-20 06:05:38 UTC

Internal Links: 1422756

Description Peter Vreman 2016-08-26 16:14:04 UTC

Description of problem:
The katello-ca-consumer-latest.noarch.rpm  is not available on port 443 on the capsule.

[crash] root@li-lc-1442:~# curl -k https://li-lc-1589.hag.hilti.com:443/pub/katello-ca-consumer-latest.noarch.rpm
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pub/katello-ca-consumer-latest.noarch.rpm was not found on this server.</p>
</body></html>


In the problem is that the pulp https is ctaching the request to /pub on port 443:

[crash] root@li-lc-1589:/var/log/httpd# tail -n1 /var/log/httpd/pulp-https_error_ssl.log
[Fri Aug 26 16:05:21 2016] [error] [client 10.92.14.90] File does not exist: /usr/share/pulp/wsgi/pub


Log from port 8443 on the reverse proxy

[crash] root@li-lc-1589:/var/log/httpd# tail -n1 /var/log/httpd/katello-reverse-proxy_access_ssl.log
10.92.14.90 - - [26/Aug/2016:16:05:26 +0000] "GET /pub/katello-ca-consumer-latest.noarch.rpm HTTP/1.1" 200 6500 "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.19.1 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2"


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Comment 1 Peter Vreman 2016-08-26 16:16:40 UTC

Our security department is not allowing plain http to be configured on a firewall port. Therefor we must be able to use https.

Comment 2 Peter Vreman 2016-08-26 16:34:14 UTC

Patch is to make the /pub not fixed into the :80 virtual hsot

[crash] root@li-lc-1589:/etc/httpd/conf.d# diff -u 05-capsule.conf.160826-1 05-capsule.conf
--- 05-capsule.conf.160826-1    2016-08-26 12:15:39.550278546 +0000
+++ 05-capsule.conf     2016-08-26 16:33:06.907575532 +0000
@@ -25,6 +25,7 @@

   ## Custom fragment
   Include /etc/pulp/vhosts80/*.conf
+</VirtualHost>

 alias /pub /var/www/html/pub

@@ -34,5 +35,3 @@
   Allow from all

 </Location>
-
-</VirtualHost>

Comment 6 Evgeni Golov 2016-08-31 07:43:50 UTC

Wouldn't it be cleaner to add a stanza for /pub/ with "PassengerEnabled off" for the 443 VHost? Like documented in https://www.phusionpassenger.com/library/config/apache/reference/#passengerenabled?

Comment 8 Stephen Benjamin 2016-10-13 15:19:58 UTC

Created redmine issue http://projects.theforeman.org/issues/16904 from this bug

Comment 10 Stephen Benjamin 2017-04-13 15:36:39 UTC

This one is older, but I already started working on BZ1432580 which is the same issue, so marking this is a dupe.

*** This bug has been marked as a duplicate of bug 1432580 ***

Note You need to log in before you can comment on or make changes to this bug.