From mboxrd@z Thu Jan 1 00:00:00 1970 From: =?UTF-8?Q?Cl=C3=A9ment?= Lassieur Subject: bug#32233: Cuirass: Berlin web API times out Date: Mon, 23 Jul 2018 13:54:43 +0200 Message-ID: <87va96tbek.fsf@lassieur.org> References: <87lga5lyxa.fsf@lassieur.org> <87lga2tj3d.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:56914) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fhZQf-0002Nj-I7 for bug-guix@gnu.org; Mon, 23 Jul 2018 07:55:06 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fhZQc-0001Tq-FM for bug-guix@gnu.org; Mon, 23 Jul 2018 07:55:05 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:48116) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fhZQc-0001Sf-Av for bug-guix@gnu.org; Mon, 23 Jul 2018 07:55:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1fhZQc-0007sv-4T for bug-guix@gnu.org; Mon, 23 Jul 2018 07:55:02 -0400 Sender: "Debbugs-submit" Resent-To: bug-guix@gnu.org Resent-Message-ID: In-reply-to: <87lga2tj3d.fsf@gnu.org> List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 32233-done@debbugs.gnu.org Hello Ludovic, Ludovic Court=C3=A8s writes: > Hello, > > Cl=C3=A9ment Lassieur skribis: > >> https://berlin.guixsd.org:8081/ times out. > > Note that Cuirass listens on localhost:8081, so you cannot reach it from > the outside (and it=E2=80=99s HTTP, too.) There=E2=80=99s nginx that pro= xies things, > see guix-maintenance.git. Ha :-) I had forgotten about it! So it's not a bug at all, closing it. > Now, with the version currently running, I can tell you that this URL is > not very interesting: > > --8<---------------cut here---------------start------------->8--- > $ wget -O - http://localhost:8081 > --2018-07-23 11:06:22-- http://localhost:8081/ > Resolving localhost (localhost)... 127.0.0.1 > Connecting to localhost (localhost)|127.0.0.1|:8081... connected. > HTTP request sent, awaiting response... 404 Not Found > 2018-07-23 11:06:22 ERROR 404: Not Found. > --8<---------------cut here---------------end--------------->8--- > > :-) Well yes, I was expecting 404, because even though it's not very interesting, it shows that the url handler works. > Is the Web UI already in the current =E2=80=98cuirass=E2=80=99 package? Soon! But I think we should change the NGINX config nonetheless because the json API is useful. > If so, what do we need to change in the nginx config? I guess we could add: --8<---------------cut here---------------start------------->8--- server { listen 8081 ssl; server_name berlin.guixsd.org; ssl_certificate /etc/letsencrypt/live/berlin.guixsd.org/fullchain.p= em; ssl_certificate_key /etc/letsencrypt/live/berlin.guixsd.org/privkey.pem; # Make sure SSL is disabled. ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Disable weak cipher suites. ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; # Use our own DH parameters created with: # openssl dhparam -out dhparams.pem 2048 # as suggested at . ssl_dhparam /etc/dhparams.pem; access_log /var/log/nginx/https.access.log; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Port $server_port; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; location / { proxy_pass http://localhost:8081; } } --8<---------------cut here---------------end--------------->8--- I can do the commit if you want (and agree with the content), as you wish. Cl=C3=A9ment