SEVERE: Couldn't notify the webapp on https://.... HTTP 401 Unauthorized #2635
Comments
|
More details are needed about the setup to tell for sure however in order to perform admin actions on the webapp via RESTful API it is necessary to send the request through trusted channel such as via For example, let's say https://opengrok.system.com/source is the user facing site that requires authentication and authorization while the Tomcat also listens on say port 8080 on localhost only. Then the indexer has to be run with |
|
There is |
|
Tomcat: apache-tomcat-8.5.37.tar.gz Hi @vladak , Thanks a lot for your help! I have changed Is this issue cause by this server.xml setting ? |
|
':8080' this is expecting the oopengrok on port 8080, but if I understand it, you have it running on 80. so |
|
Hi @tulinkry , Yes , I have already tested with the following setting but not work for me...
|
|
ad 1) there seems to be redirect in place Really, you need to setup a plain HTTP port in Tomcat configuration. |
|
Obviously, we need to document this better in the wikis. |
|
And can't we follow redirects for
? I don't know if it would help. |
|
It's a question where does the redirect lead to. My guess that it leads to a point which requires authorization and it would be back to square 1 :-) |
|
I think it leads to
but that wouldn't solve anything when the certificate is incorrect. |
|
Technically, the certificate is correct. No certificate should ever contain localhost or localhost addresses (https://security.stackexchange.com/questions/35033/what-are-the-risks-of-a-localhost-signed-cerificate#35035) |
|
Make a dedicated port to listen for plain HTTP requests bound to localhost (https://serverfault.com/questions/218666/how-to-configure-tomcat-to-only-listen-to-127-0-0-1) and update the -U option used by the indexer accordingly (e.g. |
|
Hi @vladak , Thanks a lot for your detail explanations and please correct me if I misunderstand your solution. I have added this port argument in server.xml : But also show the same error message as port 80: |
|
You have to use the new port (8080) for Indexer communication with the web app. |
|
How do you run the indexer exactly ? |
|
Hi @vladak , Yes I have tried to use My server.xml: Indexer -U command: |
|
Http 302 is redirection. Where does it redirect to ?
po 28. 1. 2019 9:00 odesílatel Dan Wang <[email protected]> napsal:
… Hi @vladak <https://github.com/vladak> ,
Yes I have tried to use -U http://localhost:8080/source/ but also get the
same error:
Couldn't notify the webapp on http://localhost:8080/source: HTTP 302
Found.
My server.xml:
<Connector address="127.0.0.1" port="8080" protocol="HTTP/1.1"/>
<Connector port="80" protocol="HTTP/1.1" redirectPort="443"/>
<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
sslEnabledProtocols="TLSv1.2"
connectionTimeout="20000"
keystoreFile="/var/lib/tomcat8/conf/opengrok.system.com.pfx"
keystoreType="PKCS12"
keystorePass="HU2Ue2Lq^zk^F6g*P"
compression="on"
compressableMimeType="text/html,text/xml,text/plain,text/css..."
/>
Indexer -U command:
-U http://localhost:8080/source/
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#2635 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ACzGDOGssL9dD9SucB35Pvn93a_KHJWRks5vHq4NgaJpZM4aMCQm>
.
|
|
I have no idea about this port redirection because of my server.xml not set redirection on 8080 port. |
|
Well, the redirection has to be configured somewhere and OpenGrok itself does not perform any redirections AFAIK. Again, if you query the address and display the HTTP headers, where does it tell it redirects to ? This might give a hint as to where this is configured. |
|
Hi @vladak , I tried to see what redirection on this 8080 port, but I found there is no redirection when I key in http://opengrok.system.com:8080/source in web browser. The web browser will show I also tested other port setting like 8280, 8480 in
I have checked the help doc again and found
What is this -U command actual doing? |
|
I tried to remove the LDAP auth feature in tomcat and all work smoothly.
|
I think I finally found out the correct solution. Due to I have connected with the LDAP auth in my tomcat8, I should separate If we connect with LDAP auth, we should add a specific port for -U command:
And we should set
Thanks again for your kindly help! |
|
The problem then is that |
|
Hi @tulinkry Yes, that's right!! Thanks!! |
Tomcat: apache-tomcat-8.5.37.tar.gz
Opengrok: opengrok-1.1.2.tar.gz
Hi Sir,
There is an error message need your help.
We will face this error after we process index command.
I have set tomcat connect with LDAP Auth. Maybe this error was cause by this setting ?!
Thanks
The text was updated successfully, but these errors were encountered: