Re: [fossil-users] admin pages are empty and have bad titles
I've resolved this. I'll share my outcome for future folks who want to get a low-maintenance fossil HTTPS server up quickly. The initial scheme was to use 'stunnel' as a reverse proxy to terminate SSL, and forward the request on to the fossil web server daemon that is listening on the same box. Here's the stunnel config I initially came up with: = pid = /home/fossil/stunnel.pid [fossil-https] accept = 10443 cert = /home/fossil/mysite.com.pem connect = localhost:10080 = And, again, here is how I was running fossil: /usr/local/bin//fossil server /home/fossil/repo.fossil -P 10080 --baseurl https://mysite.com:10443/ The baseurl here is required under this scheme. If it were not given, then when fossil sends a redirect page it would send urls like http://mysite.com:10080/, because fossil thinks it is speaking HTTP and that the server is on port 10080. So the remote browser would follow the redirect to the wrong L4 endpoint. The thing mostly works, except that it does not handle the extra slash it receives in some URLs, e.g. on the links from the Admin page. (I believe fossil's name resolution behavior here is defensible under RFC2616, by the way -- the RFC says that you compare URLs octet-for-octet with one narrow exception that does not apply here. So, in other words, adding a slash to a URL path changes the URL. So the problem was the URL my browser is sending in the first place, or in the URL that fossil was putting in the HREF in the HTML it was serving.) I considered chasing this further by hacking in the code or looking at getting a real industrial web server up. But I saw that DRH had responded to some previous question that the official fossil web site itself is also served by HTTPS, which made me think I was overcomplicating things. So I tried going for a different scheme in which stunnel behaves a bit more like xinetd, and used fossil's supporting feature for that: = pid = /home/fossil/stunnel.pid output = /home/fossil/stunnel.log [fossil-https] accept = 10443 cert = /home/fossil/mysite.com.pem exec = /usr/local/bin/fossil execargs = fossil http /home/fossil/repo.fossil --https --host mysite.com:10443 = I.e. fork one fossil process per request. This appears to Just Work and is probably what the fossil devs had initially intended. From a look at the code, by the way, the --https argument there is required to prevent fossil from thinking that it should not authenticate the user. Eric On Wed, Jul 24, 2013 at 10:06 PM, Andy Bradford amb-sendok-137730.cdeapjlkdpclmgfol...@bradfords.org wrote: Thus said Eric Rubin-Smith on Wed, 24 Jul 2013 10:55:24 -0400: Am I doing something wrong with my configs, or is a code change warranted? That's hard to say since I don't know under what conditions --baseurl is intended to be used (I know the docs say reverse proxy, but I haven't ever set one up so I don't understand all the fine details). The one time I tried to use it, I was doing it wrong: http://www.mail-archive.com/fossil-users@lists.fossil-scm.org/msg12107.html In my case, however, I was using ``fossil http'' not ``fossil server'' and when I got rid of the --baseurl option, things worked as expected. In your case, you are trying to setup a reverse proxy... if you could provide some details about to setup a reverse proxy similar to your configuration (perhaps it is done with Apache), it might be easier for someone to reproduce. Have you tried using it without --baseurl? If so, what happened? Thanks, Andy -- TAI64 timestamp: 400051f08852 ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] admin pages are empty and have bad titles
What happens if you set base_url without trailing slash? e.g. https://foobar.com:10443; On Wed, Jul 24, 2013 at 4:55 PM, Eric Rubin-Smith eas@gmail.com wrote: I think the point here is that with a baseurl of https://foobar.com:10443/;, certain links exposed by the fossil HTML generators wind up pointing my browser to e.g. https://foobar.com:10443//page_name;, with two slashes after the port number. And fossil's name resolution system does not squash the two slashes -- there's a paged named page_name but none named /page_name. Am I doing something wrong with my configs, or is a code change warranted? On Tue, Jul 23, 2013 at 10:30 PM, Eric Rubin-Smith eas@gmail.comwrote: Yes, that works for the test case. But I think I'll need --baseurl for when I put fossil behind an SSL-terminating reverse proxy and want to access it using the company FQDN. On Tue, Jul 23, 2013 at 10:22 PM, Andy Bradford amb-sendok-1377224557.emjjjkijcgiknbipb...@bradfords.org wrote: Thus said Eric Rubin-Smith on Tue, 23 Jul 2013 22:02:11 -0400: /usr/local/bin/fossil server /home/fossil/myrepo.fossil --th-trace -P 10080 --baseurl http://localhost:10080/ Try removing the --baseurl option. It works for me when I do: fossil server /tmp/test.fossil ssh -L 10080:localhost:10080 remote Andy -- TAI64 timestamp: 400051ef3a90 ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
[fossil-users] admin pages are empty and have bad titles
I've started a fossil repo by importing a git repo to my local laptop, and then cloning the repo over to my target production web server. For testing, I've exposed the fossil server like this: /usr/local/bin/fossil server /home/fossil/myrepo.fossil --th-trace -P 10080 --baseurl http://localhost:10080/ and I'm accessing the server from my laptop using an ssh tunnel: ssh -L 10080:localhost:10080 mycompany.com so that I can point my browser to localhost:10080 and see the site exposed by fossil. Works fine, including login etc, until I try to access an admin page. By an admin page, I mean any admin page. They all behave the same. I click Admin and that works fine. I click any of the links, and I'm taken to a web page that has all of fossil's normal headers (so the name of my project, who I'm logged in as, links for Admin, the Timeline etc) but the body of the web page says Empty page. And the page title is e.g. xfersetup instead of Transfer Setup. The other pages' titles are analogous. The TH tracer shows no indication that there is a capabilities issue: = BEGIN_HEADER th1-setup {} = TH_OK set project_name {My project name} set title {xfersetup} set baseurl {http://localhost:10080/} set home {} set index_page {/home} set current_page {?name=xfersetup} set release_version {1.26} set manifest_version {[c9cb6e7293]} set manifest_date {2013-06-18 21:09:23} set compiler_name {gcc-4.4.5 20101112 (Red Hat 4.4.5-2)} set login {eas} BEGIN_HEADER_SCRIPT eval { if {[info exists login]} { puts Logged in as $login } else { puts Not logged in } } eval { html a href='$home$index_page'Home/a\n if {[anycap jor]} { html a href='$home/timeline'Timeline/a\n } if {[hascap oh]} { html a href='$home/dir?ci=tip'Files/a\n } if {[hascap o]} { html a href='$home/brlist'Branches/a\n html a href='$home/taglist'Tags/a\n } if {[hascap r]} { html a href='$home/reportlist'Tickets/a\n } if {[hascap j]} { html a href='$home/wiki'Wiki/a\n } if {[hascap s]} { html a href='$home/setup'Admin/a\n } elseif {[hascap a]} { html a href='$home/setup_ulist'Users/a\n } if {[info exists login]} { html a href='$home/login'Logout/a\n } else { html a href='$home/login'Login/a\n } } [hascap jor] = 1 [hascap oh] = 1 [hascap o] = 1 [hascap r] = 1 [hascap j] = 1 [hascap s] = 1 END_HEADER BEGIN_FOOTER eval { puts [expr {([utime]+[stime]+1000)/1000*0.001}] } END_FOOTER = Any hints? Thanks, Eric ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] admin pages are empty and have bad titles
Thus said Eric Rubin-Smith on Tue, 23 Jul 2013 22:02:11 -0400: /usr/local/bin/fossil server /home/fossil/myrepo.fossil --th-trace -P 10080 --baseurl http://localhost:10080/ Try removing the --baseurl option. It works for me when I do: fossil server /tmp/test.fossil ssh -L 10080:localhost:10080 remote Andy -- TAI64 timestamp: 400051ef3a90 ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] admin pages are empty and have bad titles
Thus said Andy Bradford on 23 Jul 2013 20:22:37 -0600: fossil server /tmp/test.fossil Of course I meant: fossil server -P 10080 /tmp/test.fossil ssh -L 10080:localhost:10080 remote Cheers, Andy -- TAI64 timestamp: 400051ef3c17 ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] admin pages are empty and have bad titles
Yes, that works for the test case. But I think I'll need --baseurl for when I put fossil behind an SSL-terminating reverse proxy and want to access it using the company FQDN. On Tue, Jul 23, 2013 at 10:22 PM, Andy Bradford amb-sendok-1377224557.emjjjkijcgiknbipb...@bradfords.org wrote: Thus said Eric Rubin-Smith on Tue, 23 Jul 2013 22:02:11 -0400: /usr/local/bin/fossil server /home/fossil/myrepo.fossil --th-trace -P 10080 --baseurl http://localhost:10080/ Try removing the --baseurl option. It works for me when I do: fossil server /tmp/test.fossil ssh -L 10080:localhost:10080 remote Andy -- TAI64 timestamp: 400051ef3a90 ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users