I am failing to reverse-proxy through an external Apache 2.4 server to
a ReviewBoard service (2.6.5.1).

The external server is (let's say) external.example.com.  Its Apache
config includes:

  ProxyPass /reviews http://backend.example.com/reviews

  <Location /reviews>
    ProxyPassReverse  http://backend.example.com/reviews
    ProxyPassReverseCookieDomain backend.example.com external.example.com
    RequestHeader    unset  Accept-Encoding

    <%= @httpd_auth_thing %>
  </Location>

where the @httpd_auth_thing turns into a standard Apache Basic
authentication thing.

The backend server (also Apache 2.4) includes standard ReviewBoard
runes, i.e.

        WSGIPassAuthorization On
        WSGIScriptAlias "/reviews" "<%= @reviewboard_home 
-%>/htdocs/reviewboard.wsgi/reviews"

        <Directory "<%= @reviewboard_home -%>/htdocs">
                AllowOverride All
                Options -Indexes +FollowSymLinks
#          #partain: our addition:
           AuthName <%= @httpd_auth_name %>
           AuthUserFile <%= @httpd_auth_user_file %>
           AuthType Basic
           <RequireAny>
             Require valid-user
             Require local
           </RequireAny>
        </Directory>

(Puppet fills in the template with obvious things.)

I then make admin and user "accounts" through the admin interface.
All good.

If you use a browser to connect *directly* to backend.example.com/reviews/
(just for testing...), all the ReviewBoard stuff works.

If you connect (properly) through external.example.com/reviews/, a
fair few things work, e.g. all the admin functions.

But if you start doing review things (i.e. tickle the "Web API" ?),
things don't go well.  One example might be: click to add a comment on
a review -- it will take the comment, but never bring up a
'Publish'/'Discard' button, and the comment will in fact not be there.

A worry I have: the external.example.com Apache requires Basic
authentication.  Its username/passwords have nothing to do with
ReviewBoard.

So... I login to ReviewBoard (apparently OK).  But, in subsequent
requests, an "Authorization: Basic ...." header (with the
*external.example.com* info) is being passed back to
backend.example.com, and that *may* be confusing things.

For example, I'm logged in as 'admin', looking at a review... I then
click on 'Admin' (to go do admin).  It asks me to login again -- why?
because it thinks I'm 'partain' (because it got that from the [bogus]
Basic authentication?).

When I changed the ReviewBoard username/password to match the
external.example.com HTTP username/password (so that the
'Authorization' info would happen to be correct), that did not
appear to help.

Is this analysis even partly right?  What should I look at next?
Does *anyone* have a working reverse-proxied ReviewBoard with Apache?  Thanks,

Will

-- 
Supercharge your Review Board with Power Pack: 
https://www.reviewboard.org/powerpack/
Want us to host Review Board for you? Check out RBCommons: 
https://rbcommons.com/
Happy user? Let us know! https://www.reviewboard.org/users/
--- 
You received this message because you are subscribed to the Google Groups 
"reviewboard" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to reviewboard+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to