That was very helpful. Thank you. It seems that there is some documentation
is available on configuration parameters but I could not find much on
aliases. It could be something that you may want to improve in thefuture.
Also, I think I found a bug with https redirect. So, let me describe it
here and you decide if it is bug or feature. Here it comes.
- my client has his environment in Amazon VPC and I setup scalr instance
for them with the following configuration:
routing[:endpoint_scheme] = 'https'
routing[:endpoint_host] = 'scalr01.example.com'
proxy[:ssl_enable] = true
proxy[:ssl_redirect] = true
proxy[:ssl_cert_path] = '/etc/ssl/certs/server-chain.pem'
proxy[:ssl_key_path] = '/etc/ssl/private/server-key.pem'
app[:ip_ranges] = ["10.21.0.0/16", "10.16.10.0/23"]
app[:configuration] = {
:scalr => {
:ec2 => {
:instances_connection_policy => 'local',
}
}
- DNS names for scalr instance are set as follows;
scalr01.example.com - for internal IP address
scalr01-ext.example.com - for external IP address
- everything works fine from the local network
- however, they want to have access to scalr web interface from the
Internet and I opened ports 80 and 443 for them.
- when they access Scalr with https://scalr01-ext.example.com everything
works fine.
- when they access *http:*//*scalr01-ext*.example.com they get redirected
to *https*://*scalr01*.example.com, which obviously doesn't work and they
complain.
I suspect there is a mistake in redirect rules.
So far I closed port 80 on the firewall and told them to always specify
https:// but they forget and complain anyway. So, I wonder if this is
something you could fix in the next release or so.
Thanks.
On Tuesday, August 18, 2015 at 1:10:58 AM UTC-4, Daniele Testa wrote:
>
> No, there is no difference.
>
> The routing[:endpopint_*] are just "shortcuts" to the second example.
>
> In practice, app[:configuration] should only be used for options that does
> not have a "shortcut" option yet.
> Best practice is to always use the shortcut option, if available.
>
> Regards,
> Daniele
>
> On Tuesday, August 18, 2015 at 6:23:20 AM UTC+8, Dmitri Toubelis wrote:
>>
>> Yep, I think that was the problem since https redirect was enabled.
>> However, is there any difference between following two options:
>>
>> routing[:endpoint_scheme] = 'https'
>> routing[:endpoint_host] = 'scalr.example.com'
>>
>> and:
>>
>> app[:configuration] = {
>> :scalr => {
>> :endpoint => {
>> :scheme => 'https',
>> :host => 'scalr.example.com',
>> },
>> }
>>
>> Are they both do the same? What is the recommended way?
>>
>>
>> On Monday, August 17, 2015 at 5:39:30 PM UTC-4, DicsyDel wrote:
>>>
>>> You also need to add:
>>>
>>> routing[:endpoint_scheme] = 'https'
>>>
>>> Regards,
>>> Igor
>>>
>>>
>>>
>>> On 17 August 2015 at 14:20, Dmitri Toubelis <[email protected]>
>>> wrote:
>>> > That is all I did:
>>> >
>>> > proxy[:ssl_enable] = true
>>> > proxy[:ssl_redirect] = true
>>> > proxy[:ssl_cert_path] = '/etc/ssl/certs/server-chain.pem'
>>> > proxy[:ssl_key_path] = '/etc/ssl/private/server-key.pem'
>>> >
>>> >
>>> > On Monday, August 17, 2015 at 4:41:36 PM UTC-4, DicsyDel wrote:
>>> >>
>>> >> Dmitri,
>>> >>
>>> >> Can you please let me know how you've configured HTTPs, what settings
>>> >> you've added to scalr-server.rb?
>>> >>
>>> >> Thanks,
>>> >> Igor
>>> >>
>>> >> On 17 August 2015 at 07:43, Dmitri Toubelis <[email protected]>
>>> wrote:
>>> >> > No, no changes to secrets. I actually disabled https to investigate
>>> this
>>> >> > issue further and it works again without https.
>>> >> >
>>> >> > On Monday, August 17, 2015 at 1:21:22 AM UTC-4, Daniele Testa
>>> wrote:
>>> >> >>
>>> >> >> Hi!
>>> >> >>
>>> >> >> Did you make any changes to the scalr-server-secrets.json file?
>>> >> >>
>>> >> >> Regards,
>>> >> >> Daniele
>>> >> >>
>>> >> >>
>>> >> >> On Monday, August 17, 2015 at 1:12:13 PM UTC+8, Dmitri Toubelis
>>> wrote:
>>> >> >>>
>>> >> >>> I'm testing Scalr open source 5.8.29 and I set it up and I was
>>> able to
>>> >> >>> create and start instances in amazon cloud. Then I followed
>>> >> >>> instructions
>>> >> >>> from you wiki on how to enable SSL/TLS and I was able to loging
>>> into
>>> >> >>> Scalr
>>> >> >>> web interface in web browser via https (redirect is enabled as
>>> well).
>>> >> >>> Right
>>> >> >>> after that if I start any new instance it will stay in Pending
>>> state
>>> >> >>> it is
>>> >> >>> terminated upon timeout. I was able to log in into the new
>>> instance
>>> >> >>> and
>>> >> >>> check Slaraizr log files. I found the following:
>>> >> >>>
>>> >> >>> ...
>>> >> >>> 2015-08-16 21:58:53,532-07:00 - WARNING -
>>> >> >>> scalarizr.messaging.p2p.producer - Message 'HostInit' not
>>> delivered
>>> >> >>> (message_id: 319dc9f3-0f9b-44f8-a677-f73388e2902f)
>>> >> >>> 2015-08-16 21:58:53,533-07:00 - WARNING -
>>> >> >>> scalarizr.messaging.p2p.producer - Cannot authenticate on message
>>> >> >>> server.
>>> >> >>> 401 Client Error: Signature doesn't match
>>> >> >>> ...
>>> >> >>>
>>> >> >>> What did I do wrong?
>>> >> >
>>> >> > --
>>> >> > You received this message because you are subscribed to the Google
>>> >> > Groups
>>> >> > "scalr-discuss" group.
>>> >> > To unsubscribe from this group and stop receiving emails from it,
>>> send
>>> >> > an
>>> >> > email to [email protected].
>>> >> > For more options, visit https://groups.google.com/d/optout.
>>> >
>>> > --
>>> > You received this message because you are subscribed to the Google
>>> Groups
>>> > "scalr-discuss" group.
>>> > To unsubscribe from this group and stop receiving emails from it, send
>>> an
>>> > email to [email protected].
>>> > For more options, visit https://groups.google.com/d/optout.
>>>
>>
--
You received this message because you are subscribed to the Google Groups
"scalr-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
