GNU bug report logs - #32233
Cuirass: Berlin web API times out

Previous Next

Package: guix;

Reported by: Clément Lassieur <clement <at> lassieur.org>

Date: Sat, 21 Jul 2018 09:30:02 UTC

Severity: normal

Done: Clément Lassieur <clement <at> lassieur.org>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 32233 in the body.
You can then email your comments to 32233 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to bug-guix <at> gnu.org:
bug#32233; Package guix. (Sat, 21 Jul 2018 09:30:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Clément Lassieur <clement <at> lassieur.org>:
New bug report received and forwarded. Copy sent to bug-guix <at> gnu.org. (Sat, 21 Jul 2018 09:30:03 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Clément Lassieur <clement <at> lassieur.org>
To: bug-guix <at> gnu.org
Subject: Cuirass: Berlin web API times out
Date: Sat, 21 Jul 2018 11:29:21 +0200
Hi,

https://berlin.guixsd.org:8081/ times out.

I'm using the exact same config at home to try to reproduce the issue.

Clément




Added blocking bug(s) 32234 Request was from clement <at> lassieur.org (Clément Lassieur) to control <at> debbugs.gnu.org. (Sat, 21 Jul 2018 12:41:02 GMT) Full text and rfc822 format available.

Information forwarded to bug-guix <at> gnu.org:
bug#32233; Package guix. (Mon, 23 Jul 2018 09:09:02 GMT) Full text and rfc822 format available.

Message #10 received at 32233 <at> debbugs.gnu.org (full text, mbox):

From: ludo <at> gnu.org (Ludovic Courtès)
To: Clément Lassieur <clement <at> lassieur.org>
Cc: 32233 <at> debbugs.gnu.org
Subject: Re: bug#32233: Cuirass: Berlin web API times out
Date: Mon, 23 Jul 2018 11:08:38 +0200
Hello,

Clément Lassieur <clement <at> lassieur.org> skribis:

> https://berlin.guixsd.org:8081/ times out.

Note that Cuirass listens on localhost:8081, so you cannot reach it from
the outside (and it’s HTTP, too.)  There’s nginx that proxies things,
see guix-maintenance.git.

Now, with the version currently running, I can tell you that this URL is
not very interesting:

--8<---------------cut here---------------start------------->8---
$ wget -O -  http://localhost:8081
--2018-07-23 11:06:22--  http://localhost:8081/
Resolving localhost (localhost)... 127.0.0.1
Connecting to localhost (localhost)|127.0.0.1|:8081... connected.
HTTP request sent, awaiting response... 404 Not Found
2018-07-23 11:06:22 ERROR 404: Not Found.
--8<---------------cut here---------------end--------------->8---

:-)

Is the Web UI already in the current ‘cuirass’ package?  If so, what do
we need to change in the nginx config?

Thanks,
Ludo’.




Reply sent to Clément Lassieur <clement <at> lassieur.org>:
You have taken responsibility. (Mon, 23 Jul 2018 11:55:01 GMT) Full text and rfc822 format available.

Notification sent to Clément Lassieur <clement <at> lassieur.org>:
bug acknowledged by developer. (Mon, 23 Jul 2018 11:55:02 GMT) Full text and rfc822 format available.

Message #15 received at 32233-done <at> debbugs.gnu.org (full text, mbox):

From: Clément Lassieur <clement <at> lassieur.org>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: 32233-done <at> debbugs.gnu.org
Subject: Re: bug#32233: Cuirass: Berlin web API times out
Date: Mon, 23 Jul 2018 13:54:43 +0200
Hello Ludovic,

Ludovic Courtès <ludo <at> gnu.org> writes:

> Hello,
>
> Clément Lassieur <clement <at> lassieur.org> skribis:
>
>> https://berlin.guixsd.org:8081/ times out.
>
> Note that Cuirass listens on localhost:8081, so you cannot reach it from
> the outside (and it’s HTTP, too.)  There’s nginx that proxies things,
> see guix-maintenance.git.

Ha :-)  I had forgotten about it!  So it's not a bug at all, closing it.

> Now, with the version currently running, I can tell you that this URL is
> not very interesting:
>
> --8<---------------cut here---------------start------------->8---
> $ wget -O -  http://localhost:8081
> --2018-07-23 11:06:22--  http://localhost:8081/
> Resolving localhost (localhost)... 127.0.0.1
> Connecting to localhost (localhost)|127.0.0.1|:8081... connected.
> HTTP request sent, awaiting response... 404 Not Found
> 2018-07-23 11:06:22 ERROR 404: Not Found.
> --8<---------------cut here---------------end--------------->8---
>
> :-)

Well yes, I was expecting 404, because even though it's not very
interesting, it shows that the url handler works.

> Is the Web UI already in the current ‘cuirass’ package?

Soon!  But I think we should change the NGINX config nonetheless because
the json API is useful.

> If so, what do we need to change in the nginx config?

I guess we could add:

--8<---------------cut here---------------start------------->8---
server {
    listen       8081 ssl;
    server_name  berlin.guixsd.org;

    ssl_certificate     /etc/letsencrypt/live/berlin.guixsd.org/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/berlin.guixsd.org/privkey.pem;

    # Make sure SSL is disabled.
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;

    # Disable weak cipher suites.
    ssl_ciphers         HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;

    # Use our own DH parameters created with:
    #    openssl dhparam -out dhparams.pem 2048
    # as suggested at <https://weakdh.org/sysadmin.html>.
    ssl_dhparam         /etc/dhparams.pem;

    access_log  /var/log/nginx/https.access.log;

    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Port $server_port;
    proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;

    location / {
        proxy_pass http://localhost:8081;
    }
}
--8<---------------cut here---------------end--------------->8---

I can do the commit if you want (and agree with the content), as you
wish.

Clément




Information forwarded to bug-guix <at> gnu.org:
bug#32233; Package guix. (Mon, 23 Jul 2018 14:53:01 GMT) Full text and rfc822 format available.

Message #18 received at 32233-done <at> debbugs.gnu.org (full text, mbox):

From: ludo <at> gnu.org (Ludovic Courtès)
To: Clément Lassieur <clement <at> lassieur.org>
Cc: 32233-done <at> debbugs.gnu.org
Subject: Re: bug#32233: Cuirass: Berlin web API times out
Date: Mon, 23 Jul 2018 16:52:47 +0200
Clément Lassieur <clement <at> lassieur.org> skribis:

>> Is the Web UI already in the current ‘cuirass’ package?
>
> Soon!  But I think we should change the NGINX config nonetheless because
> the json API is useful.

The JSON API is available; see ‘berlin-locations.conf’.

>> If so, what do we need to change in the nginx config?
>
> I guess we could add:
>
> server {

[...]

>     location / {
>         proxy_pass http://localhost:8081;
>     }
> }

I think this change should go do ‘berlin-locations.conf’.  Feel free to
commit!

Thank you,
Ludo’.




Information forwarded to bug-guix <at> gnu.org:
bug#32233; Package guix. (Mon, 23 Jul 2018 15:30:02 GMT) Full text and rfc822 format available.

Message #21 received at 32233-done <at> debbugs.gnu.org (full text, mbox):

From: Clément Lassieur <clement <at> lassieur.org>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: 32233-done <at> debbugs.gnu.org
Subject: Re: bug#32233: Cuirass: Berlin web API times out
Date: Mon, 23 Jul 2018 17:29:16 +0200
Ludovic Courtès <ludo <at> gnu.org> writes:

> Clément Lassieur <clement <at> lassieur.org> skribis:
>
>>> Is the Web UI already in the current ‘cuirass’ package?
>>
>> Soon!  But I think we should change the NGINX config nonetheless because
>> the json API is useful.
>
> The JSON API is available; see ‘berlin-locations.conf’.
>
>>> If so, what do we need to change in the nginx config?
>>
>> I guess we could add:
>>
>> server {
>
> [...]
>
>>     location / {
>>         proxy_pass http://localhost:8081;
>>     }
>> }
>
> I think this change should go do ‘berlin-locations.conf’.

That would conflict with the '/' location of ports 80 and 443.  I was
rather thinking about using port 8081 for Cuirass.  In that case the
'server' block would be needed in berlin.conf.  We would also remove

    # Cuirass.
    location /specifications { proxy_pass http://localhost:8081; }
    location /jobsets { proxy_pass http://localhost:8081; }
    location /build { proxy_pass http://localhost:8081; }
    location /api { proxy_pass http://localhost:8081; }

from berlin-locations.conf.

Otherwise we need to think about what routes go to Cuirass and what
routes go to Guix publish.  Alternatively, we could use another domain
name with ports 80 and 443, but it's more work.

WDYT?




Information forwarded to bug-guix <at> gnu.org:
bug#32233; Package guix. (Mon, 23 Jul 2018 20:08:02 GMT) Full text and rfc822 format available.

Message #24 received at 32233-done <at> debbugs.gnu.org (full text, mbox):

From: ludo <at> gnu.org (Ludovic Courtès)
To: Clément Lassieur <clement <at> lassieur.org>
Cc: 32233-done <at> debbugs.gnu.org
Subject: Re: bug#32233: Cuirass: Berlin web API times out
Date: Mon, 23 Jul 2018 22:07:40 +0200
Clément Lassieur <clement <at> lassieur.org> skribis:

> Ludovic Courtès <ludo <at> gnu.org> writes:
>
>> Clément Lassieur <clement <at> lassieur.org> skribis:
>>
>>>> Is the Web UI already in the current ‘cuirass’ package?
>>>
>>> Soon!  But I think we should change the NGINX config nonetheless because
>>> the json API is useful.
>>
>> The JSON API is available; see ‘berlin-locations.conf’.
>>
>>>> If so, what do we need to change in the nginx config?
>>>
>>> I guess we could add:
>>>
>>> server {
>>
>> [...]
>>
>>>     location / {
>>>         proxy_pass http://localhost:8081;
>>>     }
>>> }
>>
>> I think this change should go do ‘berlin-locations.conf’.
>
> That would conflict with the '/' location of ports 80 and 443.  I was
> rather thinking about using port 8081 for Cuirass.  In that case the
> 'server' block would be needed in berlin.conf.  We would also remove
>
>     # Cuirass.
>     location /specifications { proxy_pass http://localhost:8081; }
>     location /jobsets { proxy_pass http://localhost:8081; }
>     location /build { proxy_pass http://localhost:8081; }
>     location /api { proxy_pass http://localhost:8081; }
>
> from berlin-locations.conf.

Hmm, I think nginx should still expose both the Cuirass HTTP API and UI
and ‘guix publish’ on ports 80 and 443.  So we just need to have:

  location / { proxy_pass http://localhost:8081; }

and then exceptions for ‘guix publish’:

  location \.narinfo { … }
  location /nar/ { … }
  location /log/ { … }
  location /file/ { … }

WDYT?  Or am I missing something?

Thanks,
Ludo’.




Information forwarded to bug-guix <at> gnu.org:
bug#32233; Package guix. (Mon, 23 Jul 2018 20:13:01 GMT) Full text and rfc822 format available.

Message #27 received at 32233-done <at> debbugs.gnu.org (full text, mbox):

From: Clément Lassieur <clement <at> lassieur.org>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: 32233-done <at> debbugs.gnu.org
Subject: Re: bug#32233: Cuirass: Berlin web API times out
Date: Mon, 23 Jul 2018 22:12:23 +0200
Ludovic Courtès <ludo <at> gnu.org> writes:

> Clément Lassieur <clement <at> lassieur.org> skribis:
>
>> Ludovic Courtès <ludo <at> gnu.org> writes:
>>
>>> Clément Lassieur <clement <at> lassieur.org> skribis:
>>>
>>>>> Is the Web UI already in the current ‘cuirass’ package?
>>>>
>>>> Soon!  But I think we should change the NGINX config nonetheless because
>>>> the json API is useful.
>>>
>>> The JSON API is available; see ‘berlin-locations.conf’.
>>>
>>>>> If so, what do we need to change in the nginx config?
>>>>
>>>> I guess we could add:
>>>>
>>>> server {
>>>
>>> [...]
>>>
>>>>     location / {
>>>>         proxy_pass http://localhost:8081;
>>>>     }
>>>> }
>>>
>>> I think this change should go do ‘berlin-locations.conf’.
>>
>> That would conflict with the '/' location of ports 80 and 443.  I was
>> rather thinking about using port 8081 for Cuirass.  In that case the
>> 'server' block would be needed in berlin.conf.  We would also remove
>>
>>     # Cuirass.
>>     location /specifications { proxy_pass http://localhost:8081; }
>>     location /jobsets { proxy_pass http://localhost:8081; }
>>     location /build { proxy_pass http://localhost:8081; }
>>     location /api { proxy_pass http://localhost:8081; }
>>
>> from berlin-locations.conf.
>
> Hmm, I think nginx should still expose both the Cuirass HTTP API and UI
> and ‘guix publish’ on ports 80 and 443.  So we just need to have:
>
>   location / { proxy_pass http://localhost:8081; }
>
> and then exceptions for ‘guix publish’:
>
>   location \.narinfo { … }
>   location /nar/ { … }
>   location /log/ { … }
>   location /file/ { … }
>
> WDYT?  Or am I missing something?

No :-)  Sounds good!




Information forwarded to bug-guix <at> gnu.org:
bug#32233; Package guix. (Sun, 29 Jul 2018 23:26:02 GMT) Full text and rfc822 format available.

Message #30 received at 32233-done <at> debbugs.gnu.org (full text, mbox):

From: Clément Lassieur <clement <at> lassieur.org>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: 32233-done <at> debbugs.gnu.org
Subject: Re: bug#32233: Cuirass: Berlin web API times out
Date: Mon, 30 Jul 2018 01:25:31 +0200
Clément Lassieur <clement <at> lassieur.org> writes:

> Ludovic Courtès <ludo <at> gnu.org> writes:

[...]

>> Hmm, I think nginx should still expose both the Cuirass HTTP API and UI
>> and ‘guix publish’ on ports 80 and 443.  So we just need to have:
>>
>>   location / { proxy_pass http://localhost:8081; }
>>
>> and then exceptions for ‘guix publish’:
>>
>>   location \.narinfo { … }
>>   location /nar/ { … }
>>   location /log/ { … }
>>   location /file/ { … }
>>
>> WDYT?  Or am I missing something?
>
> No :-)  Sounds good!

Pushed!




bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Mon, 27 Aug 2018 11:24:05 GMT) Full text and rfc822 format available.

This bug report was last modified 5 years and 216 days ago.

Previous Next


GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.