apache-frontend's People
apache-frontend's Issues
httpd service do no start on centos 7
I'm working on a data-node on Centos7 with esgf 2.6.7.
This release change the apache frontend from esgf-httpd service (using old init.d) to httpd (over systemd)
using /etc/sysconfig/httpd config file.
But the systemd script goes into timeout, so do not start :
mars 23 07:46:32 esg1.umr-cnrm.fr systemd[1]: Ignoring invalid environment assignment 'export LD_LIBRARY_PATH=/opt/esgf/python/lib:/opt/esgf/python/lib/python2.7:/opt/esgf/python/lib/python2.7/site-packages/mod_wsgi/server': /etc/sysconfig/httpd
mars 23 07:46:32 esg1.umr-cnrm.fr systemd[1]: Starting The Apache HTTP Server...
mars 23 07:48:02 esg1.umr-cnrm.fr systemd[1]: httpd.service start operation timed out. Terminating.
mars 23 07:48:17 esg1.umr-cnrm.fr apache[696]: 127.0.0.1 - - [23/Mar/2018:07:48:17 +0000] "GET / HTTP/1.1" 302 202
mars 23 07:49:32 esg1.umr-cnrm.fr systemd[1]: httpd.service stop-final-sigterm timed out. Killing.
mars 23 07:49:32 esg1.umr-cnrm.fr systemd[1]: httpd.service: main process exited, code=killed, status=9/KILL
mars 23 07:49:32 esg1.umr-cnrm.fr systemd[1]: Failed to start The Apache HTTP Server.
mars 23 07:49:32 esg1.umr-cnrm.fr systemd[1]: Unit httpd.service entered failed state.
mars 23 07:49:32 esg1.umr-cnrm.fr systemd[1]: httpd.service failed.
to fix the problem, I had to patch the /lib/systemd/system/httpd.service :
8c8,9
< Type=notify
#Type=notify
Type=forking
10c11,12
< ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND
#ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND
ExecStart=/usr/sbin/httpd $OPTIONS
/etc/init.d/esgf-httpd bad code
I had a look at systemd logs after 2.6.5 upgrade on a data-node ( in centos 7)
and I have error messages such
mars 09 09:54:16 esg1.umr-cnrm.fr systemd[1]: Ignoring invalid environment assignment 'export LD_LIBRARY_PATH=/opt/esgf/python/lib:/opt/esgf/python/lib/python2.7:/opt/esgf/python/lib/python2.7/site-packages/...
the problem comes from /etc/init.d/esgf-httpd. I do not understand why apache needs a python configuration
Set nosniff header
The NOAA security scan has identified a vulnerability in the ability of browser to "sniff" the mime type of the content served by CoG. We should set the header:
X-Content-Type-Options nosniff
which is at least followed by IE and Chrome.
Secure Solr updates to slave instance.
The Solr master is hidden behind the firewall on port 8984, but the apache httpd module forwards requests from port 80 to the slave on port 8983, which should be secured.
Set HSTS headers
The httpd front-end should set the HSTS (HTTP Strict Transport Security) header in all SSL requests.
Convert from bash to python and modularize
The proxied apps and mod_wsgi entries should support only whichever components get deployed. This at first will conform to node type options. Eg. CoG on index (for now), SLCS on IdP. esgf-nm on registry-supporting nodes (most data-nodes should have this).
This issue is a feature request for the 3.x effort. (long term goal).
landing page for / on servers without CoG
Remove CoG from the setup, replace with a static page (used to be old node manager diagram)
The solution for this probably means refactoring the apache setup template into something more modular, so the CoG site is only added when CoG is installed
cog errors appear in apache log file on data only nodes
Hi,
We should probably have a data only node specific config for apache or we will find these errors in the log:
Target WSGI script not found or unable to stat: /usr/local/cog
Remove Flask demo application
Currently the httpd configuration includes a Flask demo application, which has been flagged by the NOAA security scan for removal.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.