Skip to content

Resolve reverse-proxy configuration issues in server setup #2099

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dbutenhof opened this issue Feb 8, 2021 · 3 comments
Closed

Resolve reverse-proxy configuration issues in server setup #2099

dbutenhof opened this issue Feb 8, 2021 · 3 comments
Labels
bug Code Infrastructure packaging Issues related to software packaging Server wontfix
Milestone
v0.71

Comments

@dbutenhof
Copy link
Member

dbutenhof commented Feb 8, 2021
edited
Loading

I packaged a straightforward Apache reverse-proxy mechanism in our Ansible setup, and I realized in the jam session that this isn't really what we want (but decided not to bog things down at the time worrying about it).

We really have two incompatible configurations; for normal developer testing, and likely for some "customers", the local Apache reverse-proxy is convenient without requiring any external moving pieces.

However, our production and staging server configurations are set up with an external NGINX configuration to reverse-proxy server access from the pbench.perf.lab.eng.bos.redhat.com alias and a specific port. In this case, we need to take a few different steps in configuration:

  1. We don't need to set up the Apache reverse-proxy
  2. We need to open the designated server API port (e.g., 8001) in the firewall so the NGINX can forward to it.

I started thinking about this in terms of my endpoint configuration API when added the Apache reverse-proxy; we need to at least document a clear solution. When I get back to the endpoint configuration, I'll be adding a new config variable to the .cfg file, to specify the node name and port we expect clients to use rather than the actual local port and hostname. E.g.,

[pbench-server]
proxy_host = pbench.perf.lab.eng.bos.redhat.com:8901

We may need a pair of configuration Ansible roles to configure the server appropriately for local or remote reverse-proxy. Ansible could, for example, pull the proxy_host config variable as a fact, and switch between roles to "configure local Apache reverse proxy" and "prepare for a remote reverse proxy". The default proxy_host value is %(host)s which is standard http port 80 on the advertised local Pbench host. If it's pretty much anything else, we could probably assume a remote proxy.

Note that we can't supply the Apache config files to listen on a special external NIC, as we currently do in our lab, because we have no way to know any of that. We can, however, open the rest_port in firewalld to help a bit.
@npalaska

This comment has been minimized.

Sign in to view
@portante portante added this to the v0.71 milestone Feb 9, 2021
@portante portante added bug Code Infrastructure packaging Issues related to software packaging Server labels Feb 9, 2021
@dbutenhof
Copy link
Member Author

8081?

Random number, really; whatever port we want to reverse-proxy from NGINX. :-)

@dbutenhof dbutenhof mentioned this issue Feb 24, 2021
Merged
@portante
Copy link
Member

PR #2024 resolved the need for exposing the use of a reverse-proxy.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Code Infrastructure packaging Issues related to software packaging Server wontfix
Projects
None yet
Milestone
v0.71
Development

No branches or pull requests
3 participants
@portante @npalaska @dbutenhof