Project

General

Profile

Bug #9816

Capsule: cannot browse /pub using both http and https

Added by Eric Helms about 7 years ago. Updated almost 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Foreman Proxy Content
Target version:
Difficulty:
Triaged:
Yes
Bugzilla link:
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1198741
Description of problem:

This is a parity issue vis a vis Satellite itself.

In satellite, user can browse to /pub using http and https
In the capsule, currently, user can only browser to https

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Attempt to browse to https://capsule.example.com/pub
2. Attempt to browse to http://capsule.example.com/pub
3. Attempt to browse to https://satellite.example.com/pub
4. Attempt to browse to http://satellite.example.com/pub

Actual results:

User cannot browse to /pub via http ('Forbidden') on a capsule

Expected results:

User can browse via http and/or parity with satellite itself

The problem manifests itself when trying to retrieve the ca-cert from /pub, using curl, or something similar, which doesn't by default allow self-signed certs.

[root@qe-blade-03 ~]# wget https://cloud-qe-3.idmqe.lab.eng.bos.redhat.com/pub/katello-ca-consumer-latest.noarch.rpm
--2015-03-04 12:41:25-- https://cloud-qe-3.idmqe.lab.eng.bos.redhat.com/pub/katello-ca-consumer-latest.noarch.rpm
Resolving cloud-qe-3.idmqe.lab.eng.bos.redhat.com (cloud-qe-3.idmqe.lab.eng.bos.redhat.com)... 10.16.96.112
Connecting to cloud-qe-3.idmqe.lab.eng.bos.redhat.com (cloud-qe-3.idmqe.lab.eng.bos.redhat.com)|10.16.96.112|:443... connected.
ERROR: cannot verify cloud-qe-3.idmqe.lab.eng.bos.redhat.com's certificate, issued by ‘/C=US/ST=North Carolina/L=Raleigh/O=Katello/OU=SomeOrgUnit/CN=rhsm-qe-2.rhq.lab.eng.bos.redhat.com’:
Self-signed certificate encountered.
To connect to cloud-qe-3.idmqe.lab.eng.bos.redhat.com insecurely, use `--no-check-certificate'.

Now, manually user can modify this url to be http only and that sort of resolves the issue. But the fact remains, users can browse to /pub on a satellite itself using both secure and non-secure methods. On the capsule, users can only browse via https.

Are there workarounds? Yes
  • user can use --no-check-certificate in curl
  • user can manually modify URL header even though user cannot actually browse to /pub root

But is it a good customer experience? not really.

Additional info:


Related issues

Related to Katello - Bug #11197: httpd Error: Invalid command 'PassengerEnabled' in Pulp Capsule when --puppet "false" usedResolved2015-07-23

Associated revisions

Revision fadab16f (diff)
Added by Eric Helms about 7 years ago

Fixes #9816: Allow access to /pub on http for things like the boostrap RPM.

Revision fadab16f (diff)
Added by Eric Helms about 7 years ago

Fixes #9816: Allow access to /pub on http for things like the boostrap RPM.

Revision 3be516d0
Added by Eric D Helms about 7 years ago

Merge pull request #39 from ehelms/fixes-9816

Fixes #9816: Allow access to /pub on http for things like the boostrap R...

Revision 3be516d0
Added by Eric D Helms about 7 years ago

Merge pull request #39 from ehelms/fixes-9816

Fixes #9816: Allow access to /pub on http for things like the boostrap R...

Revision bc4bff65 (diff)
Added by Eric Helms about 7 years ago

Fixes #9816: Allow access to /pub on http on Capsules.

Revision b77265f9
Added by Eric D Helms about 7 years ago

Merge pull request #194 from ehelms/fixes-9816

Fixes #9816: Allow access to /pub on http on Capsules.

History

#1 Updated by Eric Helms about 7 years ago

  • Target version set to 68
  • Legacy Backlogs Release (now unused) set to 23
  • Triaged changed from No to Yes

#2 Updated by The Foreman Bot about 7 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/Katello/katello-installer/pull/194 added
  • Pull request deleted ()

#3 Updated by Eric Helms about 7 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#4 Updated by Matthias Thubauville almost 7 years ago

  • Related to Bug #11197: httpd Error: Invalid command 'PassengerEnabled' in Pulp Capsule when --puppet "false" used added

Also available in: Atom PDF