Hi all,
I''m currently trying to get Mongrel running my app whilst fronted by
apache 2.2 in a sub-directory via https. A bit convoluted I''ll grant
you but necessitated by existing systems.
The pertinent parts of my httpd.conf:
<VirtualHost 123.123.123.123:12345> #historic choice of random port number
DocumentRoot /var/www/admin
ServerName admin.example.com:12345
ProxyPass /rails balancer://proxy_group
ProxyPassReverse /rails balancer://proxy_group
<Proxy balancer://proxy_group>
BalancerMember http://127.0.0.1:3000
BalancerMember http://127.0.0.1:3001
</Proxy>
SSLEngine on
...
ssl config continues
...
</VirtualHost>
I''ve seen in a few places [1][2] that the trailing slash is important
on the ProxyPass directive but if I include that then I get a BAD
CLIENT error in mongrel due to too many slashes:
BAD CLIENT (127.0.0.1): Invalid HTTP format, parsing fails.
REQUEST DATA: GET //admin/list_returns HTTP/1.1
The two main problems I have now is that all rendered links are
missing the sub-directory and if any redirects are issued then they
are for http://admin.example.com:12345/ instead of the ssl version
https://admin.example.com:12345/ - is this because mongrel/rails is
only seeing a http request? And if so is it possible to let the app
know that it''s actually https and in a subdirectory?
Paul.
Mongrel version: 0.3.12.4
Server version: Apache/2.2.2
[1] - http://textsnippets.com/posts/show/400
[2] -
http://blog.innerewut.de/articles/2006/04/21/scaling-rails-with-apache-2-2-mod_proxy_balancer-and-mongrel
I would actually like to see an answer to this as well. Any redirect sent from behind ssl results in going to the http url. Any ideas? Thanks, Curtis On 2006-05-08 07:58:27 -0700, "Paul Wright" <wrighty at gmail.com> said:> Hi all, > > I''m currently trying to get Mongrel running my app whilst fronted by > apache 2.2 in a sub-directory via https. A bit convoluted I''ll grant > you but necessitated by existing systems. > > The pertinent parts of my httpd.conf: > > <VirtualHost 123.123.123.123:12345> #historic choice of random port number > > DocumentRoot /var/www/admin > ServerName admin.example.com:12345 > > ProxyPass /rails balancer://proxy_group > ProxyPassReverse /rails balancer://proxy_group > > <Proxy balancer://proxy_group> > BalancerMember http://127.0.0.1:3000 > BalancerMember http://127.0.0.1:3001 > </Proxy> > > SSLEngine on > ... > ssl config continues > ... > </VirtualHost> > > I''ve seen in a few places [1][2] that the trailing slash is important > on the ProxyPass directive but if I include that then I get a BAD > CLIENT error in mongrel due to too many slashes: > > BAD CLIENT (127.0.0.1): Invalid HTTP format, parsing fails. > REQUEST DATA: GET //admin/list_returns HTTP/1.1 > > The two main problems I have now is that all rendered links are > missing the sub-directory and if any redirects are issued then they > are for http://admin.example.com:12345/ instead of the ssl version > https://admin.example.com:12345/ - is this because mongrel/rails is > only seeing a http request? And if so is it possible to let the app > know that it''s actually https and in a subdirectory? > > Paul. > > Mongrel version: 0.3.12.4 > Server version: Apache/2.2.2 > > [1] - http://textsnippets.com/posts/show/400 > [2] - > http://blog.innerewut.de/articles/2006/04/21/scaling-rails-with-apache-2-2-mod_proxy_balancer-and-mongrel>
On Mon, 2006-05-08 at 15:58 +0100, Paul Wright wrote:> Hi all, ><snip>> I''ve seen in a few places [1][2] that the trailing slash is important > on the ProxyPass directive but if I include that then I get a BAD > CLIENT error in mongrel due to too many slashes: >This is really weird that you have to add the //. That type of URL is rejected because it violates the actual URI grammar (from what I understand of it). If balancer needs this, then I''m curious why it''s bleeding that // to the backend. I''ll check it out to find out why this is the accepted wisdom.> The two main problems I have now is that all rendered links are > missing the sub-directory and if any redirects are issued then they > are for http://admin.example.com:12345/ instead of the ssl version > https://admin.example.com:12345/ - is this because mongrel/rails is > only seeing a http request? And if so is it possible to let the app > know that it''s actually https and in a subdirectory?I''ll have to look at this. It might be that mongrel will have to detect that the request was secured and add the https, but I really think Rails should do this since this is where the redirect is generated. Take a look at the headers that Mongrel receives and see if you are getting the header that indicates the request was secured. If you are then Rails must not be honoring it. If not then you need to tell your web server to start sending it. -- Zed A. Shaw http://www.zedshaw.com/ http://mongrel.rubyforge.org/
On 10/05/06, Zed Shaw <zedshaw at zedshaw.com> wrote:> On Mon, 2006-05-08 at 15:58 +0100, Paul Wright wrote: > > Hi all, > > > <snip> > > > I''ve seen in a few places [1][2] that the trailing slash is important > > on the ProxyPass directive but if I include that then I get a BAD > > CLIENT error in mongrel due to too many slashes: > > > This is really weird that you have to add the //. That type of URL is > rejected because it violates the actual URI grammar (from what I > understand of it). If balancer needs this, then I''m curious why it''s > bleeding that // to the backend. > > I''ll check it out to find out why this is the accepted wisdom.I personally don''t have to add the trailing slash to the setup and, after going back over the places I saw it mentioned only one of them claimed it needed to be there. The other was warning against it. So just discard the above. I think.> > The two main problems I have now is that all rendered links are > > missing the sub-directory and if any redirects are issued then they > > are for http://admin.example.com:12345/ instead of the ssl version > > https://admin.example.com:12345/ - is this because mongrel/rails is > > only seeing a http request? And if so is it possible to let the app > > know that it''s actually https and in a subdirectory? > > I''ll have to look at this. It might be that mongrel will have to detect > that the request was secured and add the https, but I really think Rails > should do this since this is where the redirect is generated. > > Take a look at the headers that Mongrel receives and see if you are > getting the header that indicates the request was secured. If you are > then Rails must not be honoring it. If not then you need to tell your > web server to start sending it.Having run mongrel in debug mode I''ve looked at the headers and there''s nothing there to suggest that Apache has proxied a https connection. Looking through the Rails source[1] I see that there are two situations where Rails will generate https links 153 def ssl? 154 @env[''HTTPS''] == ''on'' || @env[''HTTP_X_FORWARDED_PROTO''] == ''https'' 155 end I had thought that I could used the [E=VAR:VAL] flag on a Rewrite rule but then I remembered that we''re proxying to an independant http server (mongrel) so it wouldn''t make it across. I''ve got it working by adding RequestHeader directive to my Rewrite rules: RewriteEngine On # Punt any pontential 404s to the proxy RewriteCond %{REQUEST_FILENAME} ^/rails/.* RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f RequestHeader set X_FORWARDED_PROTO ''https'' RewriteRule ^/rails/(.*)$ balancer://proxy_group/$1 [proxy] (I don''t know apache well enough to know whether the RequestHeader will fire only apply when the RewriteCond or for every request to this VirtualHost but I''m confident it won''t hurt non-rails requests.) All that''s left now is working out how to set the environment variable RAILS_RELATIVE_URL_ROOT... Any clues? Paul. [1] - http://dev.rubyonrails.org/browser/trunk/actionpack/lib/action_controller/request.rb
Paul wrote: Looking through the Rails source[1] I see that there are> two situations where Rails will generate https links > > 153 def ssl? > 154 @env[''HTTPS''] == ''on'' || @env[''HTTP_X_FORWARDED_PROTO''] => ''https'' > 155 end > > I had thought that I could used the [E=VAR:VAL] flag on a Rewrite rule > but then I remembered that we''re proxying to an independant http > server (mongrel) so it wouldn''t make it across. I''ve got it working > by adding RequestHeader directive to my Rewrite rules: >Does anybody know under what conditions Apache sets these environment variables? Should Mongrel set one of these variables if the protocol is https, or is it too late to make that call by the time it gets to Mongrel, since Mongrel can''t guarantee that the request was sent over SSL? Josh http://shnoo.gr -------------- next part -------------- An HTML attachment was scrubbed... URL: http://rubyforge.org/pipermail/mongrel-users/attachments/20060510/fe7e1c54/attachment.htm
Just out of curiosity, have you tried proxying your requests from Apache to Mongrel without using the Proxy Balancer? In other words, taking the balancer out of the equation by just: ProxyPass /rails http://localhost:3000/ Granted I''m not using SSL, but I am in the process of setting up Apache/mod_proxy/Mongrel and everything works great if I just do a direct ProxyPass. When I try to use the balancer things go haywire... I don''t have any answers, I just read your post and noticed that you were using the balancer and having problems. Removing the balancer from the setup might be an interesting troubleshooting exercise... Jeremy On 5/10/06, Paul Wright <wrighty at gmail.com> wrote:> > On 10/05/06, Zed Shaw <zedshaw at zedshaw.com> wrote: > > On Mon, 2006-05-08 at 15:58 +0100, Paul Wright wrote: > > > Hi all, > > > > > <snip> > > > > > I''ve seen in a few places [1][2] that the trailing slash is important > > > on the ProxyPass directive but if I include that then I get a BAD > > > CLIENT error in mongrel due to too many slashes: > > > > > This is really weird that you have to add the //. That type of URL is > > rejected because it violates the actual URI grammar (from what I > > understand of it). If balancer needs this, then I''m curious why it''s > > bleeding that // to the backend. > > > > I''ll check it out to find out why this is the accepted wisdom. > > I personally don''t have to add the trailing slash to the setup and, > after going back over the places I saw it mentioned only one of them > claimed it needed to be there. The other was warning against it. So > just discard the above. I think. > > > > The two main problems I have now is that all rendered links are > > > missing the sub-directory and if any redirects are issued then they > > > are for http://admin.example.com:12345/ instead of the ssl version > > > https://admin.example.com:12345/ - is this because mongrel/rails is > > > only seeing a http request? And if so is it possible to let the app > > > know that it''s actually https and in a subdirectory? > > > > I''ll have to look at this. It might be that mongrel will have to detect > > that the request was secured and add the https, but I really think Rails > > should do this since this is where the redirect is generated. > > > > Take a look at the headers that Mongrel receives and see if you are > > getting the header that indicates the request was secured. If you are > > then Rails must not be honoring it. If not then you need to tell your > > web server to start sending it. > > Having run mongrel in debug mode I''ve looked at the headers and > there''s nothing there to suggest that Apache has proxied a https > connection. Looking through the Rails source[1] I see that there are > two situations where Rails will generate https links > > 153 def ssl? > 154 @env[''HTTPS''] == ''on'' || @env[''HTTP_X_FORWARDED_PROTO''] => ''https'' > 155 end > > I had thought that I could used the [E=VAR:VAL] flag on a Rewrite rule > but then I remembered that we''re proxying to an independant http > server (mongrel) so it wouldn''t make it across. I''ve got it working > by adding RequestHeader directive to my Rewrite rules: > > RewriteEngine On > # Punt any pontential 404s to the proxy > RewriteCond %{REQUEST_FILENAME} ^/rails/.* > RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f > RequestHeader set X_FORWARDED_PROTO ''https'' > RewriteRule ^/rails/(.*)$ balancer://proxy_group/$1 [proxy] > > (I don''t know apache well enough to know whether the RequestHeader > will fire only apply when the RewriteCond or for every request to this > VirtualHost but I''m confident it won''t hurt non-rails requests.) > > All that''s left now is working out how to set the environment variable > RAILS_RELATIVE_URL_ROOT... Any clues? > > Paul. > > [1] - > http://dev.rubyonrails.org/browser/trunk/actionpack/lib/action_controller/request.rb > > _______________________________________________ > Mongrel-users mailing list > Mongrel-users at rubyforge.org > http://rubyforge.org/mailman/listinfo/mongrel-users >-------------- next part -------------- An HTML attachment was scrubbed... URL: http://rubyforge.org/pipermail/mongrel-users/attachments/20060510/da1cdaa0/attachment.htm
On 10/05/06, Paul Wright <wrighty at gmail.com> wrote:> All that''s left now is working out how to set the environment variable > RAILS_RELATIVE_URL_ROOT... Any clues?Just in case anyone else is following along, I found the solution to be to add the following line to the top of my config/routes.rb above everything else: ActionController::AbstractRequest.relative_url_root = "/rails" And then alter my apache config to look like this: RewriteEngine On # Punt any pontential 404s to the proxy RewriteCond %{REQUEST_FILENAME} ^/rails/.* RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f RequestHeader set X_FORWARDED_PROTO ''https'' RewriteRule ^/(.*)$ balancer://proxy_group/$1 [proxy] Thus the full request_filename is given to mongrel (including the preceeding /rails/) and it knows what to do with it because of the additional line in routes.rb. Cheers for the suggestions, Paul.
So, Paul, do you have Apache do the asset (CSS,JS,image) serving? I''m
trying your recipe, and the rails app works fine, but I get 404 errors for
the assets.
Here''s my setup:
httpd.conf
<Proxy balancer://cyapm>
BalancerMember http://127.0.0.1:8100
BalancerMember http://127.0.0.1:8101
BalancerMember http://127.0.0.1:8102
BalancerMember http://127.0.0.1:8103
BalancerMember http://127.0.0.1:8104
</Proxy>
RewriteEngine On
# Punt any pontential 404s to the proxy
RewriteCond %{REQUEST_FILENAME} ^/timesheets/.*
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
# for HTTPS
#RequestHeader set X_FORWARDED_PROTO ''https''
RewriteRule ^/(.*)$ balancer://cyapm/$1 [proxy]
And in /var/www/rails/cyapm/current/config/environments.rb (appended at the
end):
ActionController::AbstractRequest.relative_url_root = "/timesheets"
If I connect directly to a mongrel, say http://ciwebdev:8100/, the Rails
app lives at /timesheets, but the assets live in /stylesheets,
/javascripts, /images. The links Rails generates now expects them to be in
/timesheets/stylesheets, /timesheets/javascripts, /timesheets/images.
Do you have any Rewrite magic for that?
=Will Green
Web Developer & IT Coordinator, URS Creative Imaging
http://www.urscreativeimaging.com/
This e-mail and any attachments are confidential. If you receive this
message in error or are not the intended recipient, you should not retain,
distribute, disclose or use any of this information and you should destroy
the e-mail and any attachments or copies.
On Wed, 2006-05-10 at 16:24 +0100, Paul Wright wrote:> On 10/05/06, Paul Wright <wrighty at gmail.com> wrote: > > All that''s left now is working out how to set the environment variable > > RAILS_RELATIVE_URL_ROOT... Any clues? > > Just in case anyone else is following along, I found the solution to > be to add the following line to the top of my config/routes.rb above > everything else: > > ActionController::AbstractRequest.relative_url_root = "/rails" > > And then alter my apache config to look like this: > > RewriteEngine On > # Punt any pontential 404s to the proxy > RewriteCond %{REQUEST_FILENAME} ^/rails/.* > RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f > RequestHeader set X_FORWARDED_PROTO ''https'' > RewriteRule ^/(.*)$ balancer://proxy_group/$1 [proxy] > > Thus the full request_filename is given to mongrel (including the > preceeding /rails/) and it knows what to do with it because of the > additional line in routes.rb.Thanks Paul, this is great stuff. I''ll be sure to include it in the deploying to apache documentation. -- Zed A. Shaw http://www.zedshaw.com/ http://mongrel.rubyforge.org/
On 10/05/06, Will_Green at urscorp.com <Will_Green at urscorp.com> wrote:> So, Paul, do you have Apache do the asset (CSS,JS,image) serving? I''m > trying your recipe, and the rails app works fine, but I get 404 errors for > the assets. > > Here''s my setup: > > httpd.conf > > <Proxy balancer://cyapm> > BalancerMember http://127.0.0.1:8100 > BalancerMember http://127.0.0.1:8101 > BalancerMember http://127.0.0.1:8102 > BalancerMember http://127.0.0.1:8103 > BalancerMember http://127.0.0.1:8104 > </Proxy> > > RewriteEngine On > # Punt any pontential 404s to the proxy > RewriteCond %{REQUEST_FILENAME} ^/timesheets/.* > RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f > # for HTTPS > #RequestHeader set X_FORWARDED_PROTO ''https'' > RewriteRule ^/(.*)$ balancer://cyapm/$1 [proxy] > > And in /var/www/rails/cyapm/current/config/environments.rb (appended at the > end): > > ActionController::AbstractRequest.relative_url_root = "/timesheets" > > If I connect directly to a mongrel, say http://ciwebdev:8100/, the Rails > app lives at /timesheets, but the assets live in /stylesheets, > /javascripts, /images. The links Rails generates now expects them to be in > /timesheets/stylesheets, /timesheets/javascripts, /timesheets/images. > > Do you have any Rewrite magic for that?What I failed to mention is that for the setup we have here instead of having /public/ be the document root we instead have /rails/ be a symlink to the app''s /public/ directory, thus the normal javascript files live in /rails/javascript/ for us and the generated URLs are right. We''ve got this setup so that rails stuff lives in it''s own directory without touching any of the other parts of the web root. For an example of doing this without having the subdirectory issue check out this set of instructions - it''s what I started out with and then butchered into the above config: http://blog.innerewut.de/articles/2006/04/21/scaling-rails-with-apache-2-2-mod_proxy_balancer-and-mongrel Paul.
OK, got it working now! Here''s the relevant part from httpd.conf (app
resides in /timesheets)
# Timesheets
<Proxy balancer://cyapm>
BalancerMember http://127.0.0.1:8100
BalancerMember http://127.0.0.1:8101
BalancerMember http://127.0.0.1:8102
BalancerMember http://127.0.0.1:8103
BalancerMember http://127.0.0.1:8104
</Proxy>
RewriteEngine On
RewriteRule ^/timesheets$ balancer://cyapm/timesheets/ [proxy]
RewriteCond %{REQUEST_FILENAME}
(engine_files|images|javascripts|stylesheets)/(.*)$
RewriteRule ^/timesheets/(.*)$ balancer://cyapm/$1 [proxy]
# Punt any pontential 404s to the proxy
RewriteCond %{REQUEST_FILENAME} ^/timesheets/.*
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
# for HTTPS
#RequestHeader set X_FORWARDED_PROTO ''https''
RewriteRule ^/(.*)$ balancer://cyapm/$1 [proxy]
=Will Green
Web Developer & IT Coordinator, URS Creative Imaging
http://www.urscreativeimaging.com/
This e-mail and any attachments are confidential. If you receive this
message in error or are not the intended recipient, you should not retain,
distribute, disclose or use any of this information and you should destroy
the e-mail and any attachments or copies.