Page MenuHomePhabricator
Create Task
Maniphest T130618

Fix http --> https redirect issue in ORES
Closed, ResolvedPublic
Actions

Description

[09:30:57] <halfak> Hey folks. I'm getting bit by the labs proxy and how it handles https. I'm wondering if anyone has a solution to the problem I'm running into. 
[09:31:35] <halfak> So, if you go to "https://ores.wmflabs.org/scores", you'll get redirected to "http://ores.wmflabs.org/scores/"
[09:31:39] <halfak> Note the scheme change!
[09:32:10] <halfak> This happens because the labs proxy converts the https request to http for ORES.
[09:32:27] <halfak> But when ORES issues a redirect, it has no idea that the request came from https
[09:32:33] <halfak> So it issues a 301 for "http"
[09:32:52] <halfak> And the labs proxy ignores the protocol changes and just forwards the response.
[09:33:42] <halfak> Potential solutions: No redirects at all, HTTPS required for all requests, ???

Details

SubjectRepoBranchLines +/-
Revert "ores: Hardcode Host in the HTTPS redirect"operations/puppetproduction+2 -1
Customize query in gerrit

Event Timeline

Halfak created this task.Mar 22 2016, 2:58 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 22 2016, 2:58 PM
Halfak added a comment.Mar 22 2016, 2:59 PM

https://gerrit.wikimedia.org/r/278898

Halfak renamed this task from Fix http --> https redirect issue in ORS to Fix http --> https redirect issue in ORES.Mar 23 2016, 2:36 PM

Just deployed the above change, but now loading http://ores.wmflabs.org in my browser will redirect to https://oresweb.

Ladsgroup closed this task as Resolved.Mar 23 2016, 3:02 PM
Ladsgroup reassigned this task from Halfak to akosiaris.
Ladsgroup triaged this task as High priority.
Ladsgroup moved this task from Review to Completed on the Machine-Learning-Team (Active Tasks) board.
Halfak added a comment.EditedMar 23 2016, 3:49 PM

Here's some notes from a relevant chat in #wikimedia-ai

[10:43:48] <akosiaris> the oresweb btw is due to nginx having upstream oresweb {
[10:43:56] <akosiaris> in it's configuration
[10:44:06] <akosiaris> proxy_pass http://oresweb;
[10:44:37] <halfak> akosiaris, ^ was thinking about that on the whole ride in. 
[10:44:58] <halfak> Where is "oresweb" and how did the config we copied it from document that a hostname must be set in such a way. 
[10:45:40] <akosiaris> so the correct way to fix that
[10:45:49] <akosiaris> is to actually preserve the Host: header
[10:45:56] <akosiaris> proxy_set_header Host            $host;
[10:46:32] <akosiaris> so that the backend HTTP request has the HTTP Host: header the client originally wanted
[10:46:46] <akosiaris> I 'll concoct a change and fix this the nice way
gerritbot subscribed.Mar 23 2016, 4:01 PM

Change 279133 had a related patch set uploaded (by Alexandros Kosiaris):
Revert "ores: Hardcode Host in the HTTPS redirect"

https://gerrit.wikimedia.org/r/279133

gerritbot added a project: Patch-For-Review.Mar 23 2016, 4:01 PM
gerritbot added a comment.Mar 23 2016, 4:06 PM

Change 279133 merged by Alexandros Kosiaris:
Revert "ores: Hardcode Host in the HTTPS redirect"

https://gerrit.wikimedia.org/r/279133

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL