New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Change the port to appropriate number when using HTTP and HTTPS for the console #57

Closed
wants to merge 1 commit into
base: master
from

Conversation

Projects
None yet
2 participants
@Coder206
Copy link
Member

Coder206 commented Apr 14, 2017

If you could take a look at the modification and test it for an HTTPS state that would be greatly appreciated. Unless this PR is breaking a feature ;)

Problem
I was running Janitor with node app and it says http://localhost:8080 in the console. Port 8080 is the HTTPS port according to db.json. This would make it more challenging to simply click the link to navigate to the page.

Solution
I cloned the concept changing the link from https://localhost:8080 to http://localhost:8080 with regards to the port number. The expected result now is https://localhost:8080 for HTTPS and http://localhost:8081 for HTTP.

@Coder206

This comment has been minimized.

Copy link
Member

Coder206 commented Apr 14, 2017

@jankeromnes After more tests in a non Janitor in Janitor container it appears that this PR is detrimental to the project as it prevents the user to get to the page.

@jankeromnes jankeromnes self-requested a review Apr 14, 2017

@jankeromnes

This comment has been minimized.

Copy link
Member

jankeromnes commented Apr 14, 2017

Hi @Coder206, thanks a lot for reporting this problem, and even submitting a pull request to try and fix it!

The exact purpose of the hostname and port names in db.json can be a little hard to guess, so I'll share a few more details on what they're for:

hostname

The Janitor service expects to run on a given hostname (like "janitor.technology", or "moz1.janitor.technology"), and will embed the hostname string in many different URLs (e.g. the [ok] Janitor → https://janitor.technology:1443 URL printed in the logs, the sign-in links sent to users via email, Cloud9 URL parameters to point the IDE to the right host and port of a container, etc.)

ports.http & ports.https

The ports.http and ports.https ports could in theory be set to 80 and 443 respectively, allowing you do use the Janitor service via http://hostname and https://hostame directly without specifying non-standard ports, but running servers on ports below 1024 requires root privileges.

To work around this, we usually set them to higher values, e.g. 1080 and 1443, or 8081 and 8080, but since the service expects to work on standard http://hostname and https://hostname URLs, we need a separate mechanism to pipe the higher ports to 80 and 443. This can be done with an iptables redirection (make ports can set this up for you), or by installing a reverse proxy like nginx to pipe all traffic from 1080 to 80 and from 1443 to 443 (it is considered a good practice to run web services behind a reverse proxy in production, and can be used to perform additional optimizations and security checks on incoming and outgoing traffic).

ports.http is used by an HTTP server that simply redirects most requests to an HTTPS URL (without a non-standard port). (An exception is made for Let's Encrypt HTTP challenge tokens, which need to be served over HTTP using a secret URL.)

ports.https is actually a bit of a misnomer, because it is used by the main Janitor web service (HTTPS by default), but setting security.forceHttp to true causes Janitor to serve HTTP content on ports.https (for example, you could be serving unencrypted HTTP on port 1443, but have an nginx reverse proxy encapsulate this traffic into HTTPS on port 443). Maybe renaming this port ports.janitor would be less confusing.

@jankeromnes

This comment has been minimized.

Copy link
Member

jankeromnes commented Apr 14, 2017

So more specifically for the problem you saw, if running node app tells you [ok] Janitor → http://localhost:8080, it means the server is actually serving HTTP content on port 8080, and clicking the link on your local computer should work directly.

However, if you're running this in Janitor or in Cloud9, you don't have an easy way to access the http://localhost:8080 of your container (instead, this will be exposed via a proxy, on URLs like https://moz1.janitor.technology/<containerID>/8080/ or https://project-name.c9users.io/, respectively).

You could set hostname in db.json to either moz1.janitor.technology (when in Janitor) or project-name.c9users.io (when in Cloud9). However, this will print a URL like http://moz1.janitor.technology:8080 in the logs, which still won't work (because the proxied URL will actually look like https://moz1.janitor.technology/<containerID>/8080/ instead).

In order to make these URLs easier to find, I think we should:

  • implement a button in https://janitor.technology/contributions/ to "open port 8080 of your container", and/or
  • fix the "Preview Running Application" link in Cloud9 IDE to point to the right URL, e.g. with a Cloud9 plugin.

@jankeromnes jankeromnes added the Server label Apr 24, 2017

@jankeromnes jankeromnes removed their request for review Jun 30, 2017

@jankeromnes

This comment has been minimized.

Copy link
Member

jankeromnes commented Jun 30, 2017

We should definitely address the two points from the previous comment, but I don't think we'll want to go forward with this PR's suggested change, so I'll close it for now. Thanks a lot for raising these important issues!

@Coder206 Coder206 deleted the Coder206:ports branch Jun 30, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment