New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
QGIS Server lost the ability to cascade WMS layers published using HTTPS #24371
Comments
Author Name: Giovanni Manghi (@gioman)
|
Author Name: Giovanni Manghi (@gioman)
|
Author Name: Giovanni Manghi (@gioman) I can't pinpoint when this exactly happened by my guess is still sometime along the 2.14.* releases. I had services based in qgis-server 2.14 that did the cascading of other wms/https services correctly. |
Author Name: Giovanni Manghi (@gioman)
I tested the bug using the latest available versions of QGIS server 2.14 and 2.18, while using a QGIS Server 2.8.8 instance it works ok. to At some point (likely in qgis 2.14 point release) QGIS projects containing an external WMS layer (possibly affected also WFS) published using HTTPS stopped to cascade correctly that layers when publishing the project with QGIS Server. I tested the bug using the latest available versions of QGIS server 2.14 and 2.18, while using a QGIS Server 2.8.8 instance it works ok.
|
Author Name: Giovanni Manghi (@gioman)
|
Author Name: Giovanni Manghi (@gioman)
|
Author Name: Giovanni Manghi (@gioman)
|
Author Name: Alessandro Pasotti (@elpaso)
|
Author Name: Alessandro Pasotti (@elpaso) What does exactly mean "stopped to cascade correctly"? |
Author Name: Alessandro Pasotti (@elpaso) I could not reproduce this neither on master or in 2.18.x. Please attach a project that shows the issue (see my test project attached: all layers in the project are cascaded WMS on https ).
|
Author Name: René-Luc ReLuc (@rldhont) I have tested this URL https://gis.tirol.gv.at/arcgis/services/Service_Public/orthofoto/MapServer/WMSServer |
Author Name: René-Luc ReLuc (@rldhont) No issue with master, issue with 2.18 |
Author Name: Alessandro Pasotti (@elpaso) Renè, do I understand right that the issue is only with the cascading GetLegendGraphic not being tranferred/copied/merged? Can you please attach a sample project and sample calls that are supposed to work and do not? |
Author Name: René-Luc ReLuc (@rldhont) Firstly, I can't use the project you provide. For the Request MAP=/tmp/bug_16462.qgs&SERVICE=WMS&REQUEST=GetCapabilities
And this log:
I use this apache vhost:
I have build the server the 30th november 2017 |
Author Name: René-Luc ReLuc (@rldhont) So i have created a project with the layer Image_Aktuell_RGB from this WMS service https://gis.tirol.gv.at/arcgis/services/Service_Public/orthofoto/MapServer/WMSServer and a vector layer (SHP). I have tested this project with:
I can't really help more, I have lost the logs files.
The result is :
|
Author Name: Alessandro Pasotti (@elpaso) Thanks for your tests René, from the results we can conclude that:
I'm focusing mainly on master at this time, so I'll pass this bug over because it does not affect master.
|
Author Name: Giovanni Manghi (@gioman) I'm changing back the description to the original one after having chatted with Alessandro and having provided a clear example (which I cannot share here) that shows that the issue is cascading from a service which uses https (the same service/maps cascaded using http behave as expected).
|
Author Name: René-Luc ReLuc (@rldhont) Does some one has any clue to fix it ? |
Author Name: Giovanni Manghi (@gioman)
|
Author Name: René-Luc ReLuc (@rldhont) I have tested the futur 2.18.18 and I can't reproduced the issue. |
Author Name: René-Luc ReLuc (@rldhont) I have found this error message:
Is it possible to explicitly ignore SSL errors ? The issue is also available for XYZ layers. |
Author Name: Alessandro Pasotti (@elpaso) maybe: it's possible but it must be done for each certificate verification failure by adding a custom SSL configuration to the authentication DB, this is what normally happens in QGIS desktop when you encounter such an error. What happens normally is that when the connection fails due to an SSL error, a dialog pops up asking if you want to ignore the error and/or store the exception permanently (more or less what happens in a normal browser), if you ignore the exception permanently this information is stored in the authentication DB. So: it is not currently possible from the server. Btw, I agree that it might be a useful implementation, even if you should normally be careful to accept insecure connections. |
Author Name: Alessandro Pasotti (@elpaso)
|
Author Name: Anne Blankert (Anne Blankert) I am having the same problem: SSL handshake failed (QGIS server 2.18.19, Ubuntu 16.04). Example WMS service https://geodata.nationaalgeoregister.nl/bag/ows Other software on the Ubuntu machine running QGIS server is able to connect to the same remote HTTPS WMS server without problems. Also QGIS Desktop can connect to the HTTPS WMS server without problems. Maybe QGIS server does not know where to look for CA-certificates? If QGIS server can't validate the HTTPS server certificate, it may abort with an SSL handshake error? I tried to set in the Apache configuration: restarted Apache, but same result: |
Author Name: René-Luc ReLuc (@rldhont) To fix this issue, you have to add HOME environmental variable to a directory in which the directory .qgis2 is writable for the user used by QGIS Server, with Apache2, it's www-data. For exemple, do these commands:
And add this in your apache virtual host:
|
Author Name: Giovanni Manghi (@gioman)
Original Redmine Issue: 16462
Affected QGIS version: 2.18.17
Redmine category:qgis_server
At some point (likely in qgis 2.14 point release) QGIS projects containing an external WMS layer (possibly affected also WFS) published using HTTPS stopped to cascade correctly that layers when publishing the project with QGIS Server.
I tested the bug using the latest available versions of QGIS server 2.14 and 2.18, while using a QGIS Server 2.8.8 instance it works ok.
Related issue(s): #25847 (duplicates)
Redmine related issue(s): 17951
The text was updated successfully, but these errors were encountered: