port mapping 8080 to 8443 is broken

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

port mapping 8080 to 8443 is broken

taher
I'm not sure who committed what, but now the automatic redirection from
8080 to 8443 ssl is broken. Jacques is this related to your work on port
offset stuff?
Reply | Threaded
Open this post in threaded view
|

Re: port mapping 8080 to 8443 is broken

Jacques Le Roux
Administrator
Le 02/03/2017 à 15:52, Taher Alkhateeb a écrit :
> I'm not sure who committed what, but now the automatic redirection from
> 8080 to 8443 ssl is broken. Jacques is this related to your work on port
> offset stuff?
>
This is only with localhost, right?
If it's the case, I guess it's related to OFBIZ-9206 but I have no time to look at it right now

Jacques

Reply | Threaded
Open this post in threaded view
|

Re: port mapping 8080 to 8443 is broken

Jacques Le Roux
Administrator
Le 02/03/2017 à 17:12, Jacques Le Roux a écrit :

> Le 02/03/2017 à 15:52, Taher Alkhateeb a écrit :
>> I'm not sure who committed what, but now the automatic redirection from
>> 8080 to 8443 ssl is broken. Jacques is this related to your work on port
>> offset stuff?
>>
> This is only with localhost, right?
> If it's the case, I guess it's related to OFBIZ-9206 but I have no time to look at it right now
>
> Jacques
>
>
See my comments at OFBIZ-9242

Jacques

Reply | Threaded
Open this post in threaded view
|

Re: port mapping 8080 to 8443 is broken

taher
Okay so it seems this issue was introduced by your work based on what I
read in jira. I don't think you should apply code changes that cause
regressions like this one.

On Mar 3, 2017 4:40 PM, "Jacques Le Roux" <[hidden email]>
wrote:

> Le 02/03/2017 à 17:12, Jacques Le Roux a écrit :
>
>> Le 02/03/2017 à 15:52, Taher Alkhateeb a écrit :
>>
>>> I'm not sure who committed what, but now the automatic redirection from
>>> 8080 to 8443 ssl is broken. Jacques is this related to your work on port
>>> offset stuff?
>>>
>>> This is only with localhost, right?
>> If it's the case, I guess it's related to OFBIZ-9206 but I have no time
>> to look at it right now
>>
>> Jacques
>>
>>
>> See my comments at OFBIZ-9242
>
> Jacques
>
>
Reply | Threaded
Open this post in threaded view
|

Re: port mapping 8080 to 8443 is broken

taher
I faced this issue again while trying some tests today, and I read your
comments which refer to this as "not a bug".

So my question is: if we should not use 8080 as the port, why is it enabled
in the first place in OFBiz? why not disable it completely instead of
confusing people.

On Fri, Mar 3, 2017 at 10:49 PM, Taher Alkhateeb <[hidden email]
> wrote:

> Okay so it seems this issue was introduced by your work based on what I
> read in jira. I don't think you should apply code changes that cause
> regressions like this one.
>
> On Mar 3, 2017 4:40 PM, "Jacques Le Roux" <[hidden email]>
> wrote:
>
>> Le 02/03/2017 à 17:12, Jacques Le Roux a écrit :
>>
>>> Le 02/03/2017 à 15:52, Taher Alkhateeb a écrit :
>>>
>>>> I'm not sure who committed what, but now the automatic redirection from
>>>> 8080 to 8443 ssl is broken. Jacques is this related to your work on port
>>>> offset stuff?
>>>>
>>>> This is only with localhost, right?
>>> If it's the case, I guess it's related to OFBIZ-9206 but I have no time
>>> to look at it right now
>>>
>>> Jacques
>>>
>>>
>>> See my comments at OFBIZ-9242
>>
>> Jacques
>>
>>
Reply | Threaded
Open this post in threaded view
|

Re: port mapping 8080 to 8443 is broken

Michael Brohl-3
Unfortunately I have not the time to dig deeper into this but I've got a
bad feeling about this and similar threads we had lately.

Ports 8080 and 8443 are used for a long time without problems and it's a
common production setting if you run OFBiz behind a webserver connected
through AJP. I don't see any reason why we should not use port 8080 in
OFBiz, even it is getting more common to have everything on https.

Even if this work is done in trunk, which is regarded as unstable, we
should take more care to commit consistent and working code instead of
using trunk as a playground and dumping place for unfinished work.

I'm in favor to better not commit and wait until everything works as
expected instead of beginning work, committing and then leave it as is
because there is "no time to look at it right now". We can always use
branches for this kind of work.

My apologies if I got this wrong but I feel uneasy with this approach.

Best regards,

Michael


Am 13.03.17 um 16:55 schrieb Taher Alkhateeb:

> I faced this issue again while trying some tests today, and I read your
> comments which refer to this as "not a bug".
>
> So my question is: if we should not use 8080 as the port, why is it enabled
> in the first place in OFBiz? why not disable it completely instead of
> confusing people.
>
> On Fri, Mar 3, 2017 at 10:49 PM, Taher Alkhateeb <[hidden email]
>> wrote:
>> Okay so it seems this issue was introduced by your work based on what I
>> read in jira. I don't think you should apply code changes that cause
>> regressions like this one.
>>
>> On Mar 3, 2017 4:40 PM, "Jacques Le Roux" <[hidden email]>
>> wrote:
>>
>>> Le 02/03/2017 à 17:12, Jacques Le Roux a écrit :
>>>
>>>> Le 02/03/2017 à 15:52, Taher Alkhateeb a écrit :
>>>>
>>>>> I'm not sure who committed what, but now the automatic redirection from
>>>>> 8080 to 8443 ssl is broken. Jacques is this related to your work on port
>>>>> offset stuff?
>>>>>
>>>>> This is only with localhost, right?
>>>> If it's the case, I guess it's related to OFBIZ-9206 but I have no time
>>>> to look at it right now
>>>>
>>>> Jacques
>>>>
>>>>
>>>> See my comments at OFBIZ-9242
>>> Jacques
>>>
>>>


smime.p7s (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: port mapping 8080 to 8443 is broken

Paul Foxworthy
Hi all,

I agree with Taher, we should simply remove non-SSL access. The world is
rapidly moving to SSL only.

It is now close to essential that passwords should be encrypted in transit
for a serious system like OFBiz.

Cheers

Paul Foxworthy


On 14 March 2017 at 07:18, Michael Brohl <[hidden email]> wrote:

> Unfortunately I have not the time to dig deeper into this but I've got a
> bad feeling about this and similar threads we had lately.
>
> Ports 8080 and 8443 are used for a long time without problems and it's a
> common production setting if you run OFBiz behind a webserver connected
> through AJP. I don't see any reason why we should not use port 8080 in
> OFBiz, even it is getting more common to have everything on https.
>
> Even if this work is done in trunk, which is regarded as unstable, we
> should take more care to commit consistent and working code instead of
> using trunk as a playground and dumping place for unfinished work.
>
> I'm in favor to better not commit and wait until everything works as
> expected instead of beginning work, committing and then leave it as is
> because there is "no time to look at it right now". We can always use
> branches for this kind of work.
>
> My apologies if I got this wrong but I feel uneasy with this approach.
>
> Best regards,
>
> Michael
>
>
> Am 13.03.17 um 16:55 schrieb Taher Alkhateeb:
>
> I faced this issue again while trying some tests today, and I read your
>> comments which refer to this as "not a bug".
>>
>> So my question is: if we should not use 8080 as the port, why is it
>> enabled
>> in the first place in OFBiz? why not disable it completely instead of
>> confusing people.
>>
>> On Fri, Mar 3, 2017 at 10:49 PM, Taher Alkhateeb <
>> [hidden email]
>>
>>> wrote:
>>> Okay so it seems this issue was introduced by your work based on what I
>>> read in jira. I don't think you should apply code changes that cause
>>> regressions like this one.
>>>
>>> On Mar 3, 2017 4:40 PM, "Jacques Le Roux" <[hidden email]>
>>> wrote:
>>>
>>> Le 02/03/2017 à 17:12, Jacques Le Roux a écrit :
>>>>
>>>> Le 02/03/2017 à 15:52, Taher Alkhateeb a écrit :
>>>>>
>>>>> I'm not sure who committed what, but now the automatic redirection from
>>>>>> 8080 to 8443 ssl is broken. Jacques is this related to your work on
>>>>>> port
>>>>>> offset stuff?
>>>>>>
>>>>>> This is only with localhost, right?
>>>>>>
>>>>> If it's the case, I guess it's related to OFBIZ-9206 but I have no time
>>>>> to look at it right now
>>>>>
>>>>> Jacques
>>>>>
>>>>>
>>>>> See my comments at OFBIZ-9242
>>>>>
>>>> Jacques
>>>>
>>>>
>>>>
>
>


--
Coherent Software Australia Pty Ltd
PO Box 2773
Cheltenham Vic 3192
Australia

Phone: +61 3 9585 6788
Web: http://www.coherentsoftware.com.au/
Email: [hidden email]
--
Coherent Software Australia Pty Ltd
http://www.coherentsoftware.com.au/

Bonsai ERP, the all-inclusive ERP system
http://www.bonsaierp.com.au/
Reply | Threaded
Open this post in threaded view
|

Re: port mapping 8080 to 8443 is broken

taher
Hi Paul,

While the proposition to move to SSL is open for discussion elsewhere, I
share Michael's concern that the issue we are discussing here might have
not been done properly. The discussion in JIRAs and the way the commits
were done gives me the impression that this was a quick hack more than a
proper solution, and it did leave the system broken because I can go to any
URL in OFBiz like say http://localhost:8080/partymgr and it will transfer
me to https://localhost/partymgr/control and gives me a resource not found
error. This is a broken system!

As for switching to SSL, I don't know actually, but I would think a proper
solution is perhaps to make this into a configuration instead of a flat-out
block of port 8080.

Regards,

Taher Alkhateeb

On Tue, Mar 14, 2017 at 3:47 AM, Paul Foxworthy <[hidden email]> wrote:

> Hi all,
>
> I agree with Taher, we should simply remove non-SSL access. The world is
> rapidly moving to SSL only.
>
> It is now close to essential that passwords should be encrypted in transit
> for a serious system like OFBiz.
>
> Cheers
>
> Paul Foxworthy
>
>
> On 14 March 2017 at 07:18, Michael Brohl <[hidden email]> wrote:
>
> > Unfortunately I have not the time to dig deeper into this but I've got a
> > bad feeling about this and similar threads we had lately.
> >
> > Ports 8080 and 8443 are used for a long time without problems and it's a
> > common production setting if you run OFBiz behind a webserver connected
> > through AJP. I don't see any reason why we should not use port 8080 in
> > OFBiz, even it is getting more common to have everything on https.
> >
> > Even if this work is done in trunk, which is regarded as unstable, we
> > should take more care to commit consistent and working code instead of
> > using trunk as a playground and dumping place for unfinished work.
> >
> > I'm in favor to better not commit and wait until everything works as
> > expected instead of beginning work, committing and then leave it as is
> > because there is "no time to look at it right now". We can always use
> > branches for this kind of work.
> >
> > My apologies if I got this wrong but I feel uneasy with this approach.
> >
> > Best regards,
> >
> > Michael
> >
> >
> > Am 13.03.17 um 16:55 schrieb Taher Alkhateeb:
> >
> > I faced this issue again while trying some tests today, and I read your
> >> comments which refer to this as "not a bug".
> >>
> >> So my question is: if we should not use 8080 as the port, why is it
> >> enabled
> >> in the first place in OFBiz? why not disable it completely instead of
> >> confusing people.
> >>
> >> On Fri, Mar 3, 2017 at 10:49 PM, Taher Alkhateeb <
> >> [hidden email]
> >>
> >>> wrote:
> >>> Okay so it seems this issue was introduced by your work based on what I
> >>> read in jira. I don't think you should apply code changes that cause
> >>> regressions like this one.
> >>>
> >>> On Mar 3, 2017 4:40 PM, "Jacques Le Roux" <
> [hidden email]>
> >>> wrote:
> >>>
> >>> Le 02/03/2017 à 17:12, Jacques Le Roux a écrit :
> >>>>
> >>>> Le 02/03/2017 à 15:52, Taher Alkhateeb a écrit :
> >>>>>
> >>>>> I'm not sure who committed what, but now the automatic redirection
> from
> >>>>>> 8080 to 8443 ssl is broken. Jacques is this related to your work on
> >>>>>> port
> >>>>>> offset stuff?
> >>>>>>
> >>>>>> This is only with localhost, right?
> >>>>>>
> >>>>> If it's the case, I guess it's related to OFBIZ-9206 but I have no
> time
> >>>>> to look at it right now
> >>>>>
> >>>>> Jacques
> >>>>>
> >>>>>
> >>>>> See my comments at OFBIZ-9242
> >>>>>
> >>>> Jacques
> >>>>
> >>>>
> >>>>
> >
> >
>
>
> --
> Coherent Software Australia Pty Ltd
> PO Box 2773
> Cheltenham Vic 3192
> Australia
>
> Phone: +61 3 9585 6788
> Web: http://www.coherentsoftware.com.au/
> Email: [hidden email]
>
Reply | Threaded
Open this post in threaded view
|

Re: port mapping 8080 to 8443 is broken

Jacques Le Roux
Administrator
In reply to this post by taher
Mmm, we should remove it completely from url.properties, ie

-# HTTP Port (Not Secure port)
-port.http=8080
-force.http.host=

Is that what you mean?

With maybe some documentation? Anyway now OFBiz is only supporting secured connections, like eg Google.

Else feel free to improve how it's done at the moment.

Jacques


Le 13/03/2017 à 16:55, Taher Alkhateeb a écrit :

> I faced this issue again while trying some tests today, and I read your
> comments which refer to this as "not a bug".
>
> So my question is: if we should not use 8080 as the port, why is it enabled
> in the first place in OFBiz? why not disable it completely instead of
> confusing people.
>
> On Fri, Mar 3, 2017 at 10:49 PM, Taher Alkhateeb <[hidden email]
>> wrote:
>> Okay so it seems this issue was introduced by your work based on what I
>> read in jira. I don't think you should apply code changes that cause
>> regressions like this one.
>>
>> On Mar 3, 2017 4:40 PM, "Jacques Le Roux" <[hidden email]>
>> wrote:
>>
>>> Le 02/03/2017 à 17:12, Jacques Le Roux a écrit :
>>>
>>>> Le 02/03/2017 à 15:52, Taher Alkhateeb a écrit :
>>>>
>>>>> I'm not sure who committed what, but now the automatic redirection from
>>>>> 8080 to 8443 ssl is broken. Jacques is this related to your work on port
>>>>> offset stuff?
>>>>>
>>>>> This is only with localhost, right?
>>>> If it's the case, I guess it's related to OFBIZ-9206 but I have no time
>>>> to look at it right now
>>>>
>>>> Jacques
>>>>
>>>>
>>>> See my comments at OFBIZ-9242
>>> Jacques
>>>
>>>