I’ve installed OOD and set up a basic cluster config with just a login node. I configured OIDC with Dex. I can connect to the dashboard by entering the URL directly:
This redirects me to the dex login page, where I enter my LDAP creds and then I’m in. I can click shell to open a shell login to the login node - this works fine. However, when I go to https://ood.example.org, I’m pointed to the /public/need_auth.html page. The RedirectMatch is present in the site config but it’s just not working. What gives?
Thank you and no worries - appreciate the help here!
Yes, /etc/apache2/sites-enabled/ood-portal.conf (symlink) has
<VirtualHost *:443>
…
Alias “/public” “/var/www/ood/public”
<Directory “/var/www/ood/public”>
Options FollowSymLinks
AllowOverride None
Require all granted
…
RedirectMatch ^/$ “/pun/sys/dashboard”
…
I’m not sure if the redirect being below the /public block matters - I suspect not.
The issue is I don’t even get to a login page, unless I give the direct link to the dashboard. If I do that, I can log in fine. If I just go to https://ood.example.org, I’m given the need_auth.html page. The apache logs show me being given that page. Nothing else. Here’s the only log entry (sanitized).
Thanks for the info. It looks like you are using Debian/Ubuntu, have you set the ServerName as well? That has caused some issues previously with those distributions.
Yes, in that same virtual host config I do have ServerName ood.example.org
Here are the log entries from tail -f syslog apache2/*log ondemand-nginx/error.log & when I restart apache2 and try the website from Chromium with the site data cleared.
root@ood:/var/log# systemctl restart apache2
==> syslog <==
Oct 3 15:12:56 ood systemd[1]: Stopping The Apache HTTP Server...
==> apache2/error.log <==
[Thu Oct 03 15:12:56.127782 2024] [mpm_event:notice] [pid 2238:tid 140108932351872] AH00492: caught SIGWINCH, shutting down gracefully
==> syslog <==
Oct 3 15:12:56 ood systemd[1]: apache2.service: Deactivated successfully.
Oct 3 15:12:56 ood systemd[1]: Stopped The Apache HTTP Server.
Oct 3 15:12:56 ood systemd[1]: Starting The Apache HTTP Server...
Oct 3 15:12:56 ood update_ood_portal[2301]: No change in Apache config.
Oct 3 15:12:56 ood update_ood_portal[2301]: No change in the Dex config.
Oct 3 15:12:56 ood systemd[1]: Started The Apache HTTP Server.
root@ood:/var/log#
==> apache2/error.log <==
[Thu Oct 03 15:12:56.467203 2024] [mpm_event:notice] [pid 2315:tid 139766498011008] AH00489: Apache/2.4.52 (Ubuntu) OpenSSL/3.0.2 configured -- resuming normal operations
[Thu Oct 03 15:12:56.467378 2024] [core:notice] [pid 2315:tid 139766498011008] AH00094: Command line: '/usr/sbin/apache2'
root@ood:/var/log# ### opened browser and entered URL https://ood.example.org/ now
root@ood:/var/log#
==> apache2/ood.example.org_access_ssl.log <==
1.2.3.4 - - [03/Oct/2024:15:13:10 -0400] "GET /favicon.ico HTTP/1.1" 404 1224 "https://ood.example.org/public/need_auth.html" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36"
1.2.3.4 - - [03/Oct/2024:15:13:28 -0400] "-" 408 3745 "-" "-"
==> syslog <==
Oct 3 15:14:06 ood nslcd[729]: [963e5a] <group/member="www-data"> ldap_result() failed: Can't contact LDAP server
Oct 3 15:14:06 ood nslcd[729]: [963e5a] <group/member="www-data"> ldap_abandon() failed to abandon search: Can't contact LDAP server
And then when I browse to /pun/sys/dashboard directly (it redirects me to login, which works and lets me see the dashboard)
I suspect it’s trying to look up the apache2 user in ldap and, of course, www-data doesn’t exist, so it fails. It doesn’t impact anything as far as I can tell, I see this for some other applications as well.
No firewall enabled - ufw inactive, iptables empty, nothing advanced security-wise. It does sit behind a network firewall which is doing a NAT from an external IP to the internal IP, and forwarding only http/https traffic.
Thanks again for all this. I’m unsure what is causing this at this point since no firewalls are active to get in the way and nothing is really catching my attention.
Which version of ubuntu are you using and which version of ood? I want to try and recreate this since you’re using dex, which makes it a bit easier to spin up.
dpkg -l | grep -i ondem
ii ondemand 3.1.7 amd64 Open OnDemand is an open source release of the Ohio SuperComputer Center's
ii ondemand-dex 2.36.0 amd64 OnDemand Dex
ii ondemand-nginx 1.24.0.p6.0.20.ood3.1 amd64 A high performance web server and reverse proxy server
ii ondemand-passenger 6.0.20.ood3.1 amd64 Phusion Passenger application server for OnDemand
ii ondemand-release-web 3.1.1-jammy all OnDemand repo release files for 2.1 web repo
Hello, it seems my browser is remembering the redirect and forcing me there. When I got a colleague to open it, it works for him, and when I used Chromium and I cleared all site data in there, it worked for me. It’s just on Firefox where I have other site data saved I don’t want to clear that it’s forcing my redirect. Do you know how I can resolve this without forcing a clear of all site data? It appears all is basically well with OOD but Firefox is acting up. Thank you again for your help, appreciate it!