[GeoNode-users] Error saving style back to server

Daniel Victoria daniel.victoria at gmail.com
Wed Jun 29 07:20:19 PDT 2016 

Ok, problem was fixed here. Here is what we did:

1) The wrong certificate that Francesco mentioned is because we use a
reverse-proxy. Issuing the command
openssl s_client *-servername www.paisagenslidar.cnptia.embrapa.br
<http://www.paisagenslidar.cnptia.embrapa.br> *-connect
www.paisagenslidar.cnptia.embrapa.br:443

retrieves the correct certificate.

2) The problem here is that I did not set the correct ProxyBaseURL in
/usr/share/geoserver/data/global.xml.
Setting it to the real server name (and http connection), fixed the problem.
And as a heads up, the Geonode SSL document mentions that this file is in
/var/lib/geoserver/geonode-data/global.xml

Cheers and thanks for all the help
Daniel

On Wed, Jun 29, 2016 at 7:25 AM, Amedeo Fadini <fame at libero.it> wrote:

> Hi everybody,
>
> 2016-06-28 21:05 GMT+02:00 Daniel Victoria <daniel.victoria at gmail.com>:
> > Thanks Francesco!
> >
> > I ran the command here and I'm also seeing a different subject. I don't
> > understand much about SSL and certificates, but I'll forward this to the
> > people that maintains the network here.
>
>
> I've just finished to setup my installation (ubuntu server via
> apt-get) for working with ssl...
>
> I've found this difference with the guide:
>
>
>
> http://docs.geonode.org/en/master/tutorials/advanced/geonode_production/ssl.html
>
> Tomcat configuration
>
> found file in
> /etc/tomcat7/server.xml
>
> instead of
> /var/lib/tomcat6/conf/server.xml
>
>
> GeoServer Configuration
>
> found in
> /usr/share/geoserver/WEB-INF/web.xml
>
> instead of
>
> /var/lib/tomcat6/webapps/geoserver/WEB-INF/web.xml
>
>
> also the file
> /var/lib/geoserver/geonode-data/global.xml
>
> doesn't exist and seems not necessary
>
> Also my server works without the step
> "Next add the certificate to the cacerts file for python and java:"
>
> Am I right?
> Should I update the guide and make a merge request?
> ('d like to change also that static ip 192.168.10.10 mentioned in the
> snippets)
>
> amefad
>
>
>
>
>
> > Thanks
> > Daniel
> >
> > On Tue, Jun 28, 2016 at 3:58 PM, Francesco Bartoli <xbartolone at gmail.com
> >
> > wrote:
> >>
> >> Are you sure?
> >>
> >> If I run the check below I’m facing with a different CN in the subject
> >> although the verification is ok:
> >>
> >> openssl s_client -showcerts -connect
> >> www.paisagenslidar.cnptia.embrapa.br:443
> >>
> >> Il giorno 28/giu/2016, alle ore 19:38, Daniel Victoria
> >> <daniel.victoria at gmail.com> ha scritto:
> >>
> >> Francesco,
> >>
> >> I believe the site certificate is OK. At least the only security
> complain
> >> I get when I load the site is that some images were loaded through an
> >> insecure connection. The public address of the site is
> >> www.paisagenslidar.cnptia.embrapa.br
> >>
> >> baseurl is set to https://www.paisagenslidar.cnptia.embrapa.br/
> >>
> >> One thing I noticed is that I'm getting the same error when I try to
> >> upload a layer. Geonode will show me the error in the layer upload
> page. But
> >> the layer gets registered in GeoServer...
> >>
> >> <Capturar.PNG>
> >>
> >> On Tue, Jun 28, 2016 at 2:22 PM, Francesco Bartoli <
> xbartolone at gmail.com>
> >> wrote:
> >>>
> >>> Daniel,
> >>>
> >>> I took a look at you apache log file and the message is an hostname
> >>> mismatching so I presume that’s something wrong in the subject of the
> >>> certificate. Are you sure that your servername is the hostname used
> for the
> >>> subject? And what did you set as baseurl?
> >>>
> >>> F.
> >>>
> >>> Il giorno 28/giu/2016, alle ore 18:33, Daniel Victoria
> >>> <daniel.victoria at gmail.com> ha scritto:
> >>>
> >>> Hi Francesco,
> >>>
> >>> Thanks for the help. Just to clarify, what should I place in
> >>> /usr/share/geoserver/data/security/auth/geonodeAuthProvider/config.xml?
> >>> <BaseUrl> was set to http://localhost/. I changed to my site URL,
> >>> restarted tomcat7 & apache, but it did not change anything.
> >>>
> >>> Cheers
> >>> Daniel
> >>>
> >>> On Tue, Jun 28, 2016 at 1:00 PM, Francesco Bartoli <
> xbartolone at gmail.com>
> >>> wrote:
> >>>>
> >>>> Hi Daniel,
> >>>>
> >>>> the SSL configuration is due just on the geonode virtual host of
> Apache
> >>>> web server where GeoServer is proxy passed. So nothing special than a
> >>>> standard SSL apache configuration. Actually GeoServer with the
> release 2.4
> >>>> is deployed under Tomcat 7 so you should have a look there.
> >>>>
> >>>> For instance to configure the geonode base url you can edit this file
> in
> >>>> ubuntu:
> >>>> /usr/share/geoserver/data/security/auth/geonodeAuthProvider/config.xml
> >>>>
> >>>> Francesco
> >>>>
> >>>> Il giorno 28/giu/2016, alle ore 17:20, Daniel Victoria
> >>>> <daniel.victoria at gmail.com> ha scritto:
> >>>>
> >>>> So, we've not been able to sort out this problem with a certificate
> that
> >>>> is not matching our site. And since the guys that keep the network
> running
> >>>> here do not know much about geonode/geoserver, we are a bit lost. Are
> there
> >>>> any special configurations needed in order for GeoNode to play nice
> with SSL
> >>>> certificates?
> >>>> We found this doc online
> >>>>
> >>>>
> >>>>
> http://docs.geonode.org/en/master/tutorials/advanced/geonode_production/ssl.html
> >>>>
> >>>> But it mentions Tomcat6 and some directories that are not present in
> my
> >>>> GeoNode install, like
> /var/lib/tomcat6/webapps/geoserver/WEB-INF/web.xml
> >>>>
> >>>> I'm running geonode 2.4 in Ubuntu 14.04, installed using the apt-get
> >>>> command.
> >>>> My site uses a SSL certificate from Let's Encrypt
> >>>>
> >>>> Thanks
> >>>> Daniel
> >>>>
> >>>> On Wed, Jun 22, 2016 at 8:54 AM, Daniel Victoria
> >>>> <daniel.victoria at gmail.com> wrote:
> >>>>>
> >>>>> Just an update. I checked the same thing on an internal test server
> >>>>> that I have (that I believe does not uses https) and I don't get the
> server
> >>>>> error. So it's probably the hostname mismatch thing that is
> preventing me to
> >>>>> change the layer style. Will talk to the network guys and hope they
> know how
> >>>>> to fix it.
> >>>>>
> >>>>> cheers
> >>>>> Daniel
> >>>>>
> >>>>> On Wed, Jun 22, 2016 at 8:34 AM, Daniel Victoria
> >>>>> <daniel.victoria at gmail.com> wrote:
> >>>>>>
> >>>>>> Hi Simone,
> >>>>>>
> >>>>>> Thanks for the tip. Looking at the apache2.log it appears that it's
> >>>>>> some problem with a cerificateHostnameMismatch. Am I reading the log
> >>>>>> correct? I'll talk to the people that maintains out network and see
> about
> >>>>>> this certificate.
> >>>>>>
> >>>>>> On the same topic, in local_setting.py what should I put in SITEURL.
> >>>>>> The actual name of my virtual machine (some funny thing like
> dmzv014)? Or
> >>>>>> the name it's known in the internet (
> https://www.some.pretty.name.here)
> >>>>>>
> >>>>>> Thanks
> >>>>>> Daniel
> >>>>>>
> >>>>>>
> >>>>>> On Wed, Jun 22, 2016 at 6:41 AM, Simone Dalmasso
> >>>>>> <simone.dalmasso at gmail.com> wrote:
> >>>>>>>
> >>>>>>> Hi, take a look at the apache logs when the 500 error code appears,
> >>>>>>> they should tell you more.
> >>>>>>>
> >>>>>>> 2016-06-21 20:12 GMT+02:00 Daniel Victoria
> >>>>>>> <daniel.victoria at gmail.com>:
> >>>>>>>>
> >>>>>>>> Hi list,
> >>>>>>>>
> >>>>>>>> I have a GeoNode instance running on Ubuntu, installed via
> >>>>>>>> apt-get.Everything appears to be working fine however, when I try
> to change
> >>>>>>>> a layer style, I get the error: "There was an error saving the
> style back to
> >>>>>>>> the server."
> >>>>>>>>
> >>>>>>>> Looking at the development console, I see that when I try to alter
> >>>>>>>> the layer style there are 2 PUT calls to the server. The first
> one fails
> >>>>>>>> with error 500 Internal server error. This is the call that's
> sending the
> >>>>>>>> SLD to the server. The second one returns 200 OK and it's sending
> the a JSON
> >>>>>>>>
> {"layer":{"defaultStyle":{"name":"estados"},"styles":{},"enabled":true}}
> >>>>>>>>
> >>>>>>>> I'm trying to debug this error but can't find what is going on.
> I'm
> >>>>>>>> running behind a proxy server. Could this be a security setting?
> Is it
> >>>>>>>> normal that one PUT call fails and the other works?
> >>>>>>>>
> >>>>>>>> Thanks
> >>>>>>>> Daniel
> >>>>>>>>
> >>>>>>>> _______________________________________________
> >>>>>>>> geonode-users mailing list
> >>>>>>>> geonode-users at lists.osgeo.org
> >>>>>>>> http://lists.osgeo.org/mailman/listinfo/geonode-users
> >>>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>> --
> >>>>>>> Simone
> >>>>>>
> >>>>>>
> >>>>>
> >>>>
> >>>> _______________________________________________
> >>>> geonode-users mailing list
> >>>> geonode-users at lists.osgeo.org
> >>>> http://lists.osgeo.org/mailman/listinfo/geonode-users
> >>>>
> >>>>
> >>>
> >>>
> >>
> >>
> >
> >
> > _______________________________________________
> > geonode-users mailing list
> > geonode-users at lists.osgeo.org
> > http://lists.osgeo.org/mailman/listinfo/geonode-users
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/geonode-users/attachments/20160629/e962cdbf/attachment.html>

More information about the geonode-users mailing list