[GeoNode-users] Error saving style back to server

Francesco Bartoli xbartolone at gmail.com
Tue Jun 28 11:58:23 PDT 2016


Are you sure?

If I run the check below I’m facing with a different CN in the subject although the verification is ok:

openssl s_client -showcerts -connect www.paisagenslidar.cnptia.embrapa.br:443

Il giorno 28/giu/2016, alle ore 19:38, Daniel Victoria <daniel.victoria at gmail.com> ha scritto:

> Francesco,
> 
> I believe the site certificate is OK. At least the only security complain I get when I load the site is that some images were loaded through an insecure connection. The public address of the site is www.paisagenslidar.cnptia.embrapa.br
> 
> baseurl is set to https://www.paisagenslidar.cnptia.embrapa.br/
> 
> One thing I noticed is that I'm getting the same error when I try to upload a layer. Geonode will show me the error in the layer upload page. But the layer gets registered in GeoServer...
> 
> <Capturar.PNG>
> 
> On Tue, Jun 28, 2016 at 2:22 PM, Francesco Bartoli <xbartolone at gmail.com> wrote:
> Daniel,
> 
> I took a look at you apache log file and the message is an hostname mismatching so I presume that’s something wrong in the subject of the certificate. Are you sure that your servername is the hostname used for the subject? And what did you set as baseurl?
> 
> F.
>  
> Il giorno 28/giu/2016, alle ore 18:33, Daniel Victoria <daniel.victoria at gmail.com> ha scritto:
> 
>> Hi Francesco,
>> 
>> Thanks for the help. Just to clarify, what should I place in /usr/share/geoserver/data/security/auth/geonodeAuthProvider/config.xml?
>> <BaseUrl> was set to http://localhost/. I changed to my site URL, restarted tomcat7 & apache, but it did not change anything.
>> 
>> Cheers
>> Daniel
>> 
>> On Tue, Jun 28, 2016 at 1:00 PM, Francesco Bartoli <xbartolone at gmail.com> wrote:
>> Hi Daniel,
>> 
>> the SSL configuration is due just on the geonode virtual host of Apache web server where GeoServer is proxy passed. So nothing special than a standard SSL apache configuration. Actually GeoServer with the release 2.4 is deployed under Tomcat 7 so you should have a look there.
>> 
>> For instance to configure the geonode base url you can edit this file in ubuntu:
>> /usr/share/geoserver/data/security/auth/geonodeAuthProvider/config.xml
>> 
>> Francesco
>>   
>> Il giorno 28/giu/2016, alle ore 17:20, Daniel Victoria <daniel.victoria at gmail.com> ha scritto:
>> 
>>> So, we've not been able to sort out this problem with a certificate that is not matching our site. And since the guys that keep the network running here do not know much about geonode/geoserver, we are a bit lost. Are there any special configurations needed in order for GeoNode to play nice with SSL certificates?
>>> We found this doc online
>>> 
>>> http://docs.geonode.org/en/master/tutorials/advanced/geonode_production/ssl.html
>>> 
>>> But it mentions Tomcat6 and some directories that are not present in my GeoNode install, like /var/lib/tomcat6/webapps/geoserver/WEB-INF/web.xml
>>> 
>>> I'm running geonode 2.4 in Ubuntu 14.04, installed using the apt-get command.
>>> My site uses a SSL certificate from Let's Encrypt
>>> 
>>> Thanks
>>> Daniel
>>> 
>>> On Wed, Jun 22, 2016 at 8:54 AM, Daniel Victoria <daniel.victoria at gmail.com> wrote:
>>> Just an update. I checked the same thing on an internal test server that I have (that I believe does not uses https) and I don't get the server error. So it's probably the hostname mismatch thing that is preventing me to change the layer style. Will talk to the network guys and hope they know how to fix it.
>>> 
>>> cheers
>>> Daniel
>>> 
>>> On Wed, Jun 22, 2016 at 8:34 AM, Daniel Victoria <daniel.victoria at gmail.com> wrote:
>>> Hi Simone,
>>> 
>>> Thanks for the tip. Looking at the apache2.log it appears that it's some problem with a cerificateHostnameMismatch. Am I reading the log correct? I'll talk to the people that maintains out network and see about this certificate.
>>> 
>>> On the same topic, in local_setting.py what should I put in SITEURL. The actual name of my virtual machine (some funny thing like dmzv014)? Or the name it's known in the internet (https://www.some.pretty.name.here)
>>> 
>>> Thanks
>>> Daniel
>>> 
>>> 
>>> On Wed, Jun 22, 2016 at 6:41 AM, Simone Dalmasso <simone.dalmasso at gmail.com> wrote:
>>> Hi, take a look at the apache logs when the 500 error code appears, they should tell you more.
>>> 
>>> 2016-06-21 20:12 GMT+02:00 Daniel Victoria <daniel.victoria at gmail.com>:
>>> Hi list,
>>> 
>>> I have a GeoNode instance running on Ubuntu, installed via apt-get.Everything appears to be working fine however, when I try to change a layer style, I get the error: "There was an error saving the style back to the server."
>>> 
>>> Looking at the development console, I see that when I try to alter the layer style there are 2 PUT calls to the server. The first one fails with error 500 Internal server error. This is the call that's sending the SLD to the server. The second one returns 200 OK and it's sending the a JSON {"layer":{"defaultStyle":{"name":"estados"},"styles":{},"enabled":true}}
>>> 
>>> I'm trying to debug this error but can't find what is going on. I'm running behind a proxy server. Could this be a security setting? Is it normal that one PUT call fails and the other works?
>>> 
>>> Thanks
>>> Daniel
>>> 
>>> _______________________________________________
>>> geonode-users mailing list
>>> geonode-users at lists.osgeo.org
>>> http://lists.osgeo.org/mailman/listinfo/geonode-users
>>> 
>>> 
>>> 
>>> 
>>> -- 
>>> Simone 
>>> 
>>> 
>>> 
>>> _______________________________________________
>>> geonode-users mailing list
>>> geonode-users at lists.osgeo.org
>>> http://lists.osgeo.org/mailman/listinfo/geonode-users
>> 
>> 
> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/geonode-users/attachments/20160628/bf8bec09/attachment-0001.html>


More information about the geonode-users mailing list