[GeoNode-users] Error saving style back to server

Francesco Bartoli xbartolone at gmail.com
Wed Jun 29 12:18:41 PDT 2016 

Daniel,

good to know you finally solved and surely this part is mostly outdated.

Thanks Amedeo, can you file an issue and then send a PR for that?

Francesco
 
Il giorno 29/giu/2016, alle ore 16:20, Daniel Victoria <daniel.victoria at gmail.com> ha scritto:

> Ok, problem was fixed here. Here is what we did:
> 
> 1) The wrong certificate that Francesco mentioned is because we use a reverse-proxy. Issuing the command
> openssl s_client -servername www.paisagenslidar.cnptia.embrapa.br -connect www.paisagenslidar.cnptia.embrapa.br:443 
> 
> retrieves the correct certificate.
> 
> 2) The problem here is that I did not set the correct ProxyBaseURL in /usr/share/geoserver/data/global.xml.
> Setting it to the real server name (and http connection), fixed the problem. And as a heads up, the Geonode SSL document mentions that this file is in /var/lib/geoserver/geonode-data/global.xml
> 
> Cheers and thanks for all the help
> Daniel
> 
> On Wed, Jun 29, 2016 at 7:25 AM, Amedeo Fadini <fame at libero.it> wrote:
> Hi everybody,
> 
> 2016-06-28 21:05 GMT+02:00 Daniel Victoria <daniel.victoria at gmail.com>:
> > Thanks Francesco!
> >
> > I ran the command here and I'm also seeing a different subject. I don't
> > understand much about SSL and certificates, but I'll forward this to the
> > people that maintains the network here.
> 
> 
> I've just finished to setup my installation (ubuntu server via
> apt-get) for working with ssl...
> 
> I've found this difference with the guide:
> 
> 
> http://docs.geonode.org/en/master/tutorials/advanced/geonode_production/ssl.html
> 
> Tomcat configuration
> 
> found file in
> /etc/tomcat7/server.xml
> 
> instead of
> /var/lib/tomcat6/conf/server.xml
> 
> 
> GeoServer Configuration
> 
> found in
> /usr/share/geoserver/WEB-INF/web.xml
> 
> instead of
> 
> /var/lib/tomcat6/webapps/geoserver/WEB-INF/web.xml
> 
> 
> also the file
> /var/lib/geoserver/geonode-data/global.xml
> 
> doesn't exist and seems not necessary
> 
> Also my server works without the step
> "Next add the certificate to the cacerts file for python and java:"
> 
> Am I right?
> Should I update the guide and make a merge request?
> ('d like to change also that static ip 192.168.10.10 mentioned in the snippets)
> 
> amefad
> 
> 
> 
> 
> 
> > Thanks
> > Daniel
> >
> > On Tue, Jun 28, 2016 at 3:58 PM, Francesco Bartoli <xbartolone at gmail.com>
> > wrote:
> >>
> >> Are you sure?
> >>
> >> If I run the check below I’m facing with a different CN in the subject
> >> although the verification is ok:
> >>
> >> openssl s_client -showcerts -connect
> >> www.paisagenslidar.cnptia.embrapa.br:443
> >>
> >> Il giorno 28/giu/2016, alle ore 19:38, Daniel Victoria
> >> <daniel.victoria at gmail.com> ha scritto:
> >>
> >> Francesco,
> >>
> >> I believe the site certificate is OK. At least the only security complain
> >> I get when I load the site is that some images were loaded through an
> >> insecure connection. The public address of the site is
> >> www.paisagenslidar.cnptia.embrapa.br
> >>
> >> baseurl is set to https://www.paisagenslidar.cnptia.embrapa.br/
> >>
> >> One thing I noticed is that I'm getting the same error when I try to
> >> upload a layer. Geonode will show me the error in the layer upload page. But
> >> the layer gets registered in GeoServer...
> >>
> >> <Capturar.PNG>
> >>
> >> On Tue, Jun 28, 2016 at 2:22 PM, Francesco Bartoli <xbartolone at gmail.com>
> >> wrote:
> >>>
> >>> Daniel,
> >>>
> >>> I took a look at you apache log file and the message is an hostname
> >>> mismatching so I presume that’s something wrong in the subject of the
> >>> certificate. Are you sure that your servername is the hostname used for the
> >>> subject? And what did you set as baseurl?
> >>>
> >>> F.
> >>>
> >>> Il giorno 28/giu/2016, alle ore 18:33, Daniel Victoria
> >>> <daniel.victoria at gmail.com> ha scritto:
> >>>
> >>> Hi Francesco,
> >>>
> >>> Thanks for the help. Just to clarify, what should I place in
> >>> /usr/share/geoserver/data/security/auth/geonodeAuthProvider/config.xml?
> >>> <BaseUrl> was set to http://localhost/. I changed to my site URL,
> >>> restarted tomcat7 & apache, but it did not change anything.
> >>>
> >>> Cheers
> >>> Daniel
> >>>
> >>> On Tue, Jun 28, 2016 at 1:00 PM, Francesco Bartoli <xbartolone at gmail.com>
> >>> wrote:
> >>>>
> >>>> Hi Daniel,
> >>>>
> >>>> the SSL configuration is due just on the geonode virtual host of Apache
> >>>> web server where GeoServer is proxy passed. So nothing special than a
> >>>> standard SSL apache configuration. Actually GeoServer with the release 2.4
> >>>> is deployed under Tomcat 7 so you should have a look there.
> >>>>
> >>>> For instance to configure the geonode base url you can edit this file in
> >>>> ubuntu:
> >>>> /usr/share/geoserver/data/security/auth/geonodeAuthProvider/config.xml
> >>>>
> >>>> Francesco
> >>>>
> >>>> Il giorno 28/giu/2016, alle ore 17:20, Daniel Victoria
> >>>> <daniel.victoria at gmail.com> ha scritto:
> >>>>
> >>>> So, we've not been able to sort out this problem with a certificate that
> >>>> is not matching our site. And since the guys that keep the network running
> >>>> here do not know much about geonode/geoserver, we are a bit lost. Are there
> >>>> any special configurations needed in order for GeoNode to play nice with SSL
> >>>> certificates?
> >>>> We found this doc online
> >>>>
> >>>>
> >>>> http://docs.geonode.org/en/master/tutorials/advanced/geonode_production/ssl.html
> >>>>
> >>>> But it mentions Tomcat6 and some directories that are not present in my
> >>>> GeoNode install, like /var/lib/tomcat6/webapps/geoserver/WEB-INF/web.xml
> >>>>
> >>>> I'm running geonode 2.4 in Ubuntu 14.04, installed using the apt-get
> >>>> command.
> >>>> My site uses a SSL certificate from Let's Encrypt
> >>>>
> >>>> Thanks
> >>>> Daniel
> >>>>
> >>>> On Wed, Jun 22, 2016 at 8:54 AM, Daniel Victoria
> >>>> <daniel.victoria at gmail.com> wrote:
> >>>>>
> >>>>> Just an update. I checked the same thing on an internal test server
> >>>>> that I have (that I believe does not uses https) and I don't get the server
> >>>>> error. So it's probably the hostname mismatch thing that is preventing me to
> >>>>> change the layer style. Will talk to the network guys and hope they know how
> >>>>> to fix it.
> >>>>>
> >>>>> cheers
> >>>>> Daniel
> >>>>>
> >>>>> On Wed, Jun 22, 2016 at 8:34 AM, Daniel Victoria
> >>>>> <daniel.victoria at gmail.com> wrote:
> >>>>>>
> >>>>>> Hi Simone,
> >>>>>>
> >>>>>> Thanks for the tip. Looking at the apache2.log it appears that it's
> >>>>>> some problem with a cerificateHostnameMismatch. Am I reading the log
> >>>>>> correct? I'll talk to the people that maintains out network and see about
> >>>>>> this certificate.
> >>>>>>
> >>>>>> On the same topic, in local_setting.py what should I put in SITEURL.
> >>>>>> The actual name of my virtual machine (some funny thing like dmzv014)? Or
> >>>>>> the name it's known in the internet (https://www.some.pretty.name.here)
> >>>>>>
> >>>>>> Thanks
> >>>>>> Daniel
> >>>>>>
> >>>>>>
> >>>>>> On Wed, Jun 22, 2016 at 6:41 AM, Simone Dalmasso
> >>>>>> <simone.dalmasso at gmail.com> wrote:
> >>>>>>>
> >>>>>>> Hi, take a look at the apache logs when the 500 error code appears,
> >>>>>>> they should tell you more.
> >>>>>>>
> >>>>>>> 2016-06-21 20:12 GMT+02:00 Daniel Victoria
> >>>>>>> <daniel.victoria at gmail.com>:
> >>>>>>>>
> >>>>>>>> Hi list,
> >>>>>>>>
> >>>>>>>> I have a GeoNode instance running on Ubuntu, installed via
> >>>>>>>> apt-get.Everything appears to be working fine however, when I try to change
> >>>>>>>> a layer style, I get the error: "There was an error saving the style back to
> >>>>>>>> the server."
> >>>>>>>>
> >>>>>>>> Looking at the development console, I see that when I try to alter
> >>>>>>>> the layer style there are 2 PUT calls to the server. The first one fails
> >>>>>>>> with error 500 Internal server error. This is the call that's sending the
> >>>>>>>> SLD to the server. The second one returns 200 OK and it's sending the a JSON
> >>>>>>>> {"layer":{"defaultStyle":{"name":"estados"},"styles":{},"enabled":true}}
> >>>>>>>>
> >>>>>>>> I'm trying to debug this error but can't find what is going on. I'm
> >>>>>>>> running behind a proxy server. Could this be a security setting? Is it
> >>>>>>>> normal that one PUT call fails and the other works?
> >>>>>>>>
> >>>>>>>> Thanks
> >>>>>>>> Daniel
> >>>>>>>>
> >>>>>>>> _______________________________________________
> >>>>>>>> geonode-users mailing list
> >>>>>>>> geonode-users at lists.osgeo.org
> >>>>>>>> http://lists.osgeo.org/mailman/listinfo/geonode-users
> >>>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>> --
> >>>>>>> Simone
> >>>>>>
> >>>>>>
> >>>>>
> >>>>
> >>>> _______________________________________________
> >>>> geonode-users mailing list
> >>>> geonode-users at lists.osgeo.org
> >>>> http://lists.osgeo.org/mailman/listinfo/geonode-users
> >>>>
> >>>>
> >>>
> >>>
> >>
> >>
> >
> >
> > _______________________________________________
> > geonode-users mailing list
> > geonode-users at lists.osgeo.org
> > http://lists.osgeo.org/mailman/listinfo/geonode-users
> >
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/geonode-users/attachments/20160629/15bd3029/attachment.html>

More information about the geonode-users mailing list