[GeoNode-users] Example GeoNode Proxy Set Up With Virtual Machines

Jones, Peter plj2 at wustl.edu
Wed Apr 18 13:51:34 PDT 2018 

Correction tomcat should have the domain name:

##BEGIN  EXCERPT    Virtual Machine #2  /etc/tomcat8/server.xml
proxyName="geonode.foo.bar.com"
##END  EXCERPT    Virtual Machine #2  /etc/tomcat8/server.xml

Peter Jones

Programmer II, Department of Psychiatry
Washington University School of Medicine in St. Louis
660 South Euclid Avenue, Box 8134
St. Louis, MO 63130

e-mail: PLJ2 at WUSTL.EDU | pronouns: he/him/his

________________________________________
De : Jones, Peter
Envoyé : mercredi 18 avril 2018 11:37
À : geonode-users at lists.osgeo.org
Objet : Example GeoNode Proxy Set Up With Virtual Machines

Hello, Thank you for creating GeoNode. We’ve gotten an instance up and running, and I thought I’d send out a very brief summary of our configuration.  We made use of the GeoNode Quickstart and GeoNode SSL tutorials.
Peter

* This configuration is just for testing.  A production configuration would need verified SSL certificates from some trusted organization. *

We have 1 Physical Machine with 2 Virtual Machines.
The Physical Machine controls the firewall and sends traffic to virtual machine 1.
Virtual Machine 1 runs Apache and directs relevant requests to Virtual Machine 2.
Virtual Machine 2 is our new instance of GeoNode with SSL.  We use https in the virtual bridge to avoid interception by other virtual machines.

##############  BEGIN Physical Machine #########################
CentOS
outside ip address 111.112.113.114
qemu libvirt
virtual bridge ip address 192.168.122.1

iptables sends port 80 and 443 to Virtual Machine 1

##BEGIN EXCERPT  Physical Machine /etc/sysconfig/iptables
-A PREROUTING -d 111.112.113.114/32 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.122.123:80
-A PREROUTING -d 111.112.113.114/32 -p tcp -m tcp --dport 443 -j DNAT --to-destination 192.168.122.123:443
-A PREROUTING -d 127.0.0.1/32 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.122.123:80
-A PREROUTING -d 127.0.0.1/32 -p tcp -m tcp --dport 443 -j DNAT --to-destination 192.168.122.123:443
##END EXCERPT  Physical Machine /etc/sysconfig/iptables


#######BEGIN Virtual Machine #1 #####
CentOS
ip address 192.168.122.123
Virtual Machine 1 Controls Apache instance to the outside world.
Routes traffic to Virtual Machine #2

##BEGIN EXCERPT  Virtual Machine #1 /etc/hosts
192.168.122.234 geonode.foo.bar.com
##END EXCERPT    Virtual Machine #1 /etc/hosts

##BEGIN EXCERPT    Virtual Machine #1 /etc/httpd/conf.d/z.geonode.foo.bar.com.conf
<VirtualHost  *:443>
    ServerName geonode.foo.bar.com
    ErrorLog logs/geonode_error_log
    TransferLog logs/geonode_access_log
    LogLevel debug

        SSLEngine on
    SSLProxyEngine on
    SSLProtocol all -SSLv2

    SSLProxyCheckPeerName off
    SSLProxyCheckPeerCN off

       SSLCertificateFile /etc/pki/tls/certs/localhost.crt
       SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

        ProxyPass / https://geonode.foo.bar.com/
    ProxyPassReverse / https://geonode.foo.bar.com/

        ProxyPass / http://geonode.foo.bar.com/
    ProxyPassReverse / https://geonode.foo.bar.com/

        SetEnvIf Request_URI .*admin/.* denyadmin
<Location />
          <Limit GET POST PUT>
        Order deny,allow
        deny from env=denyadmin

Allow from 127.0.0.1
Allow from 128.252.246.0/255.255.255.0

</Limit>
</Location>


        <Directory proxy:>
          Order Deny,Allow
          Allow from all
      </Directory>

</VirtualHost>

<VirtualHost  *:80>
            ServerName geonode.foo.bar.com
    Redirect permanent / https://geonode.foo.bar.com/
</VirtualHost>
##END EXCERPT    Virtual Machine #1 /etc/httpd/conf.d/z.geonode.foo.bar.com.conf


#######END Virtual Machine #1 #####

###### BEGIN Virtual Machine #2 #####
A standard GeoNode installation with Ubuntu LTS
ip address 192.168.122.234

Used GeoNode Quick Installation Instructions here:
http://docs.geonode.org/en/master/tutorials/install_and_admin/quick_install.html
Used GeoNode SSL Instructions Here:
http://docs.geonode.org/en/master/tutorials/advanced/geonode_production/ssl.html

##BEGIN EXCERPT    Virtual Machine #2  /etc/hosts
127.0.0.1  geonode.foo.bar.com localhost
##BEGIN EXCERPT    Virtual Machine #2  /etc/hosts

##BEGIN EXCERPT    Virtual Machine #2  /etc/apache2/sites-available/geonode.conf
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
    Servername localhost
        ServerAlias 127.0.0.1
        ServerAlias 192.168.122.234
        ServerAlias geonode.foo.bar.com

          #STANDARD GEONODE TAGS HERE#

 ProxyPreserveHost On
    ProxyPass /geoserver http://localhost:8080/geoserver
    ProxyPassReverse /geoserver http://localhost:8080/geoserver
    SSLEngine on
    SSLCertificateFile    /etc/ssl/certs/geonode.crt
    SSLCertificateKeyFile /etc/ssl/private/geonode.key
    BrowserMatch "MSIE [2-6]" \
        nokeepalive ssl-unclean-shutdown \
        downgrade-1.0 force-response-1.0
    # MSIE 7 and newer should be able to use keepalive
    BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>
<VirtualHost  *:80>
    Redirect permanent / https://geonode.foo.bar.com/
</VirtualHost>

##END  EXCERPT    Virtual Machine #2  /etc/apache2/sites-available/geonode.conf

##BEGIN  EXCERPT    Virtual Machine #2  /etc/tomcat8/server.xml
proxyName="192.168.122.234"
##END  EXCERPT    Virtual Machine #2  /etc/tomcat8/server.xml

##BEGIN  EXCERPT    Virtual Machine #2   /etc/geonode/local_settings.py
SITEURL = 'https://geonode.foo.bar.com/'
PROXY_ALLOWED_HOSTS = ['127.0.0.1','192.168.122.234','geonode.foo.bar.com','localhost', '::1']
#ALLOWED_HOSTS = [urlparse(SITEURL).hostname] if os.getenv('ALLOWED_HOSTS') is None \
#    else re.split(r' *[,|:|;] *', os.getenv('ALLOWED_HOSTS'))
ALLOWED_HOSTS = ['127.0.0.1','192.168.122.234', 'geonode.foo.bar.com','localhost', '::1']
##END  EXCERPT    Virtual Machine #2   /etc/geonode/local_settings.py

##BEGIN  EXCERPT    Virtual Machine #2   /usr/share/geoserver/WEB-INF/web.xml
   <context-param>
                <param-name>GEONODE_BASE_URL</param-name>
                <param-value>https://localhost/</param-value>
        </context-param>
##END  EXCERPT    Virtual Machine #2   /usr/share/geoserver/WEB-INF/web.xml

##BEGIN  EXCERPT    Virtual Machine #2   /usr/share/geoserver/data/global.xml
<proxyBaseUrl>https://geonode.foo.bar.com/geoserver</proxyBaseUrl>
##END  EXCERPT    Virtual Machine #2   /usr/share/geoserver/data/global.xml


###### END Virtual Machine #2 #####

############## END Physical Machine #########################


Peter Jones

Programmer II, Department of Psychiatry
Washington University School of Medicine in St. Louis
660 South Euclid Avenue, Box 8134
St. Louis, MO 63130

e-mail: PLJ2 at WUSTL.EDU | pronouns: he/him/his


________________________________
The materials in this message are private and may contain Protected Healthcare Information or other information of a sensitive nature. If you are not the intended recipient, be advised that any unauthorized use, disclosure, copying or the taking of any action in reliance on the contents of this information is strictly prohibited. If you have received this email in error, please immediately notify the sender via telephone or return mail.

More information about the geonode-users mailing list