headers
Alvaro Lopez Ortega | 1 Feb 2012 09:46
Favicon
Gravatar

Re: Drag and drop virtual servers makes host disappear

On Tue, Jan 24, 2012 at 6:40 AM, M. David Peterson <m.david <at> 3rdandurban.com> wrote:

On Mon, Jan 23, 2012 at 3:04 PM, pub crawler <pubcrawler.com <at> gmail.com> wrote:
I support the ideas of both the cancel/undo.

Better still would be using a git-based versioning system that generates a commit with every save, exposing the ability to revert back to a previous revision via a simple drop-down listing the sha1 of each of the previous commits. There are a ton of additional advantages to moving towards a git-based system (ease of deployment of configuration files to other nodes via git push, etc.) but this particular capability would be reason enough.

Alvaro, your thoughts?

It's an interesting idea. It'd vote +1 as long as we managed to implement it as a weak dependency (this is, it'd also work if you did not have git installed).

--
Greetings, alo
http://www.octality.com/
_______________________________________________
Cherokee mailing list
Cherokee <at> lists.octality.com
http://lists.octality.com/listinfo/cherokee
Permalink | Reply | 3 comments |
headers
Jędrzej Nowak | 1 Feb 2012 10:32
Picon
Favicon

Re: Drag and drop virtual servers makes host disappear

On Wed, Feb 1, 2012 at 9:46 AM, Alvaro Lopez Ortega <alvaro <at> octality.com> wrote:
>
> It's an interesting idea. It'd vote +1 as long as we managed to implement it
> as a weak dependency (this is, it'd also work if you did not have git
> installed).

Then I need to change my opinion about that idea. But dependency less
system like that is a good idea I think. Maybe the best will be to
have something like abstract layer on top of it - then when no git /
hg use kind off 'fallback mode' ?

Greetings,
Jedrzej Nowak
Permalink | Reply | 2 comments |
headers
jlan | 1 Feb 2012 13:11
Picon

X-Forwarded-For in amazon loadbalancer

I'm using Cherokee in amazon loadbalancer serving to 3 cherokee instances for now, but there's a problem with ip origin check.

Amazon documentation says that you can't use loadbalancer ip cause it can change over time, while cherokee "Don't check origin" warns about not using a list of ip addresses to limit the possible security hole.

I can't use loadbalancer ip, but i can't leave x-Forwarded-For without any content, is there a huge security issue or i'm being paranoic?

_______________________________________________
Cherokee mailing list
Cherokee <at> lists.octality.com
http://lists.octality.com/listinfo/cherokee
Permalink | Reply | 3 comments |
headers
Alvaro Lopez Ortega | 1 Feb 2012 13:31
Favicon
Gravatar

Re: X-Forwarded-For in amazon loadbalancer

On 02/01/2012 01:11 PM, jlan wrote:
>
> I can't use loadbalancer ip, but i can't leave x-Forwarded-For without 
> any content, is there a huge security issue or i'm being paranoic?

Do not enable X-Forwarded-For without checking the origin. That'd allow 
anyone to send requests to your server faking his IP. The integrity of 
your log files would be jeopardized.
Permalink | Reply | 2 comments |
headers
gliporace | 1 Feb 2012 15:52
Picon

Php install fail on CentOS 5

Hi,
I'm try to deploy a Cherokee installation to replace our current Apache/Zope
driven Intranet.
The web server is installed on a CentOS 5 linux distribution and all PHP 5
package are installed.
When trying to configure a behaviour inside the Cherokee-Admin interface I
get this error inside the Wizard windows:
(-2, 'Name or service not known')

and in this error inside the console:

Traceback (most recent call last):
  File "/usr/share/cherokee/admin/CTK/CTK/XMLRPCProxy.py", line 47, in
__call__
    raw = util.to_utf8 (xmlrpc_func ())
  File "/usr/lib/python2.4/xmlrpclib.py", line 1096, in __call__
    return self.__send(self.__name, args)
  File "/usr/lib/python2.4/xmlrpclib.py", line 1383, in __request
    verbose=self.__verbose
  File "/usr/share/cherokee/admin/XMLServerDigest.py", line 145, in request
    return self._request_internal (host, handler, request_body, verbose)
  File "/usr/share/cherokee/admin/XMLServerDigest.py", line 116, in
_request_internal
    h.endheaders()
  File "/usr/lib/python2.4/httplib.py", line 804, in endheaders
    self._send_output()
  File "/usr/lib/python2.4/httplib.py", line 685, in _send_output
    self.send(msg)
  File "/usr/lib/python2.4/httplib.py", line 652, in send
    self.connect()
  File "/usr/lib/python2.4/httplib.py", line 636, in connect
    raise socket.error, msg
error: (110, 'Connection timed out')

We are connected to the internet behind a proxy server.

--
View this message in context: http://cherokee-web-server-general.1049476.n5.nabble.com/Php-install-fail-on-CentOS-5-tp5447716p5447716.html
Sent from the Cherokee Web Server - General mailing list archive at Nabble.com.
Permalink | Reply | 0 comments |
headers
Alvaro Lopez Ortega | 1 Feb 2012 18:58
Favicon
Gravatar

Re: Drag and drop virtual servers makes host disappear

On 02/01/2012 10:32 AM, Jędrzej Nowak wrote:
> On Wed, Feb 1, 2012 at 9:46 AM, Alvaro Lopez Ortega<alvaro <at> octality.com>  wrote:
>> >
>> >  It's an interesting idea. It'd vote +1 as long as we managed to implement it
>> >  as a weak dependency (this is, it'd also work if you did not have git
>> >  installed).
> Then I need to change my opinion about that idea. But dependency less
> system like that is a good idea I think. Maybe the best will be to
> have something like abstract layer on top of it - then when no git /
> hg use kind off 'fallback mode' ?

It's completely up to us how complex we want it to be. The question, 
though, is whether it'd worth supporting more than a single version 
control system.
_______________________________________________
Cherokee mailing list
Cherokee <at> lists.octality.com
http://lists.octality.com/listinfo/cherokee
Permalink | Reply | 1 comment |
headers
Jędrzej Nowak | 1 Feb 2012 23:18
Picon
Favicon

Re: Drag and drop virtual servers makes host disappear

I think it's important to have "fallback" mode, when there is no gih/hg or whatever.

I now wonder if it's right way to go... to have the cherokee.conf versioned "outside" admin is also easy, so I'm not sure about that integration again.

01-02-2012 18:58 użytkownik "Alvaro Lopez Ortega" <alvaro <at> alobbs.com> napisał:
>
> On 02/01/2012 10:32 AM, Jędrzej Nowak wrote:
>>
>> On Wed, Feb 1, 2012 at 9:46 AM, Alvaro Lopez Ortega<alvaro <at> octality.com>  wrote:
>>>
>>> >
>>> >  It's an interesting idea. It'd vote +1 as long as we managed to implement it
>>> >  as a weak dependency (this is, it'd also work if you did not have git
>>> >  installed).
>>
>> Then I need to change my opinion about that idea. But dependency less
>> system like that is a good idea I think. Maybe the best will be to
>> have something like abstract layer on top of it - then when no git /
>> hg use kind off 'fallback mode' ?
>
>
> It's completely up to us how complex we want it to be. The question, though, is whether it'd worth supporting more than a single version control system.

_______________________________________________
Cherokee mailing list
Cherokee <at> lists.octality.com
http://lists.octality.com/listinfo/cherokee
Permalink | Reply | 0 comments |
headers
Daniel Lo Nigro | 2 Feb 2012 00:04
Favicon

Re: Drag and drop virtual servers makes host disappear

On Wed, Feb 1, 2012 at 7:46 PM, Alvaro Lopez Ortega <alvaro <at> octality.com> wrote:

Better still would be using a git-based versioning system that generates a commit with every save, exposing the ability to revert back to a previous revision via a simple drop-down listing the sha1 of each of the previous commits. There are a ton of additional advantages to moving towards a git-based system (ease of deployment of configuration files to other nodes via git push, etc.) but this particular capability would be reason enough.

Alvaro, your thoughts?

It's an interesting idea. It'd vote +1 as long as we managed to implement it as a weak dependency (this is, it'd also work if you did not have git installed).
  
You could have some sort of plugin system for Cherokee-Admin, along with a "hook"/callback system that lets plugins hook in to certain events. Then you 'd just need to add a "Configuration saved" hook that a Git / Mercurial plugin could listen to. This would keep the config source control stuff outside of the core.


_______________________________________________
Cherokee mailing list
Cherokee <at> lists.octality.com
http://lists.octality.com/listinfo/cherokee
Permalink | Reply | 0 comments |
headers
jlan | 2 Feb 2012 11:12
Picon

Re: X-Forwarded-For in amazon loadbalancer

You are right, it's more a dns thing.

In this configuratión the A and CNAME registers are fixed in the balancer, not the cherokee web servers (3 computers at this momment)
So it's ok.

Thanks for all. 


On Thu, Feb 2, 2012 at 07:09, Daniel Lo Nigro <lists <at> dan.cx> wrote:

On Wed, Feb 1, 2012 at 11:31 PM, Alvaro Lopez Ortega <alvaro <at> alobbs.com> wrote:
On 02/01/2012 01:11 PM, jlan wrote:

I can't use loadbalancer ip, but i can't leave x-Forwarded-For without any content, is there a huge security issue or i'm being paranoic?

Do not enable X-Forwarded-For without checking the origin. That'd allow anyone to send requests to your server faking his IP. The integrity of your log files would be jeopardized.

I think it'd be acceptable if all requests are going via the load balancer. In this case, the last value in X-Forwarded-For will always be from the load balancer, so you could trust it.

_______________________________________________
Cherokee mailing list
Cherokee <at> lists.octality.com
http://lists.octality.com/listinfo/cherokee


_______________________________________________
Cherokee mailing list
Cherokee <at> lists.octality.com
http://lists.octality.com/listinfo/cherokee
Permalink | Reply | 0 comments |

Gmane