View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0004568 | Taler | obsolete component | public | 2016-06-07 19:31 | 2016-11-20 03:26 |
| Reporter | Florian Dold | Assigned To | Marcello Stanisci | ||
| Priority | low | Severity | feature | Reproducibility | have not tried |
| Status | closed | Resolution | fixed | ||
| Product Version | 0.0 | ||||
| Target Version | 0.2 | Fixed in Version | 0.2 | ||
| Summary | 0004568: listen on different socket for administrative interface | ||||
| Description | Otherwise it's easy to accidentally expose the administrative interface. This is bad since the administrative APIs, by design, don't use authentication. For the administrative interface, HTTP over unix domain socket seems especially handy. | ||||
| Tags | No tags attached. | ||||
| related to | 0004561 | closed | Marcello Stanisci | Taler Bank unauthenticated interface /admin/add/incoming |
|
|
15:13 < marcello> hello. Is it possible to bind a view to a port other than the default one? 15:14 < marcello> for example, I want a view, say /myapp/alternate/ being bound to port 8080, and all the other views to the default 8000 (in the same application of course) 15:14 < marcello> thanks 15:15 < FunkyBob> run separate app instances |
|
|
15:36 < marcello> FunkyBob: how can I prevent one instance from serving a certain view? For example, I don't want the instance running on port 8000 serving the view /myapp/alternate 15:37 <+apollo13> marcello: different ROOT_URLCONF in both cases |
|
|
could also help: https://docs.djangoproject.com/en/1.9/topics/http/urls/ |
|
|
HTTP serving fixed. Need fix on unix domain's serving. Check branch admin_socket |
|
|
When serving HTTP, it's easy to check on which port the request was made and accordingly block or allow a certain view from being executed. When serving via unix domain socket, it seems it's not possible to see which file the request is coming from. That may mean that a second instance of the bank (the "admin" instance) is required to be run.. |
|
|
'emperor mode' can help http://daeyunshin.com/2013/01/06/nginx-uwsgi-django-flask-deployment.html Note: splitting the bank in two apps gives the problem of sharing settings.py. How can the 'normal' and 'admin' apps share the same settings.py? They need that because they have to agree on almost everything, like the DB name, for example |
|
|
Implemented in e1309f7. That changed a bit the way we configure the bank: The GNUnet-style config file only contains - database name - serving protocol Whereas the directories: - $(pkgdatadir)/vassals-http - $(pkgdatadir)/vassals-unix contain .ini(s) that instructs the bank about the two "instances" to spawn, namely the admin and normal one. Also the location of unix domain sockets changed: they lie in /tmp now, as their location is indicated in the .ini(s), so we don't put tripwire's specific things in the bank's repo. Used tecnique: talerbank/settings.py comes now with a empty ROOT_URLCONF We deploy two .wsgi(s): - bank.wsgi - bank-admin.wsgi and, for each vassals-*/, two .ini(s) - bank.ini - bank-admin.ini Each .ini instructs uwsgi to make the same-named .wsgi listen to a certain TCP port (or a certain unix domain socket, depending on whether the .ini lies in vassals-http/ or vassals-unix). Upon invocation, each .wsgi sets its own ROOT_URLCONF. In particular, bank.wsgi sets ROOT_URLCONF to 'talerbank.app.urls' (which now does NOT contain /admin/add/incoming anymore), and bank-admin.wsgi sets it to 'talerbank.app.urlsadmin' that contains only /admin/add/incoming. |
|
|
PS. deployment (nginx and taler.conf configs) also updated to match this. Ah, there is also no documentation around on how to run/configure the bank .... |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2016-06-07 19:31 | Florian Dold | New Issue | |
| 2016-06-07 19:31 | Florian Dold | Status | new => assigned |
| 2016-06-07 19:31 | Florian Dold | Assigned To | => Marcello Stanisci |
| 2016-06-07 19:31 | Florian Dold | Relationship added | related to 0004561 |
| 2016-06-11 21:36 | Christian Grothoff | Product Version | => 0.0 |
| 2016-06-11 21:36 | Christian Grothoff | Target Version | => 0.2 |
| 2016-07-23 15:34 | Marcello Stanisci | Note Added: 0010992 | |
| 2016-07-23 15:38 | Marcello Stanisci | Note Added: 0010993 | |
| 2016-07-23 15:42 | Marcello Stanisci | Note Added: 0010994 | |
| 2016-08-15 13:52 | Marcello Stanisci | Note Added: 0011029 | |
| 2016-08-18 13:01 | Marcello Stanisci | Note Added: 0011042 | |
| 2016-08-19 14:42 | Marcello Stanisci | Note Added: 0011043 | |
| 2016-09-02 15:17 | Marcello Stanisci | Note Edited: 0011043 | |
| 2016-10-31 15:52 | Marcello Stanisci | Note Added: 0011397 | |
| 2016-10-31 15:56 | Marcello Stanisci | Note Added: 0011398 | |
| 2016-10-31 15:56 | Marcello Stanisci | Status | assigned => resolved |
| 2016-10-31 15:56 | Marcello Stanisci | Resolution | open => fixed |
| 2016-10-31 16:00 | Marcello Stanisci | Note Edited: 0011398 | |
| 2016-11-15 16:03 | Christian Grothoff | Fixed in Version | => 0.2 |
| 2016-11-20 03:26 | Christian Grothoff | Status | resolved => closed |
| 2022-08-23 20:26 | Christian Grothoff | Category | bank (demonstrator) => py bank (demonstrator, obsolete) |
| 2023-12-03 01:23 | Christian Grothoff | Category | py bank (demonstrator, obsolete) => obsolete componet |
| 2023-12-11 20:08 | Florian Dold | Category | obsolete componet => obsolete component |
