Hello,
I'd like to preface my question with the fact that I do realize that the problem probably has to do with my local setup (including some implicitly implied step for securing SSL access attempts to localhost
via a self-signed certificate or something along similar lines) rather than something intrinsically wrong with the repository.
Problem:
- I am able to access the HTTP portions of any Cosmology@Home content, served via a locally running server, but none of the HTTPS counterparts.
Steps to reproduce:
$ git checkout --recursive https://github.com/marius311/cosmohome.git
$ cd cosmohome
$ make up # also attempted anew with `docker-compose up --build`
I've added localhost www.cosmologyathome.org
to my /etc/hosts
file.
Then, accessing http://www.cosmologyathome.org and http://localhost does work, while accessing https://www.cosmologyathome.org and https://localhost doesn't.
Additionally, I'm unable to add the project via BOINC Manager either:
15-Apr-2020 19:10:56 [---] [http] [ID#3] Info: Trying 127.0.0.1...
15-Apr-2020 19:10:56 [---] [http] [ID#3] Info: Connected to www.cosmologyathome.org (127.0.0.1) port 443 (#17)
15-Apr-2020 19:10:56 [---] [http] [ID#3] Info: ALPN, offering http/1.1
15-Apr-2020 19:10:56 [---] [http] [ID#3] Info: Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
15-Apr-2020 19:10:56 [---] [http] [ID#3] Info: successfully set certificate verify locations:
15-Apr-2020 19:10:56 [---] [http] [ID#3] Info: CAfile: /etc/ssl/certs/ca-certificates.crt
15-Apr-2020 19:10:56 [---] [http] [ID#3] Info: CApath: /etc/ssl/certs
15-Apr-2020 19:10:56 [---] [http] [ID#3] Info: TLSv1.2 (OUT), TLS header, Certificate Status (22):
15-Apr-2020 19:10:56 [---] [http] [ID#3] Info: TLSv1.2 (OUT), TLS handshake, Client hello (1):
15-Apr-2020 19:10:56 [---] [http] [ID#3] Info: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
15-Apr-2020 19:10:56 [---] [http] [ID#3] Info: Closing connection 17
15-Apr-2020 19:10:56 [---] [http] HTTP error: SSL connect error
15-Apr-2020 19:10:57 [---] Project communication failed: attempting access to reference site
15-Apr-2020 19:10:57 [---] [http] HTTP_OP::init_get(): https://www.google.com/
15-Apr-2020 19:10:57 [---] [http] [ID#0] Info: Found bundle for host www.google.com: 0x5633d28f1010 [can pipeline]
15-Apr-2020 19:10:57 [---] [http] [ID#0] Info: Re-using existing connection! (#2) with host www.google.com
15-Apr-2020 19:10:57 [---] [http] [ID#0] Info: Connected to www.google.com (216.58.204.228) port 443 (#2)
I've also attempted introducing self-signed certificates via following the intrructons from the following articles:
I've tried to do this both locally and from inside the running Apache container (the spun up ran via docker-compose up
), followed by restarting of the Apache service in the latter case, but neither approach has worked.
Could you, please, provide some directions for attempting to fix this?
Thanks very much for your time!
Update: Wanted to add, for completeness, that I was able to get boinc-server-docker
running successfully, without experiencing the same HTTPS issues.
I think that there's some difference in how the projects are configured (haven't been able to disable HTTPS, and access the login pages etc, for the sake of experimentation, yet though; I can see that the project config xml - as accessed via get_project_config.php
- of Cosmology@Home does have a <web_rpc_url_base>https://www.cosmologyathome.org/</web_rpc_url_base>
line, whereas the boinc-server-docker
project differs in this regard), but I'm not sure, whether removing HTTPS support would be a good idea, instead of enabling it to work properly.
Update 2: I've commented out the define("SECURE_URL_BASE",str_replace("http","https",$master_url))
line from html/project/project.inc
and currently testing to see if this change has had any effect.
However, I do believe that such kind of a workaround would only be acceptable for a dev environment, and I would appreciate if you could, please, direct me towards a proper solution which has SSL enabled and honored properly.
Update 3: The change has effectively worked as expected.
Now trying to figure out how to implement the proper solution with SSL support.