Orbeon Forms community mailing list

Orbeon and firewall proxy

classic Classic list List threaded Threaded
18 messages Options
PeterW
Reply | Threaded
Open this post in threaded view
|

Orbeon and firewall proxy

PeterW
Hello List I am running Orbeon under tomcat in 2 environments: one is connected directly to the internet, the other is connected through a firewall proxy I am trying the example calling a service by submitting a value: http://wiki.orbeon.com/forms/how-to/fb-fr/call-service This works perfectly on the machine without the proxy, but does not work on the machine with the firewall proxy The Tomcat environment is started with appropriate settings for http proxy and no-proxy and other applications make appropriate use of these configuration settings. how should I set up Orbeon and the FormsBuilder/FormsRunner to route calls appropriately either through the proxy or to the local network? Thanks Peter
Alessandro Vernet
Reply | Threaded
Open this post in threaded view
|

Re: Orbeon and firewall proxy

Alessandro Vernet
Administrator
Hi Peter,

You can setup Orbeon Forms to use a proxy by setting a few properties:

http://wiki.orbeon.com/forms/doc/developer-guide/configuration-properties/configuration-properties-base#TOC-Proxy-setup

If you didn't get a "chance" yet to setup properties in Orbeon Forms, you might find the information on this page useful:

http://wiki.orbeon.com/forms/doc/developer-guide/configuration-properties

You'll let us know how this works for you.

Alex
--
Follow Orbeon on Twitter: @orbeon
Follow me on Twitter: @avernet
PeterW
Reply | Threaded
Open this post in threaded view
|

Re: Orbeon and firewall proxy

PeterW
Thanks for the pointers Alex, I will try and report back

The instructions cover the establishment of a proxy.  What are the instructions for setting up the noProxyHost entries (sites for which the calls should not go via the proxy)?

Peter
Alessandro Vernet
Reply | Threaded
Open this post in threaded view
|

Re: Orbeon and firewall proxy

Alessandro Vernet
Administrator
Hi Peter,

I am afraid that at this point there is no property to list hosts to which you want to connect directly, bypassing the proxy, when you have one setup. If you're into writing Java code, this wouldn't be hard to add. This is the part of the code where the "magic" is happening:

https://github.com/orbeon/orbeon-forms/blob/master/src/java/org/orbeon/oxf/resources/handler/HTTPURLConnection.java#L129

Alex
--
Follow Orbeon on Twitter: @orbeon
Follow me on Twitter: @avernet
PeterW
Reply | Threaded
Open this post in threaded view
|

Re: Orbeon and firewall proxy

PeterW
In reply to this post by Alessandro Vernet
Hi Alex

When I set up a simple properties-local.xml file containing the following (where XXX.XXX.XXX.XXX is my proxy IP address):
 <properties xmlns:xs="http://www.w3.org/2001/XMLSchema"
            xmlns:oxf="http://www.orbeon.com/oxf/processors">

<property as="xs:string" name="oxf.http.proxy.host" value="XXX.XXX.XXX.XXX"/>
<property as="xs:integer" name="oxf.http.proxy.port" value="80"/>
<property as="xs:boolean" name="oxf.http.proxy.use-ssl" value="false"/>

</properties>

i get a FormRunner summary screen that has no list of forms in it;


but without this properties-local.xml the FormRunner summary screen displays correctly



What have I missed?

Peter

Alessandro Vernet
Reply | Threaded
Open this post in threaded view
|

Re: Orbeon and firewall proxy

Alessandro Vernet
Administrator
Hi Peter,

You might want to try setting the oxf.url-rewriting.service.base-uri property to a base URL that your proxy can recognize as the URL of the server. I.e. instead http://localhost:8090/orbeon you would set it to http://www.my-server.com/orbeon. Also see the documentation on:

http://wiki.orbeon.com/forms/doc/developer-guide/configuration-properties/configuration-properties-base#TOC-oxf.url-rewriting.service.base-uri

And I agree, ideally, telling Orbeon Forms not to go through the proxy for some hosts would be a better solution, this way bypassing the proxy.

Alex
--
Follow Orbeon on Twitter: @orbeon
Follow me on Twitter: @avernet
PeterW
Reply | Threaded
Open this post in threaded view
|

Re: Orbeon and firewall proxy

PeterW
Hi Alex

I tried the following, but it didn't make any difference.

<properties xmlns:xs="http://www.w3.org/2001/XMLSchema"
            xmlns:oxf="http://www.orbeon.com/oxf/processors">

<property as="xs:string" name="oxf.http.proxy.host" value="XXX.XXX.XXX.XXX"/>
<property as="xs:integer" name="oxf.http.proxy.port" value="80"/>
<property as="xs:boolean" name="oxf.http.proxy.use-ssl" value="false"/>
<property as="xs:anyURI" name="oxf.url-rewriting.service.base-uri" value="http://kirmit:8090/orbeon"/>
</properties>

I am hoping that this doesn't become a showstopper.  

Are there any other things I should be doing?

Cheers

Peter
PeterW
Reply | Threaded
Open this post in threaded view
|

Re: Orbeon and firewall proxy

PeterW
can anyone help me here please?
DL
Reply | Threaded
Open this post in threaded view
|

Re: Orbeon and firewall proxy

DL
I'm still learning myself so this is a guess .. but it may be that your port 80 is blocked.

Does proxy work with a port other than 80?
Erik Bruchez
Reply | Threaded
Open this post in threaded view
|

Re: Re: Orbeon and firewall proxy

Erik Bruchez
Administrator
In reply to this post by PeterW
Peter,

It's hard to remotely debug a custom setup.

Once you setup the proxy, all Orbeon Forms HTTP connections should go
through that proxy. Now Orbeon Forms also needs to connect to itself
(for example to call the Form Runner persistence API to list form
data), and that's where the oxf.url-rewriting.service.base-uri enters.

The URL you specify in oxf.url-rewriting.service.base-uri will be
called back by your proxy. In other words, your proxy must be able to
access http://kirmit:8090/orbeon". Is that the case? Do you have a way
to check?

-Erik

On Sat, Jun 2, 2012 at 4:42 PM, PeterW <[hidden email]> wrote:

> can anyone help me here please?
>
> --
> View this message in context: http://orbeon-forms-ops-users.24843.n4.nabble.com/Orbeon-and-firewall-proxy-tp4655135p4655180.html
> Sent from the Orbeon Forms (ops-users) mailing list archive at Nabble.com.
>
>
> --
> You receive this message as a subscriber of the [hidden email] mailing list.
> To unsubscribe: mailto:[hidden email]
> For general help: mailto:[hidden email]?subject=help
> OW2 mailing lists service home page: http://www.ow2.org/wws
>


--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
OW2 mailing lists service home page: http://www.ow2.org/wws
PeterW
Reply | Threaded
Open this post in threaded view
|

Re: Re: Orbeon and firewall proxy

PeterW
Erik
I looked at the transaction with wireshark and there is a 500 error in the transaction between the firewall and the server that the orbeon forms is running on, so I think that there is a problem in this area.  
Peter
Alessandro Vernet
Reply | Threaded
Open this post in threaded view
|

Re: Re: Orbeon and firewall proxy

Alessandro Vernet
Administrator
Hi Peter,

Do you have more information about that 500 error? Does Orbeon Forms show something about it in the log? If not, is there a body to that 500 response, if there is what is its content?

Alex
--
Follow Orbeon on Twitter: @orbeon
Follow me on Twitter: @avernet
PeterW
Reply | Threaded
Open this post in threaded view
|

Re: Re: Orbeon and firewall proxy

PeterW
I have managed to spend a little more time with this problem .... It looks as though the calls to sites are not actually getting routed through the proxy.

I have a properties-local.xml as follows:

<properties xmlns:xs="http://www.w3.org/2001/XMLSchema"
            xmlns:oxf="http://www.orbeon.com/oxf/processors">
<property as="xs:string" name="oxf.http.proxy.host" value="xxx.xxx.xxx.xxx"/> <property as="xs:boolean" name="oxf.http.proxy.use-ssl" value="false"/> <property as="xs:anyURI" name="oxf.url-rewriting.service.base-uri" value="http://yyy.yyy.yyy.yyy/orbeon"/>
</properties>



Also, if I add the oxf.http.proxy.port setting I cannot see the FormBuilder page.

Any suggestions?

Thanks
P
Alessandro Vernet
Reply | Threaded
Open this post in threaded view
|

Re: Re: Orbeon and firewall proxy

Alessandro Vernet
Administrator
Hi Peter,

As mentioned by Erik earlier in the thread, with the proxy enabled, all the HTTP requests should go through the proxy. Then you might need to setup oxf.url-rewriting.service.base-uri so the proxy can reach your server. Now:

1. Is a request made to the proxy? If not, where else does the request go?
2. Does the proxy manage to reach the server running Orbeon? If not, why? What is does the response the proxy receive look like?

I am afraid I can't help much on this through the list; this is really something that you need to debug locally to pinpoint what exactly is going wrong.

Alex
--
Follow Orbeon on Twitter: @orbeon
Follow me on Twitter: @avernet
PeterW
Reply | Threaded
Open this post in threaded view
|

Re: Re: Orbeon and firewall proxy

PeterW
The request isn't routing through the proxy.  It is just bouncing around in the internal network and then gets reported as the address not being found.

The proxy doesn't know about the internal network

I realise that this is difficult to discuss, but I think that my principal problem is that the request isn't getting to the proxy and I'd like to get that sorted first and then deal with the cases where a request should not be routed through the proxy later.
Erik Bruchez
Reply | Threaded
Open this post in threaded view
|

Re: Re: Re: Orbeon and firewall proxy

Erik Bruchez
Administrator
Peter,

Which request specifically does not go through the proxy? Can you see
any specific example of such a request URL?

Also, do any requests go through the proxy?

Thanks,

-Erik

On Wed, Jun 13, 2012 at 1:27 AM, PeterW <[hidden email]> wrote:

> The request isn't routing through the proxy.  It is just bouncing around in
> the internal network and then gets reported as the address not being found.
>
> The proxy doesn't know about the internal network
>
> I realise that this is difficult to discuss, but I think that my principal
> problem is that the request isn't getting to the proxy and I'd like to get
> that sorted first and then deal with the cases where a request should not be
> routed through the proxy later.
>
> --
> View this message in context: http://orbeon-forms-ops-users.24843.n4.nabble.com/Orbeon-and-firewall-proxy-tp4655135p4655249.html
> Sent from the Orbeon Forms (ops-users) mailing list archive at Nabble.com.
>
>
> --
> You receive this message as a subscriber of the [hidden email] mailing list.
> To unsubscribe: mailto:[hidden email]
> For general help: mailto:[hidden email]?subject=help
> OW2 mailing lists service home page: http://www.ow2.org/wws
>


--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
OW2 mailing lists service home page: http://www.ow2.org/wws
PeterW
Reply | Threaded
Open this post in threaded view
|

Re: Re: Re: Orbeon and firewall proxy

PeterW
Eric
As far as I can see, all requests do not go through the proxy.  They just bounce around within the firewall and then get reported as having an unknown address (even when I use IP addresses).

In desperation I finally just started setting up a small relay script to mediate these external calls.  Calls internal to the firewall all work correctly.

Cheers

Peter
Erik Bruchez
Reply | Threaded
Open this post in threaded view
|

Re: Re: Re: Re: Orbeon and firewall proxy

Erik Bruchez
Administrator
Peter,

Good to see that you have a solution!

-Erik

On Mon, Jun 18, 2012 at 2:34 AM, PeterW <[hidden email]> wrote:

> Eric
> As far as I can see, all requests do not go through the proxy.  They just
> bounce around within the firewall and then get reported as having an unknown
> address (even when I use IP addresses).
>
> In desperation I finally just started setting up a small relay script to
> mediate these external calls.  Calls internal to the firewall all work
> correctly.
>
> Cheers
>
> Peter
>
> --
> View this message in context: http://orbeon-forms-ops-users.24843.n4.nabble.com/Orbeon-and-firewall-proxy-tp4655135p4655283.html
> Sent from the Orbeon Forms (ops-users) mailing list archive at Nabble.com.
>
>
> --
> You receive this message as a subscriber of the [hidden email] mailing list.
> To unsubscribe: mailto:[hidden email]
> For general help: mailto:[hidden email]?subject=help
> OW2 mailing lists service home page: http://www.ow2.org/wws
>


--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
OW2 mailing lists service home page: http://www.ow2.org/wws
Free forum by Nabble Edit this page