You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cloudstack.apache.org by Ivan Kudryavtsev <ku...@bw-sw.com> on 2018/08/23 04:55:29 UTC
Direct templates/volumes upload don't work in real world
Hello, devs.
Today I investigated how ACS handles file uploads. I thought there is a
Jetty-based implementation, but it looks like they are managed thru SSVM by
requesting unique upload URL and so on and so forth.
By design, it's good, despite that the URL which returned by an API
includes https://IP/<token> schema, where SSL is related to *.realip.com
and as a result, nothing really works in a browser without playing with
certs.
I know that CPVM uses 1-2-3-4.domain.com URL and works great with real-life
SSLs, no idea why SSVM doesn't act the same way.
Personally, I don't use direct uploading, but you know the users. They find
it very attractive and easy rather than managing thru external HTTP/HTTPS
servers.
So, basically, the feature doesn't work for real-life deployments.
--
With best regards, Ivan Kudryavtsev
Bitworks LLC
Cell: +7-923-414-1515
WWW: http://bitworks.software/ <http://bw-sw.com/>
Re: Direct templates/volumes upload don't work in real world
Posted by Ivan Kudryavtsev <ku...@bw-sw.com>.
Thanks, Rajani. I'll try to test those vars. Just to sum up:
* secstorage.ssl.cert.domain
* SSL certificate used to encrypt copy traffic between zones
not very obvious and useful description for someone who tries to figure out
the problem.
2018-08-23 13:37 GMT+07:00 Rajani Karuturi <ra...@apache.org>:
> Check the values of secstorage.encrypt.copy, secstorsge.ssl.cert.domain
>
> https://cwiki.apache.org/confluence/display/CLOUDSTACK/
> Procedure+to+Replace+realhostip.com+with+Your+Own+Domain+Name
> has more info
>
> ~Rajani
>
> Sent from phone.
>
> On Thu, 23 Aug 2018, 11:57 am Ivan Kudryavtsev, <ku...@bw-sw.com>
> wrote:
>
> > Yes, but API returns https://<ip>/<hash>, not
> > https://1-2-3-4.dns.zone/hash.
> > That is what I'm talking about, at least it works for my 4.11.1
> deployment,
> > while CPVM works just fine with https://1-2-3-4.dns.zone/
> >
> > 2018-08-23 13:24 GMT+07:00 Rajani Karuturi <ra...@apache.org>:
> >
> > > The same CPVM type URL also works for SSVM. You could also add Https
> > > exception in browser to test it out.
> > >
> > > Check FS at
> > >
> > https://cwiki.apache.org/confluence/pages/viewpage.
> action?pageId=39620237
> > > for more details.
> > >
> > > ~Rajani
> > >
> > > Sent from phone.
> > >
> > > On Thu, 23 Aug 2018, 10:25 am Ivan Kudryavtsev, <
> > kudryavtsev_ia@bw-sw.com>
> > > wrote:
> > >
> > > > Hello, devs.
> > > >
> > > > Today I investigated how ACS handles file uploads. I thought there
> is a
> > > > Jetty-based implementation, but it looks like they are managed thru
> > SSVM
> > > by
> > > > requesting unique upload URL and so on and so forth.
> > > >
> > > > By design, it's good, despite that the URL which returned by an API
> > > > includes https://IP/<token> schema, where SSL is related to *.
> > realip.com
> > > > and as a result, nothing really works in a browser without playing
> with
> > > > certs.
> > > >
> > > > I know that CPVM uses 1-2-3-4.domain.com URL and works great with
> > > > real-life
> > > > SSLs, no idea why SSVM doesn't act the same way.
> > > >
> > > > Personally, I don't use direct uploading, but you know the users.
> They
> > > find
> > > > it very attractive and easy rather than managing thru external
> > HTTP/HTTPS
> > > > servers.
> > > >
> > > > So, basically, the feature doesn't work for real-life deployments.
> > > >
> > > > --
> > > > With best regards, Ivan Kudryavtsev
> > > > Bitworks LLC
> > > > Cell: +7-923-414-1515
> > > > WWW: http://bitworks.software/ <http://bw-sw.com/>
> > > >
> > >
> >
> >
> >
> > --
> > With best regards, Ivan Kudryavtsev
> > Bitworks LLC
> > Cell: +7-923-414-1515
> > WWW: http://bitworks.software/ <http://bw-sw.com/>
> >
>
--
With best regards, Ivan Kudryavtsev
Bitworks LLC
Cell: +7-923-414-1515
WWW: http://bitworks.software/ <http://bw-sw.com/>
Re: Direct templates/volumes upload don't work in real world
Posted by Rajani Karuturi <ra...@apache.org>.
Check the values of secstorage.encrypt.copy, secstorsge.ssl.cert.domain
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Procedure+to+Replace+realhostip.com+with+Your+Own+Domain+Name
has more info
~Rajani
Sent from phone.
On Thu, 23 Aug 2018, 11:57 am Ivan Kudryavtsev, <ku...@bw-sw.com>
wrote:
> Yes, but API returns https://<ip>/<hash>, not
> https://1-2-3-4.dns.zone/hash.
> That is what I'm talking about, at least it works for my 4.11.1 deployment,
> while CPVM works just fine with https://1-2-3-4.dns.zone/
>
> 2018-08-23 13:24 GMT+07:00 Rajani Karuturi <ra...@apache.org>:
>
> > The same CPVM type URL also works for SSVM. You could also add Https
> > exception in browser to test it out.
> >
> > Check FS at
> >
> https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=39620237
> > for more details.
> >
> > ~Rajani
> >
> > Sent from phone.
> >
> > On Thu, 23 Aug 2018, 10:25 am Ivan Kudryavtsev, <
> kudryavtsev_ia@bw-sw.com>
> > wrote:
> >
> > > Hello, devs.
> > >
> > > Today I investigated how ACS handles file uploads. I thought there is a
> > > Jetty-based implementation, but it looks like they are managed thru
> SSVM
> > by
> > > requesting unique upload URL and so on and so forth.
> > >
> > > By design, it's good, despite that the URL which returned by an API
> > > includes https://IP/<token> schema, where SSL is related to *.
> realip.com
> > > and as a result, nothing really works in a browser without playing with
> > > certs.
> > >
> > > I know that CPVM uses 1-2-3-4.domain.com URL and works great with
> > > real-life
> > > SSLs, no idea why SSVM doesn't act the same way.
> > >
> > > Personally, I don't use direct uploading, but you know the users. They
> > find
> > > it very attractive and easy rather than managing thru external
> HTTP/HTTPS
> > > servers.
> > >
> > > So, basically, the feature doesn't work for real-life deployments.
> > >
> > > --
> > > With best regards, Ivan Kudryavtsev
> > > Bitworks LLC
> > > Cell: +7-923-414-1515
> > > WWW: http://bitworks.software/ <http://bw-sw.com/>
> > >
> >
>
>
>
> --
> With best regards, Ivan Kudryavtsev
> Bitworks LLC
> Cell: +7-923-414-1515
> WWW: http://bitworks.software/ <http://bw-sw.com/>
>
Re: Direct templates/volumes upload don't work in real world
Posted by Ivan Kudryavtsev <ku...@bw-sw.com>.
Yes, but API returns https://<ip>/<hash>, not https://1-2-3-4.dns.zone/hash.
That is what I'm talking about, at least it works for my 4.11.1 deployment,
while CPVM works just fine with https://1-2-3-4.dns.zone/
2018-08-23 13:24 GMT+07:00 Rajani Karuturi <ra...@apache.org>:
> The same CPVM type URL also works for SSVM. You could also add Https
> exception in browser to test it out.
>
> Check FS at
> https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=39620237
> for more details.
>
> ~Rajani
>
> Sent from phone.
>
> On Thu, 23 Aug 2018, 10:25 am Ivan Kudryavtsev, <ku...@bw-sw.com>
> wrote:
>
> > Hello, devs.
> >
> > Today I investigated how ACS handles file uploads. I thought there is a
> > Jetty-based implementation, but it looks like they are managed thru SSVM
> by
> > requesting unique upload URL and so on and so forth.
> >
> > By design, it's good, despite that the URL which returned by an API
> > includes https://IP/<token> schema, where SSL is related to *.realip.com
> > and as a result, nothing really works in a browser without playing with
> > certs.
> >
> > I know that CPVM uses 1-2-3-4.domain.com URL and works great with
> > real-life
> > SSLs, no idea why SSVM doesn't act the same way.
> >
> > Personally, I don't use direct uploading, but you know the users. They
> find
> > it very attractive and easy rather than managing thru external HTTP/HTTPS
> > servers.
> >
> > So, basically, the feature doesn't work for real-life deployments.
> >
> > --
> > With best regards, Ivan Kudryavtsev
> > Bitworks LLC
> > Cell: +7-923-414-1515
> > WWW: http://bitworks.software/ <http://bw-sw.com/>
> >
>
--
With best regards, Ivan Kudryavtsev
Bitworks LLC
Cell: +7-923-414-1515
WWW: http://bitworks.software/ <http://bw-sw.com/>
Re: Direct templates/volumes upload don't work in real world
Posted by Rajani Karuturi <ra...@apache.org>.
The same CPVM type URL also works for SSVM. You could also add Https
exception in browser to test it out.
Check FS at
https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=39620237
for more details.
~Rajani
Sent from phone.
On Thu, 23 Aug 2018, 10:25 am Ivan Kudryavtsev, <ku...@bw-sw.com>
wrote:
> Hello, devs.
>
> Today I investigated how ACS handles file uploads. I thought there is a
> Jetty-based implementation, but it looks like they are managed thru SSVM by
> requesting unique upload URL and so on and so forth.
>
> By design, it's good, despite that the URL which returned by an API
> includes https://IP/<token> schema, where SSL is related to *.realip.com
> and as a result, nothing really works in a browser without playing with
> certs.
>
> I know that CPVM uses 1-2-3-4.domain.com URL and works great with
> real-life
> SSLs, no idea why SSVM doesn't act the same way.
>
> Personally, I don't use direct uploading, but you know the users. They find
> it very attractive and easy rather than managing thru external HTTP/HTTPS
> servers.
>
> So, basically, the feature doesn't work for real-life deployments.
>
> --
> With best regards, Ivan Kudryavtsev
> Bitworks LLC
> Cell: +7-923-414-1515
> WWW: http://bitworks.software/ <http://bw-sw.com/>
>