MAAS

Ward off port confusion by maintaining a redirect

Bug #1643900 reported by Peter Matulis
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
MAAS
Won't Fix
Undecided
Unassigned

Bug Description

I understand that the apache redirect (80 to 5240) will eventually be removed. However, if HA is set up (haproxy) the port once again becomes 80. It would be better to keep the redirect idea but replace apache with a lighter weight mechanism (e.g. socat) which the admin can disable when they enable HA. HA status (i.e. implemented or not) should remain transparent to the end-user.

Tags: docteam
Revision history for this message
Andres Rodriguez (andreserl) wrote :

Hi Peter,

I think we should fix HAProxy to not do port 80 then. Port 5240 should be used by default at all times, and we should be pointing users to that. if users want to use port 80 instead, we should provide means for them to configure it that way, but we should not be the ones pushing them to use it.

That said, there's plans to run MAAS alongside other services that bidn to port 80 and we dont want them to conflict.

Changed in maas:
status: New → Won't Fix
Revision history for this message
Blake Rouse (blake-rouse) wrote :

5240 is hard coded. We would need to allow the region controller to configure that port, which is not hard but is work to be done.

You are also make it harder for a user to configure HA, as now they need to adjust the port that the regiond is running on so that HAProxy can run on that port.

Revision history for this message
Mike Pontillo (mpontillo) wrote :

The current design in MAAS is consistent with other "enterprise" web applications. Customers want to be able to add additional proxies in front of MAAS. This could be for HA purposes, for security reasons (SSL/TLS), etc.

Another requirement is, all traffic to the MAAS web interface needs to flow over a single port. Some people use TCP port redirection with SSH in order to gain access to MAAS. A redirect would introduce a second port, and break those users.

For the record, I don't think we should drop the Apache port 80 proxy configuration. It's a good validation that we operate correctly behind a proxy.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.