Project

General

Profile

Feature #3890

SWIP-Analytic Issues

Added by Marilynn Johnson over 5 years ago. Updated over 5 years ago.

Status:
Resolved
Priority name:
Normal
Assignee:
Category name:
Domain Mapping
Target version:
Start date:
2015-03-07
Due date:
% Done:

0%

Estimated time:

Description

Hello Redmine team!

I am writing with two questions about the site I help manage for SWIP-Analytic at swipanalytic.commons.gc.cuny.edu.

1) My facebook and twitter widgets that should display on the right sidebar are not displaying. I can't work out why not. Any suggestions? (dashboard pic attached)

2) Chris Caruso recently tried to go to the site during one of out Social Media Fellows meetings and got the attached message. Folks on here helped me set up the redirect through swipanalytic.org and I am wondering if there is some issue with that that is making this message appear? Is there anything that can be done?

Thank you very much for your help!

~Marilynn

swipwidgets.png (32.2 KB) swipwidgets.png Marilynn Johnson, 2015-03-07 05:33 PM
swip-error-message.jpg (75.9 KB) swip-error-message.jpg Marilynn Johnson, 2015-03-07 05:33 PM
Screen Shot 2015-06-02 at 5.34.41 PM.png (939 KB) Screen Shot 2015-06-02 at 5.34.41 PM.png Matt Gold, 2015-06-02 05:35 PM

History

#1 Updated by Marilynn Johnson over 5 years ago

(error pic attached)

#2 Updated by Matt Gold over 5 years ago

  • Category name set to Domain Mapping
  • Status changed from New to Assigned
  • Assignee set to Boone Gorges

Thanks, Michelle.

Boone: Can you please address the security warning?

Scott: Can you please address the twitter issue?

Thanks to you both. Michelle, moving forward, please keep one issue to a ticket, as that helps us keep various troubleshooting issues straight. Thank you!)

#3 Updated by Boone Gorges over 5 years ago

Regarding the "Your connection is not private" message. This appears because you were redirected at some point to https://swipanalytic.org (note the 's'). The Commons server does not have an SSL certificate associated with that domain - we only support SSL for *.commons.gc.cuny.edu. However, because swipanalytic.org (and all other mapped domains) share the Commons IP address, the following happens:

1. the browser validates the SSL cert associated with the swipanalytic.org IP address
2. The certificate authority sends back info to the effect that the SSL cert is valid for *.commons.gc.cuny.edu
3. The browser sees that there is a mismatch between the domains associated with the cert and the requested domain, so it throws the security error.

At root, this is happening because the certificate authority handshake does not include information about the domain name being requested; on the vanilla configuration, SSL certificates are expected to be served from dedicated IP addresses. We can theoretically work around this requirement by installing and configuring the SNI extension for Apache. I'll open a thread with IT to see if this is possible.

In the meantime, we can attempt to skirt the problem by ensuring that redirects to https://swipanalytic.org never take place. Marilynn, do you remember exactly what you were doing that led you to this error notice? Where in the interface did you click?

#4 Updated by Boone Gorges over 5 years ago

  • Status changed from Assigned to Resolved
  • Target version set to 1.7.15

I spent a bunch of time playing whack-a-mole with SSL-relaed stuff today, and 1.7.15 will have a bunch of improvements to ensure that SSL requests aren't polluted with insecure assets.

More to the point of this ticket: I'm assuming that the path Marilynn took to get to the bad https address was through the My Sites menu. Fixing this was extremely unpleasant, but it should no longer happen after https://github.com/cuny-academic-commons/cac/commit/e4a5840cfae7a49ced5420387a3d23bd18b963a5.

Ray, added you as a watcher mainly so you could see how fun that commit was.

I'm going to mark this ticket as Resolved on the assumption that I've correctly diagnosed the bad redirect. We still have a larger issue to tackle regarding the hosting of non-SSL domains on this IP address, but we'll handle that in a separate ticket.

#5 Updated by Matt Gold over 5 years ago

Thank you for your work on this, Boone. Sorry it was such a bear.

#6 Updated by Marilynn Johnson over 5 years ago

Hi Boone,

I am not sure exactly where I tried to go to the page from -- it is possible from the 'my sites' dropdown while loggged in on the commons. Sorry I don't fully understand some of the technical language above. Is whatever the issue was basically fixed for my site?

Thank you!
Marilynn

#7 Updated by Boone Gorges over 5 years ago

Thanks, Marilynn. If indeed you navigated to the site from 'My Sites', then the problem should now be fixed for you. Please feel free to report back here if you come across related issues.

#8 Updated by Marilynn Johnson over 5 years ago

Will do, thanks!

#9 Updated by Marilynn Johnson over 5 years ago

Hi Boone,

I am writing on this ticket again because the twitter and facebook widgets on the side of the site detailed here, swipanalytic.commons.gc.cuny.edu, seem to have disappeared again. Perhaps something got lost in an update? They were there for a while after this ticket was addressed but I noticed a few weeks ago they were gone.

Thank you!
Marilynn

#10 Updated by Matt Gold over 5 years ago

Hi Marilynn -- I'm seeing the widgets (screenshot attached). Perhaps the browser you are using is blocking them from loading? What are computer OS/browser are you using to view the site?

#11 Updated by Marilynn Johnson over 5 years ago

Hi Matt,

Sorry for the very delayed response to this! I am viewing the page in Firefox with Ad-Blocker Plus active. I noticed that it does work on my ipad, using Safari.

Best,
Marilynn

#12 Updated by Marilynn Johnson over 5 years ago

(Firefox on a PC)

Also available in: Atom PDF