[ARVADOS] updated: 2.1.0-9-g8127b5d5d

Git user git at public.arvados.org
Thu Oct 15 21:10:43 UTC 2020


Summary of changes:
 tools/arvbox/lib/arvbox/docker/cluster-config.sh     |  2 +-
 tools/arvbox/lib/arvbox/docker/common.sh             |  1 +
 tools/arvbox/lib/arvbox/docker/service/nginx/run     | 14 ++++++++++++++
 .../lib/arvbox/docker/service/workbench/run-service  | 20 --------------------
 4 files changed, 16 insertions(+), 21 deletions(-)

       via  8127b5d5dd999248731dd67c1c99e2045795e3e2 (commit)
      from  c6c2f3518bc745eed95b5f5b81db5d17db4366ff (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit 8127b5d5dd999248731dd67c1c99e2045795e3e2
Author: Peter Amstutz <peter.amstutz at curii.com>
Date:   Thu Oct 15 17:06:45 2020 -0400

    Separate inline/download keep-web ports refs #16812
    
    This makes inline viewing of private files work as expected with
    arvbox, which is helpful for development and testing.
    
    It relies on "TrustAllContent: true", so it is also XSS insecure.
    
    Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz at curii.com>

diff --git a/tools/arvbox/lib/arvbox/docker/cluster-config.sh b/tools/arvbox/lib/arvbox/docker/cluster-config.sh
index 948eb00a5..708af17d5 100755
--- a/tools/arvbox/lib/arvbox/docker/cluster-config.sh
+++ b/tools/arvbox/lib/arvbox/docker/cluster-config.sh
@@ -105,7 +105,7 @@ Clusters:
       WebDAVDownload:
         InternalURLs:
           "http://localhost:${services[keep-web]}/": {}
-        ExternalURL: "https://$localip:${services[keep-web-ssl]}/"
+        ExternalURL: "https://$localip:${services[keep-web-dl-ssl]}/"
       Composer:
         ExternalURL: "https://$localip:${services[composer]}"
       Controller:
diff --git a/tools/arvbox/lib/arvbox/docker/common.sh b/tools/arvbox/lib/arvbox/docker/common.sh
index 48d356640..eb53e1904 100644
--- a/tools/arvbox/lib/arvbox/docker/common.sh
+++ b/tools/arvbox/lib/arvbox/docker/common.sh
@@ -38,6 +38,7 @@ services=(
   [arv-git-httpd]=9001
   [keep-web]=9003
   [keep-web-ssl]=9002
+  [keep-web-dl-ssl]=9004
   [keepproxy]=25100
   [keepproxy-ssl]=25101
   [keepstore0]=25107
diff --git a/tools/arvbox/lib/arvbox/docker/service/nginx/run b/tools/arvbox/lib/arvbox/docker/service/nginx/run
index 82db92137..991927be7 100755
--- a/tools/arvbox/lib/arvbox/docker/service/nginx/run
+++ b/tools/arvbox/lib/arvbox/docker/service/nginx/run
@@ -144,6 +144,20 @@ http {
       proxy_redirect off;
     }
   }
+  server {
+    listen *:${services[keep-web-dl-ssl]} ssl default_server;
+    server_name keep-web-dl;
+    ssl_certificate "${server_cert}";
+    ssl_certificate_key "${server_cert_key}";
+    client_max_body_size 0;
+    location  / {
+      proxy_pass http://keep-web;
+      proxy_set_header Host \$http_host;
+      proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto https;
+      proxy_redirect off;
+    }
+  }
 
   upstream keepproxy {
     server localhost:${services[keepproxy]};
diff --git a/tools/arvbox/lib/arvbox/docker/service/workbench/run-service b/tools/arvbox/lib/arvbox/docker/service/workbench/run-service
index eba22372f..32efea51b 100755
--- a/tools/arvbox/lib/arvbox/docker/service/workbench/run-service
+++ b/tools/arvbox/lib/arvbox/docker/service/workbench/run-service
@@ -43,25 +43,5 @@ set -u
 
 secret_token=$(cat $ARVADOS_CONTAINER_PATH/workbench_secret_token)
 
-if test -a /usr/src/arvados/apps/workbench/config/arvados_config.rb ; then
-    rm -f config/application.yml
-else
-cat >config/application.yml <<EOF
-$RAILS_ENV:
-  secret_token: $secret_token
-  arvados_login_base: https://$localip:${services[controller-ssl]}/login
-  arvados_v1_base: https://$localip:${services[controller-ssl]}/arvados/v1
-  arvados_insecure_https: false
-  keep_web_download_url: https://$localip:${services[keep-web-ssl]}/c=%{uuid_or_pdh}
-  keep_web_url: https://$localip:${services[keep-web-ssl]}/c=%{uuid_or_pdh}
-  arvados_docsite: http://$localip:${services[doc]}/
-  force_ssl: false
-  composer_url: http://$localip:${services[composer]}
-  workbench2_url: https://$localip:${services[workbench2-ssl]}
-EOF
-
-(cd config && /usr/local/lib/arvbox/yml_override.py application.yml)
-fi
-
 RAILS_GROUPS=assets flock $GEM_HOME/gems.lock bundle exec rake npm:install
 flock $GEM_HOME/gems.lock bundle exec rake assets:precompile

-----------------------------------------------------------------------


hooks/post-receive
-- 




More information about the arvados-commits mailing list