Opened 4 weeks ago

Closed 4 weeks ago

Last modified 4 weeks ago

#30703 closed defect (fixed)

How to modify Apache config on polyanthum?

Reported by: phw Owned by: phw
Priority: Medium Milestone:
Component: Internal Services/Services Admin Team Version:
Severity: Normal Keywords:
Cc: anarcat, arma Actual Points:
Parent ID: #30472 Points: 0.5
Reviewer: Sponsor:

Description

As part of #30472, we are setting up a service on polyanthum that allows bridge operators to test the TCP reachability of their obfs4 port. We would like to expose the service over a URL such as bridges.torproject.org/scan/. This seems to require a new ProxyPass directive in the file /etc/apache2/sites-enabled/bridges.torproject.org.conf.

What's the process for modifying this file? Is it under version control? If so, how do we commit a change to this version control system?

Child Tickets

Change History (4)

comment:1 Changed 4 weeks ago by anarcat

just in case it's only under our control, could you specify exactly the line you want to have added so i can just do it instead of bounce it back to you here later? :)

thanks

comment:2 Changed 4 weeks ago by phw

I think this is what I want. I didn't actually test it because I filed this ticket instead :) Basically, I want requests going to bridges.torproject.org/scan/ to be redirected to another web server that listens on 127.0.0.1:4000.

--- bridges.torproject.org.conf.orig	2019-05-30 18:24:26.506273388 +0000
+++ bridges.torproject.org.conf.diff	2019-05-30 18:26:19.231435195 +0000
@@ -26,6 +26,7 @@
 
 		ProxyPass /meek/ http://127.0.0.1:2000/
 		ProxyPass /moat/ http://127.0.0.1:3881/moat/
+		ProxyPass /scan/ http://127.0.0.1:4000/
 
 		ProxyPass / http://127.0.0.1:3880/ retry=10
 		ProxyPassReverse / http://127.0.0.1:3880/

comment:3 Changed 4 weeks ago by anarcat

Resolution: fixed
Status: assignedclosed

so. er. there are actually *two* version control systems in there:

  1. all of /etc is managed through git, by a tool called etckeeper which does daily autocommits and has hooks that run after package installs and so on
  2. the /etc/apache2/sites-available directory, *on top of that* is *also* managed through RCS

The last commit on that file in RCS is:

----------------------------
revision 1.15	locked by: root;
date: 2017/11/15 23:27:10;  author: root;  state: Exp;  lines: +1 -0
update run by root(isis) at Wed, 15 Nov 2017 23:27:10 +0000 on polyanthum.torproject.org

The diff is:

root@polyanthum:/etc/apache2/sites-available# rcsdiff -u -r1.14 -r1.15 ./bridges.torproject.org.conf 
===================================================================
RCS file: ./RCS/bridges.torproject.org.conf,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- ./bridges.torproject.org.conf	2017/04/27 00:57:53	1.14
+++ ./bridges.torproject.org.conf	2017/11/15 23:27:10	1.15
@@ -25,6 +25,7 @@
 		</Proxy>
 
 		ProxyPass /meek/ http://127.0.0.1:2000/
+		ProxyPass /moat/ http://127.0.0.1:3881/moat/
 
 		ProxyPass / http://127.0.0.1:3880/ retry=10
 		ProxyPassReverse / http://127.0.0.1:3880/

Those changes were *also* committed into git, through the daily autocommit. Hilarious. :)

In any case, those files are only writable by root, so I guess you need to ask me or other tpa to make changes.

So I just implemented your change. I grepped through the access log and it seems the /scan prefix wasn't in use anywhere, so it's a safe bet. The thing gives us a 404 right now, but I guess that's to be expected because it doesn't seem like anything is running on port 4000. Here's the error log in apache:

[Fri May 31 00:43:11.833004 2019] [proxy:error] [pid 17339:tid 140323233597184] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.0.1:4000 (127.0.0.1) failed

I've committed the change into RCS *and* git, for good measure.

Then I'll try to forget what I have seen here, for mental health reasons. :p

I hope that helps!

comment:4 Changed 4 weeks ago by anarcat

and, and for the record, those are the commands to commit the file:

co -l bridges.torproject.org.conf # unlock the file (ie. make it writable. yes, this is a thing in RCS.)
ci -m'... commit message ...' -u bridges.torproject.org.conf # this commits the file, and unlocks it
git commit -m'...commit message...' . # also commit everything into git, including the RCS directory of course

watch out for the ci command. by default, it *removes* the committed file if you don't use any flags, which might be... surprising, to say the least, for people used to more... modern VCS.

Note: See TracTickets for help on using tickets.