Koozali.org: home of the SME Server
Contribs.org Forums => General Discussion => Topic started by: Arnaud on December 15, 2015, 10:13:21 PM
-
Good evening!
Once again, I would need your help to achieve following:
The environment:
in the LAN, I've got a "Sme9-clone" for tests. This is a clone of the production Sme and it is installed on a virtual machine:
internet -------<Sme8-prod>-----------------<switch>--------------------<client>
|
|
<Sme9-clone>
<IP 192.168.2.109>
The settings:
- Sme8-prod: hostname=Sme8-prod domain: domain.org DNS: field empty - no entry
- Sme9-clone: hostname=sme9-clone domain: sme9-clone.domain.org DNS: IP Sme8-prod
- Into the server-manager of Sme8-prod --> Hosts and adresses:
sme9-clone.domain.org --> local --> 192.168.2.109
This configuration allows me to send emails from and to the sme9-clone.
- Sme8-prod is the DNS of the client.
The problem:
I'm trying the contrib "Lemonldap-ng" http://wiki.contribs.org/LemonLDAP-NG (http://wiki.contribs.org/LemonLDAP-NG) on the sme9-clone and the configuration panel of this application is in a subdomain of sme9-clone: "sso-manager.sme9-proxmox.guedel.eu" is therefore the url that I need to reach from the client and I still haven't find a way to do it. :sad:
- sme9-proxmox.guedel.eu can be pinged
- sso-manager.sme9-proxmox.guedel.eu can't be pinged, but works (tested by setting temporairy Sme9-clone as DNS for the client)
It is quite in the same direction that this topic: http://forums.contribs.org/index.php/topic,49965.msg250422.html#msg250422
I don't understand why it doesn't work: why don't Sme8-prod relay the request of the subdomain to Sme9-clone which main domain (sme9-clone.domain.org) is resolved?
Trials:
- enter "sso-manager.sme9-clone.domain.org" as a host in the server-manager of Sme8-prod: --> It's not possible because the dots are not accepted in the hostname.
- Set proxypass in Sme8-prod:
db domains set sso-manager.sme9-clone.domain.org domain
db domains setprop sso-manager.sme9-clone.domain.org Nameserver internet
db domains setprop sso-manager.sme9-clone.domain.org ProxyPassTarget http://192.168.2.109
db domains setprop sso-manager.sme9-clone.domain.org TemplatePath ProxyPassVirtualHosts
signal-event domain-create sso-manager.sme9-clone.domain.org With it, I reach the main domain of the sme9-clone by entering "sso-manager.sme9-clone.domain.org" as url for the browser, but not its subdomain "sso-manager.sme9-clone.domain.org" (it is the same result than entering http://192.168.2.109 directly - btw I don't know how it can work in an other way because domain and subdomains have the same url!)
Ideas:
- - Create in the server-manager of Sme8-prod a host "lemonldap.domain.org" pointing to 192.168.2.109 too.
- In the server-manager of Sme9-clone, create a domain "lemonldap.domain.org" pointing on an ibay (to be created) "lemonldap".
- Then in Sme9-clone find a way (templates? db?) to relay "lemonldap-domain.org" to "sso-manager.sme9-clone.domain.org domain" ( sso-manager.sme9-clone.domain.org domain is well known by the Sme9-clone).
I don't think that a simple .htaccess redirection into the ibay will help. - On a "classical" Linux OS: I would have tried to add one position including "sso-manager.sme9-clone.domain.org domain" into the /etc/hosts file.
Is it possible on the SME? Certainly with a template-custom...?? - By writing this, I could maybe enter this line in the /etc/hosts of the client?
Of course if it's working, it isn't very nice because this should be add to each client.
Questions:
What do you think??
How can Sme9-clone know if the request is for the domain or for 1 subdomain??
How to reach this subdomain in a practical and in a "not too bad" way?
Notes:
This example is only for 1 subdomain, but there are several that i would need to reach!
If possible, I would like to make all the "dirty" tasks on the Sme9-clone instead of on the well running Sme8-prod.
Thanks for your indications.
Bye
Arnaud
-
Arnaud
Referring to the other thread you mention, I note this:
"db domains setprop sub.domain.com ProxyPassTarget http://192.168.1.8/
(PS - the only hitch I reguarly hit doing this is that the trailing "/" in the ProxyPassTarget is important...)"
I do not see the trailing / in your command line
db domains setprop sso-manager.sme9-clone.domain.org ProxyPassTarget http://192.168.2.109
I know that this is important.
Check here for other options
http://wiki.contribs.org/SME_Server:Documentation:FAQ:Section01#Proxy_Pass
Also try naming your sme9clone
sme9-clonedomain.org
then you can use in the proxy pass
sso-manager.sme9-clonedomain.org
This is a test machine, does the domain name matter ?
-
Could it be that with the install of lemonLDAP-NG webapps-common was not installed?
-
I've got it! :lol: :lol:
In fact, it is very easy, but I simply wasn't aware that it is possible.
The method is (for names given in the 1st post):
1) creation of the domain "sme9-clone.domain.org" without any parameters except its name:
db domains set sme9-clone.domain.org domain
signal-event domain-create sme9-clone.domain.org
2) go into the server-manager and have a look at the domains: the new domain is present
3) in the server-manager, go to hosts and adresses and look: it is possible to create hosts for the new domain (as it is done for the "normal" domain) :cool:
4) simply add the host "sso-manager" to the domain "sme9-clone.domain.org", into the local network, with IP 192.168.2.109
and the same for "auth" and "soapsso" (cf lemonldap)
5) :pint: repeat this operation as long as necessary!
That's all!
@Janet, thanks for your comments, unfortunately, I made a typo in the topic: I entered "https://192.168.2.109/" as the command in reality.
Your link gave me first another idea: DNS forwarding http://wiki.contribs.org/SME_Server:Documentation:FAQ:Section01#DNS_Forwarding for the domain "sso-manager.sme9-clone.domain.org" on the sme9-clone (192.168.2.109) --> then the domain is resolved (ping is OK) but in https the access is denied! --> which machine / domain answer to the ping??? :roll:
@RequestedDeletion: smeserver-webapps-common is a dependency of lemonLDAP-NG and is therefore present (verified) on the test server where lemonLDAP-NG is installed.
Thanks for the ideas.
Bye
Arnaud
-
Good evening,
in fact, it is not completely solved..... :oops:
After an update, I let the Sme-prod reconfigure and all the testing subdomain set by "db" is gone........
This looks "very like" missing custom-templates, I would guess.
What would be the template equivalent to the db entry "db domains set sme9-clone.domain.org domain"? In which folder?
After re-enter the subdomain by db, the hosts are again present.
I had a look into /etc/httpd/conf/httpd.conf and I can see many entries under "VirtualHost" refering to the testing subdomain but it is not clear enough for me to guess the correct template.
Thanks.
Bye
Arnaud
-
Arnaud
Well something does not make sense.
You blame (on a guess) that a template is missing, yet when you re-enter the db command the domain settings return, which is suggestive that the template must be present.
AFAIK the template puts the entries into the conf file using values manually entered into a custom template, but where the template code is written to utilise db entries, then the template will use the db entries to create the resultant conf file entry.
This could be a user error, but it sounds more likely to be a code bug, where db entries are "lost" when the server is recongured.
Perhaps the particular template is not being expanded when a reconfigure is done or the db entries are not being read.
I would suggest you report a bug.
-
I am still *thinking* about something went south with or in combination with webapps-common....
-
webapps-common....
Hello,
yes, I made the test on the test machine: by installed "webapps-common" the created subdomain doesn't disappear by reconfiguring the SME :-)
Thank for this memento.
Bye
Arnaud