[users at bb.net] Authorize the read-only view

Martin Vilcans martin at librador.com
Wed Nov 25 08:29:12 UTC 2015 

I've upgraded the OS now and it works with the new Nginx. Thanks for
helping out!

On Tue, Nov 24, 2015 at 9:25 PM, Pierre Tardy <tardyp at gmail.com> wrote:

> good to know, thanks for the update.
>
>
> Le mar. 24 nov. 2015 à 21:14, Martin Vilcans <martin at librador.com> a
> écrit :
>
>> Yes, I have checked that. But now I think I have found the problem:
>> WebSockets are supported only from Nginx 1.3 (according to
>> https://www.nginx.com/blog/websocket-nginx/#gs.zSbvRCE), and I'm running
>> 1.2.1, which seems to be ancient (as the latest version is 1.9.7). That's
>> what you get for using a LTS release of Ubuntu, I suppose. I'll check
>> tomorrow. Thanks.
>>
>> On Tue, Nov 24, 2015 at 6:52 PM, Francesco Di Mizio <
>> francescodimizio at gmail.com> wrote:
>>
>>> I recently happened to set up an nginx server before buildbot nine beta
>>> 5.
>>>
>>> My config:
>>>
>>> server {
>>>     listen 80;
>>>     location / {
>>>             # try_build is the name used by --link when starting this
>>> nginx container
>>>             proxy_pass http://try_build:8050/;
>>>         }
>>>
>>>     location /ws {
>>>               proxy_http_version 1.1;
>>>               proxy_set_header Upgrade $http_upgrade;
>>>               proxy_set_header Connection "upgrade";
>>>               proxy_pass http://try_build:8050/ws;
>>>               # raise the proxy timeout for the websocket
>>>               proxy_read_timeout 6000s;
>>>         }
>>> }
>>>
>>> Websockets work ok.
>>>
>>> Are you sure you've configured buildbotURL correctly? In case of
>>> mismatch many things will stop working. Do you get any message about such a
>>> misconfig when opening the web home?
>>>
>>>
>>>
>>> On Tue, Nov 24, 2015 at 4:33 PM, Martin Vilcans <martin at librador.com>
>>> wrote:
>>>
>>>> OK, thanks for your answer.
>>>>
>>>> Yeah, I tried configuring Nginx as a reverse proxy first, but I never
>>>> got it to work with websockets. Are the SSL related things in the example
>>>> configuration needed? I don't exactly enjoy setting up SSL. :-)
>>>>
>>>> The error I get in the browser's console is that the connection seems
>>>> to time out:
>>>>
>>>> scripts.js?_1445513624809:14 ReconnectingWebSocket onerror
>>>> ws://redacted/buildbot/ws Event {isTrusted: true}
>>>>
>>>> scripts.js?_1445513624809:14 ReconnectingWebSocket attempt-connect
>>>> ws://redacted/buildbot/ws
>>>>
>>>> scripts.js?_1445513624809:14 ReconnectingWebSocket connection-timeout
>>>> ws://redacted/buildbot/ws
>>>>
>>>> scripts.js?_1445513624809:14 WebSocket connection to
>>>> 'ws://redacted/buildbot/ws' failed: WebSocket is closed before the
>>>> connection is established.
>>>>
>>>> scripts.js?_1445513624809:14 ReconnectingWebSocket onerror
>>>> ws://redacted/buildbot/ws Event {isTrusted: true}
>>>>
>>>> scripts.js?_1445513624809:14 ReconnectingWebSocket attempt-connect
>>>> ws://redacted/buildbot/ws
>>>>
>>>> scripts.js?_1445513624809:14 ReconnectingWebSocket connection-timeout
>>>> ws://redacted/buildbot/ws
>>>>
>>>> scripts.js?_1445513624809:14 WebSocket connection to
>>>> 'ws://redacted/buildbot/ws' failed: WebSocket is closed before the
>>>> connection is established.
>>>>
>>>> scripts.js?_1445513624809:14 ReconnectingWebSocket onerror
>>>> ws://redacted/buildbot/ws Event {isTrusted: true}
>>>>
>>>>
>>>> Here's the Nginx config:
>>>>
>>>> server {
>>>>
>>>>     auth_basic "Speak friend and enter";
>>>>
>>>>     auth_basic_user_file "/etc/nginx/htpasswd";
>>>>
>>>>
>>>>     # Make sure we don't share any Git repos just in case
>>>>
>>>>     location ~ /\.git {
>>>>
>>>>         deny all;
>>>>
>>>>     }
>>>>
>>>>
>>>>     location /robots.txt {
>>>>
>>>>         root /usr/share/nginx/www;
>>>>
>>>>     }
>>>>
>>>>
>>>>     location /artifacts/ {
>>>>
>>>>         root /var/buildsys/build-server/master/;
>>>>
>>>>         autoindex on;
>>>>
>>>>     }
>>>>
>>>>
>>>>     # Based on
>>>> http://docs.buildbot.net/latest/manual/cfg-www.html#reverse-proxy-configuration
>>>>
>>>>     location /buildbot/ {
>>>>
>>>>             proxy_pass http://localhost:8020/;
>>>>
>>>>     }
>>>>
>>>>     location /buildbot/sse/ {
>>>>
>>>>         # proxy buffering will prevent sse to work
>>>>
>>>>         proxy_buffering off;
>>>>
>>>>         proxy_pass http://localhost:8020/sse/;
>>>>
>>>>     }
>>>>
>>>>     # required for websocket
>>>>
>>>>     location /buildbot/ws {
>>>>
>>>>         proxy_http_version 1.1;
>>>>
>>>>         proxy_set_header Upgrade $http_upgrade;
>>>>
>>>>         proxy_set_header Connection "upgrade";
>>>>
>>>>         proxy_pass http://localhost:8020/ws;
>>>>
>>>>         # raise the proxy timeout for the websocket
>>>>
>>>>         proxy_read_timeout 6000s;
>>>>
>>>>     }
>>>>
>>>> }
>>>>
>>>> ~
>>>>
>>>>
>>>> On Tue, Nov 24, 2015 at 1:01 PM, Pierre Tardy <tardyp at gmail.com> wrote:
>>>>
>>>>> Hi Martin,
>>>>>
>>>>> It is currently not possible to create this configuration. I would not
>>>>> expect it to be difficult to implement.
>>>>>
>>>>> Also it is recommended indeed to use nginx in reverse proxy mode, but
>>>>> you have to take care of properly configuring it.
>>>>>
>>>>> http://docs.buildbot.net/latest/manual/cfg-www.html#reverse-proxy-configuration
>>>>>
>>>>> Pierre
>>>>>
>>>>> Le lun. 23 nov. 2015 à 10:38, Martin Vilcans <martin at librador.com> a
>>>>> écrit :
>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> I'm trying to add authorization to Buildbot's read-only web UI in
>>>>>> 0.9.0b5.
>>>>>>
>>>>>> First I did this with Nginx configured as a reverse proxy, but I
>>>>>> didn't get it to proxy the websockets, so I enabled authentication in the
>>>>>> www configuration. But I have found no way to disallow read-only access to
>>>>>> unauthenticated users. Is it possible?
>>>>>>
>>>>>> --
>>>>>> Martin Vilcans, game, web and software developer
>>>>>> E-mail <martin at librador.com> Blog <http://www.librador.com/> Twitter
>>>>>> <http://www.twitter.com/vilcans> Github <https://github.com/vilcans>
>>>>>> LinkedIn <https://www.linkedin.com/in/vilcans>
>>>>>> Resolution Games <http://www.resolutiongames.com> Screenplain
>>>>>> <http://www.screenplain.com>
>>>>>> _______________________________________________
>>>>>> users mailing list
>>>>>> users at buildbot.net
>>>>>> https://lists.buildbot.net/mailman/listinfo/users
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Martin Vilcans, game, web and software developer
>>>> E-mail <martin at librador.com> Blog <http://www.librador.com/> Twitter
>>>> <http://www.twitter.com/vilcans> Github <https://github.com/vilcans>
>>>> LinkedIn <https://www.linkedin.com/in/vilcans>
>>>> Resolution Games <http://www.resolutiongames.com> Screenplain
>>>> <http://www.screenplain.com>
>>>>
>>>> _______________________________________________
>>>> users mailing list
>>>> users at buildbot.net
>>>> https://lists.buildbot.net/mailman/listinfo/users
>>>>
>>>
>>>
>>
>>
>> --
>> Martin Vilcans, game, web and software developer
>> E-mail <martin at librador.com> Blog <http://www.librador.com/> Twitter
>> <http://www.twitter.com/vilcans> Github <https://github.com/vilcans>
>> LinkedIn <https://www.linkedin.com/in/vilcans>
>> Resolution Games <http://www.resolutiongames.com> Screenplain
>> <http://www.screenplain.com>
>>
>


-- 
Martin Vilcans, game, web and software developer
E-mail <martin at librador.com> Blog <http://www.librador.com/> Twitter
<http://www.twitter.com/vilcans> Github <https://github.com/vilcans>
LinkedIn <https://www.linkedin.com/in/vilcans>
Resolution Games <http://www.resolutiongames.com> Screenplain
<http://www.screenplain.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.buildbot.net/pipermail/users/attachments/20151125/6518dfb2/attachment.html>

More information about the users mailing list