Page MenuHomePhabricator
Create Task
Maniphest T7097

Following documentation on Aphlict+nginx results in empty client-port for Aphlict
Closed, DuplicatePublic
Actions

Description

When using nginx to route WebSockets traffic, documentation specifies that notification.client-uri should be set to http://localhost/ws/resulting in Aphlict client-port argument being set to an empty string. notification.client-uri should be set to http://localhost:22280/ws/ instead, or when parsing the uri, no empty client-port should be sent to Aphlict in order to use the default client port.
Aphlict should probably check the passed value is not empty before overwriting the default one.

Related Objects

Event Timeline

pmoreau created this task.Feb 1 2015, 12:38 AM
pmoreau raised the priority of this task from to Needs Triage.
pmoreau updated the task description. (Show Details)
pmoreau added projects: Aphlict, Documentation.
pmoreau added a subscriber: pmoreau.
epriestley added subscribers: epriestley, joshuaspence.Feb 1 2015, 12:48 AM

Out of curiosity, what's your reasoning for passing this through nginx instead of configuring a direct connection?

pmoreau added a comment.Feb 1 2015, 12:54 AM

Getting through nginx I don't need to open another port in my firewall - I tend to close everything, and use SSH tunnels to connect to my IRC bouncer and so on - and I don't have to authorise aphlict to read my SSL private key as nginx is already configured to use SSL.

joshuaspence added a comment.Feb 1 2015, 1:05 AM

I think I fixed this in D11423, particularly:

$client_port = coalesce($this->clientPort, $client_uri->getPort());
if ($client_port) {
  $server_argv[] = '--client-port='.$client_port;
}
joshuaspence claimed this task.Feb 1 2015, 8:06 AM

I have a few ideas on how to improve this.

pmoreau added a comment.Feb 1 2015, 2:42 PM

Cool! :-)

The client-port parameter is parsed from notification.client-uri and automatically passed as an argument to aphlict start. Could the same behaviour be added to client-host? Maybe I should create a new task for that.

pmoreau added a comment.Feb 1 2015, 4:16 PM

Some more comments, now that I managed to get it working - aka. the server receives connection from Phabricator, though it creates a new listener every 2 seconds and they never disconnect (due to passing through nginx?).

Setting a port in notification.client-uri sets it for client-port for the Aphlict daemon, but also for the WebSocket uri used by the "Phabricator web interface" (seems logical). However, if using nginx as a passthrough, we don't want to set a custom port for the WebSocket uri - as we will use either port 80 or 443-, only the client-port should be customised.

magnetik added a subscriber: magnetik.Feb 3 2015, 1:45 PM
joshuaspence triaged this task as Normal priority.Feb 3 2015, 7:30 PM
jefferai added a subscriber: jefferai.Apr 7 2015, 11:29 PM

Regarding use cases, I have TLS locked down in Nginx and neither want to maintain a TLS configuration in multiple places nor even understand how to properly configure cipher suites, stapling, and other such things in the aphlict daemon (if it's even possible). A reverse proxy allows me to re-use my known good TLS configuration.

There's actually nothing wrong with the configuration in documentation, it's simply missing a piece of information (that you need to specify the port when starting aphlict). So that's the super easy fix.

The better fix, IMHO, would be to have aphlict use its default port if no port can be parsed from the URI, rather than its current behavior of simply not starting a listener.

mirrom added a subscriber: mirrom.Apr 8 2015, 12:38 AM
alexandros.tsourakis added a subscriber: alexandros.tsourakis.May 21 2015, 7:44 PM
tycho.tatitscheff mentioned this in T8982: Aphlict wont LISTEN to 22280 if notification.client-uri is switch to /ws (nginx).Jul 28 2015, 12:54 PM
epriestley merged a task: T9607: separate client-uri and client-port options for aphlict.Oct 20 2015, 10:38 PM
epriestley added a subscriber: eadler.
eadler added projects: Restricted Project, FreeBSD.Jan 9 2016, 12:49 AM
eadler moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
pmoreau mentioned this in T10276: Aphlict option parsing for empty values.Feb 4 2016, 2:35 PM
beber added a subscriber: beber.Feb 13 2016, 5:20 PM
epriestley moved this task from Backlog to vNext on the Aphlict board.Mar 30 2016, 1:59 PM
epriestley added a comment.Mar 30 2016, 2:10 PM

I plan to separate this configuration and make these options all explicit, see T10697.

epriestley closed this task as a duplicate of T10697: Move Aphlict server configuration to a separate configuration file.Mar 30 2016, 2:10 PM
Phabricator · Built by Phacility