public hostname issue about kappa HOT 38 CLOSED

meh screw it I'll just not be lazy and use dns

from kappa.

Ha, sorry. Was just about to start digging into this. Can you give a little more detail as to your setup just for my edification? We do use the 'vhost' setting, but I noticed it's not getting set in the default config. Not sure if I'm reading the bug correctly to say if that's related or not.

From: TJ Holowaychuk [[email protected]]
Sent: Monday, December 02, 2013 1:03 PM
To: paypal/kappa
Subject: Re: [kappa] public hostname issue (#11)

meh screw it I'll just not be lazy and use dns

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/11#issuecomment-29657224.

from kappa.

oh wow sorry i completely missed that option! that should do it

from kappa.

@totherik does kappa have https/basic auth support or anything? or what do you recommend for securing the registry?

from kappa.

You could front it with nginx and drop in it's basic auth module

Also see: http://word.bitly.com/post/47548678256/google-auth-proxy for other ideas

from kappa.

ill chuck a little express thing in front for now, hopefully npm supports it haha

from kappa.

It doesn't do anything out of the box right now. From an auth & auth perspective we allow anonymous read access and then use couch/npm for managing package ownership. For TLS/SSL, we got in the habit of not terminating SSL in node itself but you may be able to merely configure to enable it. Lemme investigate and get back to you.

from kappa.

not a huge deal to chuck something in front, but might be worth mentioning in the docs so people aren't exposing their private stuff. I'm adding --auth to serve(1) in npm so people can just npm install -g serve and launch something quickly

from kappa.

yeah, good call! Do you happen to know if/how npm deals with something like basic auth? If I run npm install --save foobar would npm know to prompt for credentials?

from kappa.

Or are you thinking the creds would just be in the registry url one configures via npm config set registry?

from kappa.

seems like it doesn't via the url at least, I opened an issue, and npm config set strict-ssl 0 for self-signed

from kappa.

now I'm getting these from hapi, whatever they're supposed to mean:

2013-12-02T23:19:33.688Z HAPI,HANDLER,ERROR {"msec":0.15241800248622894}
2013-12-02T23:19:33.689Z HAPI,RESPONSE,ERROR unspecified
2013-12-02T23:19:33.689Z INFO,REQUEST 172.17.42.1 PUT /-/user/org.couchdb.user:segment 404
2013-12-02T23:22:29.568Z HAPI,HANDLER,ERROR {"msec":0.1394440084695816}
2013-12-02T23:22:29.569Z HAPI,RESPONSE,ERROR unspecified
2013-12-02T23:22:29.569Z INFO,REQUEST 172.17.42.1 PUT /-/user/org.couchdb.user:segment 404
2013-12-02T23:22:41.398Z HAPI,HANDLER,ERROR {"msec":0.1546669900417328}
2013-12-02T23:22:41.400Z HAPI,RESPONSE,ERROR unspecified

unspecified error? I guess I probably have to add user:pass to .vhost

from kappa.

ugh nope

from kappa.

are you seeing that with basic auth or is kappa just broken for you right now?

from kappa.

trying a rebuild, seems like maybe couch is fucked now haha. private npm ftl. It worked fine until I added basic auth so something isn't playing nice. If you guys are relaying Authorization is it maybe because npm is trying to use that for an npm user? instead of authorizing with nginx? I'm not sure how npm sends creds but if that's how then they're just going to collide, hmm I'll try doing npm adduser from the instance

from kappa.

I also noticed the default docker config just points at http://${hostname}:5984 for the first registry, but if that's a couchdb app w/out vhost it'll prob need to be something like http://${hostname}:5984/registry/_design/ghost/_rewrite/ That's how I have it running locally at least.

from kappa.

no luck with that :(, hunting some more, nginx does still pass the authorization header field so I don't get how it works completely fine without it

from kappa.

@totherik is this supposed to happen? I'm in the container, I thought that 404 was from couch at first (I'm a couch newb) but seems like it's kappa:

$ curl http://bae2c8a28529:5984/
{"db_name":"registry","doc_count":5,"doc_del_count":0,"update_seq":5,"purge_seq":0,"compact_running":false,"disk_size":77928,"data_size":62808,"instance_start_time":"1386030800929572","disk_format_version":6,"committed_update_seq":5}

 $ curl http://0.0.0.0:1337/
{"code":404,"error":"Not Found" }

conf:

{
    "servers": [
        {
            "host": "0.0.0.0",
            "port": 1337
        }
    ],
    "plugins": {
        "kappa": [
            {},
            { "vhost": "registry.segment.io",
                "paths": [
                    "http://bae2c8a28529:5984/",
                    "https://registry.npmjs.org/",
                    "http://npm.nodejs.org.au:5984/registry/_design/app/_rewrite"
                ]
            }
        ]
    }
}

maybe vhost is not what i was looking for, I just wanted a way to get npm to request from registry.segment.io instead of http://bae2c8a28529:5984/, not the Host routing. Here's the issue now when I disable the vhost thing:

npm http GET https://registry.segment.io/s-db
npm http 404 https://registry.segment.io/s-db
npm http GET http://registry:5984/s-db/-/s-db-1.0.0.tgz
npm ERR! fetch failed http://registry:5984/s-db/-/s-db-1.0.0.tgz
npm http GET http://registry:5984/s-db/-/s-db-1.0.0.tgz
npm ERR! fetch failed http://registry:5984/s-db/-/s-db-1.0.0.tgz

from kappa.

I'm trying to catch up/repro... have the docker container up and running as described by the docker-npmjs and I'm able to hit it externally just fine.

After jumping into the container I ran these:

$ curl http://localhost:5984/
{"couchdb":"Welcome","uuid":"373cadaf9f377ae7f0f0c57454379793","version":"1.4.0","vendor":{"version":"1.4.0","name":"The Apache Software Foundation"}}

$ curl http://0.0.0.0:1337
{"db_name":"registry","doc_count":4,"doc_del_count":0,"update_seq":4,"purge_seq":0,"compact_running":false,"disk_size":73826,"data_size":62367,"instance_start_time":"1386033137809980","disk_format_version":6,"committed_update_seq":4}

$ curl http://0.0.0.0:1337/express
{"_id":"express","_rev":"564-94e62bb9dfbba14c68a4de03f8036967","name":"express","description":"Sinatra inspired web development framework","dist-tags":{"latest":"3.4.6"},"versions":{"0.14.0":{"name":"express","description":"Sinatra inspired web development framework","version":"0.14.0"...

Did you configure a vhost? I wonder what's different

from kappa.

on to something weird, it works fine on my machine but not my ubuntu vm, same npmrc, same version of npm, same node, makes no sense to me but don't worry about looking into it, must be something messed up with my vm

from kappa.

i wondering where npm was getting the tarball urls, but i see now that it's baked right into the couchdb documents, so I guess it just grabs hostname and shoves that in couch? haha, need to investigate that a bit, but that's definitely the issue

from kappa.

ok, whew this was supposed to be easy! lol. so yeah, I was worried you might had left the change in your config that added /registry/_design/ghost/_rewrite/ for the first registry (I later found out it was definitely unnecessary b/c docker-npmjs does it for you via vhosts). Otherwise, yes, I'm 99.999 percent sure npm just uses hostname to create the url to the tarballs.

from kappa.

soooo weird, I've confirmed that http://registry.segment.io/s-db/-/s-db-1.0.0.tgz is what's being sent to kappa for .tarball but it still comes back as http://79789d300843:5984/s-db/-/s-db-1.0.0.tgz

from kappa.

OMG https://github.com/isaacs/npmjs.org/blob/master/registry/shows.js#L77
haha k dammit, finally this is starting to make sense, I guess kappa doesn't relay Host? I've got nginx passing it on (if I use .vhost nothing works at all), could we add support for X-Forwarded-Host or something?

from kappa.

hahha and then that fucks with https://github.com/terinjokes/docker-npmjs/blob/master/scripts/startup.sh#L2, inceptionnnn

from kappa.

Ahh, so in our installation we have most of this commented out; everything inside // legacy kludge and // end kludge

from kappa.

I'm going to try removing this stuff from startup.sh, should work after that i think

from kappa.

not sure why he does all of that when localhost works just fine, all this host magic is mind-fucking me hahaha

from kappa.

Yeah, we removed the kludge because npm generates the tarball path on the client

from kappa.

Don't make me support the kludge!! HAH!

from kappa.

How did you manage that? I swear this software works. 😬

from kappa.

k segment-boneyard@1f93798 fixes that last issue haha, finally a working npm registry!

from kappa.

Killer... issue filed: #13

from kappa.

oh cleared my npm cache and now it's broken hahahahah, might have to republish or something, been a long day yikes

from kappa.

ok so i can't change that vhost thing for couch now it produces the wrong tarball shit again haha, fuck it, going to fork npm

from kappa.

f-yeahhh

from kappa.

sorry for all the noise by the way haha

from kappa.

no worries at all! npm can be a PITA so we want to make it as easy as possible. If this helps flush out pain points it's not noise at all.

from kappa.