2022-05-10T07:00:28 hello, I'd like to request ops for #oppensuse. There's only one op there and he's noot always active. Thanks 2022-05-10T08:06:38 hello, I'd like to request ops for #opensuse. There's only one op there and he's not always active. Thanks 2022-05-10T08:07:25 I am unable to log in to bugzilla? 2022-05-10T08:08:40 "works for me" 2022-05-10T08:09:39 I am just immediately returned to the login page, no error message 2022-05-10T08:10:12 bugzilla.opensuse.org ? 2022-05-10T08:10:23 yes 2022-05-10T08:10:33 weird 2022-05-10T08:11:51 funny, I have no problem logging into bugzilla.suse.com :-) 2022-05-10T08:12:52 and now I also managed to login to bugzilla.o.o 2022-05-10T08:15:05 ah now I can reproduce. I logged off then back in without closing and reopening the page 2022-05-10T08:15:43 and I could log in again after unchecking the IP restriction box 2022-05-10T08:16:45 ...and now it works with or without the ip restriction.. 2022-05-10T11:48:08 anyone awake that can help me with a login proxy problem? 🙂 2022-05-10T11:48:41 for hackweek.o.o somehow HTTP_X_FORWARDED_FOR isn't really set 2022-05-10T11:48:41 henne: I have access to daffy (for openSUSE auth) 2022-05-10T11:49:01 it's set to daffy. not the original requesting IP 2022-05-10T12:10:50 I'm not quite sure how this is done. but it is for build.o.o 🙂 2022-05-10T12:11:11 hm. this might be an apache thing says Darix https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#x-headers 2022-05-10T12:11:32 so it's me... 2022-05-10T12:11:33 why am I always at fault? 😉 2022-05-10T12:12:09 hm or not. this is supposed to add content to the header if it already exists 2022-05-10T12:15:53 bmwiedemann: is daffy using mod_proxy? 2022-05-10T12:16:16 or any other way to set this header? 2022-05-10T12:27:41 ./sysconfig.d/loadmodule.conf:LoadModule proxy_module /usr/lib64/apache2-workermod_proxy.so 2022-05-10T12:27:41 ./sysconfig.d/loadmodule.conf:LoadModule proxy_http_module /usr/lib64/apache2-worker/mod_proxy_http.so 2022-05-10T12:29:17 hm might be further at the edge... 2022-05-10T12:29:38 not on the login proxy but ha-proxy or something? 2022-05-10T12:29:56 if only I knew what I am talking about 😉 2022-05-10T12:33:31 is hackweek = dale.infra.opensuse.org (192.168.47.52) ? 2022-05-10T12:33:41 it turns out this infrastructure is complex >:D 2022-05-10T12:35:59 bmwiedemann: indeed it is 2022-05-10T12:43:02 yeah it seems for OBS we set this at the ha-proxy level 2022-05-10T12:44:56 is there even anything in front of daffy? 🙂 2022-05-10T12:47:46 https://cbonte.github.io/haproxy-dconv/2.4/configuration.html#4-option%20forwardfor 2022-05-10T12:54:39 hello, I'd like to request ops for #opensuse. There's only one op there and he's not always active. Thanks 2022-05-10T12:59:31 henne: ? 2022-05-10T13:02:09 -> LCP#0968 2022-05-10T13:02:33 what is this? 2022-05-10T13:03:29 LCP0968[m]: hello, I'd like to request ops for #opensuse. There's only one op there and he's not always active. Thanks 2022-05-10T13:03:41 can be done, I just need to know what to do tbh :P 2022-05-10T13:03:58 +O 2022-05-10T13:10:30 bmwiedemann: you also know that? 🙂 2022-05-10T13:11:14 Nothing in front of daffy. But it should be able to set that header itself. 2022-05-10T13:11:28 lcp / LCP0968[m] any chance? 2022-05-10T13:11:41 yes 2022-05-10T13:13:57 bmwiedemann: might be as easy as `ProxyAddHeaders On` 2022-05-10T13:15:00 microchip_: should be done 2022-05-10T13:16:40 lcp, than you very much :D 2022-05-10T13:17:38 added ProxyAddHeaders. and now get X-Forwarded-Proto: https 2022-05-10T13:17:38 X-Forwarded-For: (null), 2400:8902:... 2022-05-10T13:17:38 X-Forwarded-Host: id.opensuse.org 2022-05-10T13:21:55 checking 2022-05-10T13:26:26 hm. still get only 192.168.47.21 / daffy in that header... 2022-05-10T13:28:51 is 2400:8902... also daffy? 2022-05-10T13:30:53 nope 2022-05-10T13:40:44 ah, I see in the macro RequestHeader add X-Forwarded-For "%{REMOTE_ADDR}e" 2022-05-10T13:41:27 but that would apply to both hackweek and id 2022-05-10T13:42:14 hm 2022-05-10T13:42:21 could you try tcpdump -s 0 -w /tmp/http.pcap -epni private port 80 2022-05-10T13:42:39 strings /tmp/http.pcap|grep X-Forwarded 2022-05-10T13:44:36 * henne sent a code block: https://libera.ems.host/_matrix/media/r0/download/libera.chat/2d85c1630fc091f4fbd045db995647d32e25001e 2022-05-10T13:47:26 is there some limitation to port? 2022-05-10T13:47:41 because dale is listening to both :80 (osem) and :81 (hackweek) 2022-05-10T13:48:01 same dump for :81 BTW... 2022-05-10T13:48:08 the proxy forwards everything to 80 2022-05-10T13:48:25 interestingly I got X-Forwarded-For in upper-case 2022-05-10T13:48:46 probably tcpdump version or whatever... 2022-05-10T13:48:58 who is forwarding to :81 then? hehe 2022-05-10T13:49:26 grep :8 /etc/apache2/vhosts.d/*.conf 2022-05-10T13:49:26 /etc/apache2/vhosts.d/vhost-hackweek.conf: 2022-05-10T13:49:26 /etc/apache2/vhosts.d/vhost-osem.conf: 2022-05-10T13:49:55 iptables rule? 2022-05-10T13:50:20 nah 2022-05-10T13:50:35 events works on the same VM 2022-05-10T13:50:55 sure 2022-05-10T13:51:01 events == osem 2022-05-10T13:54:27 mysterious. tcpdump -epni private host 192.168.47.52 does not show anything 2022-05-10T13:54:54 is there maybe a second proxy config? 2022-05-10T13:56:30 wtf 2022-05-10T13:57:28 hm I think host only records from 2022-05-10T13:57:47 not to 2022-05-10T13:57:56 dst maybe? 2022-05-10T13:58:18 dunno, I'm the dumb in tcpdump 😉 2022-05-10T17:06:02 I think, I found it. The traffic went Client->Internet->daffy->proxy=anna -> hackweek 2022-05-10T17:09:59 OTOH maybe that detour was intentional to give heroes more flexibility on the routing without bugging SUSE... but then it would need to handle the X-Forwarded-For more carefully