AppSuite:Debugging production servers: Difference between revisions

From Open-Xchange
(generate host key without password, since there currently is no easy way to provide a password to the connect middleware and it's cumbersome anyway)
(Replaced content with "The content on this page has moved to https://documentation.open-xchange.com/latest/ui/miscellaneous/debugging-prodserver.html Note: Open-Xchange is in the process of mig...")
 
(One intermediate revision by one other user not shown)
Line 1: Line 1:
{{Stability-experimental}}
The content on this page has moved to https://documentation.open-xchange.com/latest/ui/miscellaneous/debugging-prodserver.html
<div class="title">Debugging production servers</div>


A how-to for debugging your local UI plugin in combination with production and staging servers, which use redirects, HTTPS, and other things which break with the auto-generated Grunt configuration.
Note: Open-Xchange is in the process of migrating all its technical documentation to a new and improved documentation system (documentation.open-xchange.com). Please note as the migration takes place more information will be available on the new system and less on this system. Thank you for your understanding during this period of transition.
 
== Introduction ==
 
Not everybody has access to a dedicated test server. Sometimes, a plugin requires a backend system which is hard to access outside of existing infrastructure. And sometimes, a bug appears only on a production server. There are many reasons why a server which is used by <tt>grunt dev</tt> can not be reconfigured and has to be used as-is.
 
The most frequent reason, why debugging with a remote server fails, is a redirect to an external login page. After the login, the browser is usually redirected to the original domain, and all the cookies used for authentication are also set for that domain, not http://localhost:8337, where Grunt listens.
 
The solution is to use grunt as an HTTP proxy server, which intercepts all requests to the server's domain.
 
In this article, <tt>''example.com''</tt> is user for the server domain, which you should replace by the real domain of the OX server.
 
== Configuring Grunt ==
 
Following is an example <tt>grunt/local.conf.json</tt> file:
 
{
    "proxy": true,
    "appserver": {
        "protocol": "https",
        "livereload": false,
        "server": "https://''example.com''/''custom-path''/",
        "path": "/''custom-path''/",
        "rejectUnauthorized": false,
        "verbose": [],
        "prefixes": [
            "build/",
            "../../web/ui/build"
        ],
        "manifests": [
            "build/manifests/",
            "../../web/ui/build/manifests"
        ]
    },
    "debug": true,
    "coreDir": "../../web/ui/build"
}
 
The relevant settings are:
 
;<tt>"proxy": true</tt>
: instructs Grunt to start an HTTP proxy on port 8080. Note that the value is outside the <tt>"appserver"</tt> section.
;<tt>"protocol": "https"</tt>
: to use HTTPS on port 8337.
;<tt>"livereload": false</tt>
: because LiveReload can't be proxied.
;<tt>"path": "/''custom-path''/"</tt>
: must correspond to the path in the <tt>"server"</tt> entry and will in most cases be <tt>"/appsuite/"</tt>.
;<tt>"rejectUnauthorized": false</tt>
: is helpful with certificate problems, especially for integration tests of the login mechanism on a POC system with self-signed certificates.
;<tt>"index": "/"</tt>
: If the main path uses an HTTP redirect for a custom login page, then the initial request should not be intercepted by Grunt. Adding this entry in the <tt>"appserver"</tt> section disables the interception. This has two side-effects:
:# The main HTML file is always served by the original server, and therefore
:# The timestamps used for cache-busting are not updated by Grunt.
:Unfortunately, this means clearing the cache will be required more often. If that becomes too much overhead, you can log in, then remove the option and restart Grunt.
 
== Generating certificates ==
 
To avoid unnecessary warnings in the browser, Grunt can use a set of certificates which are trusted by the browser. For local use, a self-created CA should be enough. By default, Grunt looks for the certificates in the subdirectory <tt>ssl</tt>, so you can create them there with the following commands:
 
mkdir ssl
cd ssl
openssl req -x509 -newkey rsa:4096 -keyout rootCA.key -days 3650 -out rootCA.crt
openssl req -newkey rsa:4096 -nodes -keyout host.key -out host.csr
 
While most data entered for the certificates doesn't matter, the Common Name for the certificate signing request in the second <tt>openssl</tt> command must match the domain of the <tt>"server"</tt> setting in <tt>local.conf.json</tt>. Alternatively, it can be a higher domain with a wildcard, e.g. <tt>*.example.com</tt> for <tt>"server": "https://my.example.com/appsuite/"</tt>.
 
openssl x509 -req -in host.csr -CA rootCA.crt -CAkey rootCA.key \
        -CAcreateserial -out host.crt -days 365
 
<tt>host.csr</tt> is only temporary and can be deleted now. Only the files <tt>rootCA.crt</tt>, <tt>host.key</tt> and <tt>host.crt</tt> are used by Grunt. The <tt>rootCA.*</tt> files can be reused to create multiple host certificates. The first <tt>openssl</tt> command then only needs to be executed once. The <tt>host.*</tt> files can also be reused as long as the domain(-wildcard) matches.
 
The file <tt>rootCA.crt</tt> needs to be imported into your browser as a trusted certificate authority (only once, if you are going to reuse the <tt>rootCA.*</tt> files). For Firefox, look in Preferences &rarr; Advanced &rarr; Certificates &rarr; View Certificates &rarr; Authorities &rarr; Import...
For Chrome, look in Settings &rarr; Show advanced settings... &rarr; HTTPS/SSL &rarr; Manage certificates... &rarr; Authorities &rarr; Import...
Since the authority can sign certificates for any domain, and its key is not protected much, it's better to not use the browser(-profile) which trusts this authority for normal Internet browsing.
 
== Launching the browser ==
 
After starting the proxy with <tt>grunt dev</tt>, you just need to use it when debugging your code in the browser. Most browsers have their own proxy settings, which override system-wide settings. They also respect environment variables like <tt>http_proxy</tt>.
 
http_proxy=http://localhost:8080 firefox
 
Chrome does not have its own settings (it starts the global settings dialog) and it ignores <tt>http_proxy</tt>. Instead, you have to use a command line parameter:
 
chromium --proxy-server=http://localhost:8080

Latest revision as of 09:59, 22 May 2017

The content on this page has moved to https://documentation.open-xchange.com/latest/ui/miscellaneous/debugging-prodserver.html

Note: Open-Xchange is in the process of migrating all its technical documentation to a new and improved documentation system (documentation.open-xchange.com). Please note as the migration takes place more information will be available on the new system and less on this system. Thank you for your understanding during this period of transition.