Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

lib: Use client ssl config to access error target #254

Merged
merged 2 commits into from
Jan 11, 2021
Merged

lib: Use client ssl config to access error target #254

merged 2 commits into from
Jan 11, 2021

Conversation

chancez
Copy link
Contributor

@chancez chancez commented Aug 11, 2020

Fixes usage of self-signed certs with Jupyterhub with CHP.
Original issue here:
jupyterhub/zero-to-jupyterhub-k8s#1742 (comment)

@welcome
Copy link

welcome bot commented Aug 11, 2020

Thanks for submitting your first pull request! You are awesome! 🤗

If you haven't done so already, check out Jupyter's Code of Conduct. Also, please make sure you followed the pull request template, as this will help us review your contribution more quickly.
welcome
You can meet the other Jovyans by joining our Discourse forum. There is also a intro thread there where you can stop by and say Hi! 👋

Welcome to the Jupyter community! 🎉

@chancez chancez force-pushed the fix_default_error_target_https_github branch from 2d548ac to 7a99ec1 Compare August 11, 2020 17:53
@chancez chancez mentioned this pull request Aug 11, 2020
Closed
@chancez
Copy link
Contributor Author

chancez commented Aug 11, 2020

I'm not much of JS guy, so there's probably better ways to do some of this.

@consideRatio
Copy link
Member

@chancez could you describe the logic change made so i can have an easier time reviewing this PR? I'm not also great with this tech stack.

@chancez
Copy link
Contributor Author

chancez commented Sep 14, 2020

First, error-target is the URL the CHP will request if there is an error processing a request, like if a route doesn't exist.

Basically, for everything besides the error target, the CHP was using the node-http-proxy proxy object to handle sending requests to the various backends for each route. However, for the error-target, it was using it's own logic. This logic used a default HTTP client, and basically took the headers and body of the response and returned those as the response for the current request.

This is problematic, because the HTTP client, using it's defaults, obviously cannot validate self-signed certificates. Instead of using it's our own HTTP client to make requests to the error target, it uses the proxy object from node-http-proxy to do the request, just like it does for any other routes. The proxy object is configured with the CAs to validate self-signed certificate, so it fixes the issue. In addition, it makes the handling of errors the same as handling other requests for these purposes. This simplifies the logic of returning the response as well, since it's not error prone to copying the data/headers from the upstream response.

@consideRatio
Copy link
Member

This sounds sensible to me @chancez, I fail to resolve the CI errors or understand this in depth enough to make this PR go through at this point. Should we request help?

@chancez
Copy link
Contributor Author

chancez commented Oct 26, 2020

Yeah, I'm not sure. I've been running this in production for a few months, so anything to get it merged would be great.

@minrk minrk force-pushed the fix_default_error_target_https_github branch 2 times, most recently from a637870 to 98caf88 Compare January 11, 2021 11:59
@minrk minrk force-pushed the fix_default_error_target_https_github branch from 98caf88 to 6a84567 Compare January 11, 2021 13:25
@minrk minrk changed the title lib: Use proxy to access default error target lib: Use client ssl config to access error target Jan 11, 2021
@minrk minrk merged commit 52f2806 into jupyterhub:master Jan 11, 2021
@welcome
Copy link

welcome bot commented Jan 11, 2021

Congrats on your first merged pull request in this project! 🎉
congrats
Thank you for contributing, we are very proud of you! ❤️

@minrk
Copy link
Member

minrk commented Jan 11, 2021

Thanks for your patience on this one!

@consideRatio consideRatio mentioned this pull request Feb 2, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
bug help wanted
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@chancez @consideRatio @minrk