Self Service from web

Jmarc · February 4, 2016, 4:13pm

Self Service from outside the network.

Finally got it to work on the lan, but now i have to get it working from the web.
USC is behind a pfsense firewall and i’ve set the NAT and rules accordingly.
When i try to connect to mypasswordsite.com i get a 503 service unavailable.
Is there anything else i need to change on UCS for this to work?

Thanks

troeder · February 5, 2016, 9:11am

Please check /var/log/univention/management-console-module-passwordreset.log and /var/log/apache2/error.log for more expressive error messages.
Do you have a proxy configured on the server?

Greetings
Daniel Tröder

Jmarc · February 5, 2016, 1:01pm

Hello Daniel,

Thanks for the response, here are two lines from the Apache2.log, That’s when i connect from within my network. Nothing happens when i try external.

[Fri Feb 05 07:54:40 2016] [error] [client 192.168.175.76] File does not exist: /var/www/ucs-overview/js/ucs/en.json, referer: password.360-innovations.com/ucs-overview/
[Fri Feb 05 07:54:52 2016] [error] [client 192.168.175.76] File does not exist: /var/www/ucs-overview/js/ucs/en.json, referer: password.360-innovations.com/ucs-overview/

Is it possible to default to https when a user tries to connect to http?

As far as i know, no proxy has been setup on that server or i can’t find it in the webgui.
Even tried to restart apache2 at some point because i changed the default univention icon for ours, and it didn’t show up.

Thanks

troeder · February 5, 2016, 1:16pm

That’s strange. If you go to

https://<your-external-address>/univention-self-service/?lang=en-US#passwordreset

do you see the password reset site at all?

ucr set apache2/force_https=trueAll HTTP connections will be redirected to HTTPS.

Greetings
Daniel

Jmarc · February 5, 2016, 1:26pm

Still get the 503 error, where are the proxy files?
I found /usr/share/univention-self-service/www/js/dojox/io/proxym but with the README file, it doesn’t seem to be just a proxy.

troeder · February 5, 2016, 1:47pm

Where do you get the 503 error?
What address is it in the browser?
What do you see in the browser?

[quote=“Jmarc”]where are the proxy files?[/quote]Never mind - it is no proxy, if you didn’t make it one.

Jmarc · February 5, 2016, 2:01pm

503 error is in the browser
Tried
password.360-innovations.com
and
69.70.184.196/univention-self-s … swordreset

This is what i see in the browser
503 Service Unavailable
No server is available to handle this request.

troeder · February 5, 2016, 2:34pm

This is not an error with the Self Service module. Your firewall (pfsense) coniguration has a problem.

You can use a simple address to verify if you have access to the webserver: 69.70.184.196/favicon.ico

Jmarc · February 5, 2016, 2:54pm

[quote=“troeder”]This is not an error with the Self Service module. Your firewall (pfsense) coniguration has a problem.

You can use a simple address to verify if you have access to the webserver: 69.70.184.196/favicon.ico[/quote]

I’m so verry sorry, a teammate used the same ip for some other web services that go through his custom proxy.
Modified fwall and it now works.

Thanks.

P.S. While you’re there, you wouldn’t know why my customisation of /usr/share/univention-self-service/www/csséheader.css is not doing anything? (new icon)
Is it somewhere else?

troeder · February 8, 2016, 8:08am

Sorry - I don’t know about the CSS. Maybe it is a caching problem - empty cache/try other browser?