Re: [thredds] TDS and HTTPS

When I get some time, we will be setting up a test service.  My brief 
experience with some libraries in Python and R, assuming I did things correctly 
which may not be the case, is that they won’t handle the redirect properly.  
Moreover, for many of the users I can’t be certain as to exactly what they are 
using to get the data. 

It is pretty clear that when the executive order was made they were thinking of 
web pages accessed by modern web browsers.  In those cases, a redirect will 
work fine.  I do not think they thought a lot about web services accessed by 
scripts, and whether those would work okay.  Or if they did, they are assuming 
a closed, readily accessed environment, that can readily be notified of a 
change like that.  However, that is not the environment we operate in.  We have 
100’s if not 1000’s of outside users who routinely access our data services 
using scripts.  Even if we can run http and https side by side will be okay,  
For those who want assurance of who they are connecting to, https.  

And when we get a test site up, I will do some timings.  We get some very big 
requests from users, if using https truly slows things down that much, ouch.

-Roy




> On Dec 22, 2015, at 1:16 PM, John Caron <jcaron1129@xxxxxxxxx> wrote:
> 
> usually with libraries like curl, apps like wget will handle the redirects 
> transparently, but of course one must test....
> 
> On Tue, Dec 22, 2015 at 1:49 PM, Roy Mendelssohn - NOAA Federal 
> <roy.mendelssohn@xxxxxxxx> wrote:
> Our problem is we have services used by 100’s of people in scripts, and this 
> will likely break them all, as in many languages even f there is a redirect, 
> the script can’t handle the response.
> 
> -roy
> > On Dec 22, 2015, at 12:09 PM, Gerry Creager - NOAA Affiliate 
> > <gerry.creager@xxxxxxxx> wrote:
> >
> > Just to touch on the subject of exemptions, We've tried and been denied. 
> > We're encrypting everything. No, scientific data use cases were not 
> > considered, but that's not done us much good to date.
> >
> > Gerry
> >
> > On Fri, Dec 18, 2015 at 1:05 PM, Antonio S. Cofiño <cofinoa@xxxxxxxxx> 
> > wrote:
> > AJP protocol is configured ProxyPass using the mod_proxy_ajp
> > ProxyPass /app ajp://backend.example.com:8009/app
> >
> > may be you mean using a directly the http protocol for proxying the backend
> > ProxyPass /app http://backend.example.com:8080/app
> >
> > ajp, is more convenient because simplify the things and make transparent 
> > the proxying process to tomcat connector, i.e. the info about the SSL 
> > connection between the frontend and client.
> >
> > Here there is some doc:
> > https://tomcat.apache.org/connectors-doc/common_howto/proxy.html
> >
> > http protocol, can be also repleace ajp, but you need to make some 
> > "plumbing" with HTTP headers and tomcat connectors
> >
> > Antonio
> >
> > El 18/12/2015 a las 19:39, Guan Wang escribió:
> >> Hi John,
> >>
> >>
> >> Is AJP having any advantage particularly over ProxyPass?
> >>
> >>
> >> Thanks,
> >>
> >>
> >> Guan
> >>
> >>
> >> From: thredds-bounces@xxxxxxxxxxxxxxxx 
> >> [mailto:thredds-bounces@xxxxxxxxxxxxxxxx] On Behalf Of John Caron
> >> Sent: Friday, December 18, 2015 12:56 PM
> >> To: James Gallagher
> >> Cc: THREDDS THREDDS
> >> Subject: Re: [thredds] TDS and HTTPS
> >>
> >>
> >> I agree, an Apache front end is a simple and standard thing to do.
> >>
> >>
> >> AFAIU, the user still is using SSL encryption, its just that Apache is 
> >> doing that instead of Tomcat. So it would be good for any of us to make 
> >> some measurements comparing large binary data transfers.
> >>
> >>
> >> On Fri, Dec 18, 2015 at 10:42 AM, James Gallagher <jgallagher@xxxxxxxxxxx> 
> >> wrote:
> >>
> >>
> >> On Dec 18, 2015, at 9:06 AM, Steve Ansari - NOAA Federal 
> >> <steve.ansari@xxxxxxxx> wrote:
> >>
> >>
> >> Sure - I'll follow up offline.
> >>
> >>
> >> Steve
> >>
> >>
> >>
> >> On Fri, Dec 18, 2015 at 11:04 AM, Roy Mendelssohn - NOAA Federal 
> >> <roy.mendelssohn@xxxxxxxx> wrote:
> >>
> >> Hi Steve
> >>
> >> I was hoping that would work.  That any proxying, whether AJP or other, 
> >> would be hidden.  I have had problems in the past getting AJP proxying to 
> >> work, if I need to do that.  Can  you send me (offline) the part of you 
> >> httpd.conf where you proxy over to tomcat using AJP?
> >>
> >>
> >> We have had good success using Apache & AJP. Apache as a front end 
> >> provides a number of options, particularly WRT authentication and this 
> >> might provide for a compromise should HTTPS be too much of a bottle neck. 
> >> I have not tested the impact of HTTPS compared to HTTP (it would be easy 
> >> enough to do using simple file transfers).
> >>
> >>
> >> James
> >>
> >>
> >>
> >>
> >> Thanks,
> >>
> >> -Roy
> >>
> >>
> >> > On Dec 18, 2015, at 7:59 AM, Steve Ansari - NOAA Federal 
> >> > <steve.ansari@xxxxxxxx> wrote:
> >> >
> >> > Hey Roy,
> >> >
> >> > We are using Apache to handle all the HTTPS stuff.  Apache then forwards 
> >> > requests to Tomcat and TDS using AJP.
> >> > https://tomcat.apache.org/tomcat-7.0-doc/config/ajp.html
> >> >
> >> > Our TDS:
> >> > https://www.ncdc.noaa.gov/thredds/catalog.html
> >> >
> >> >
> >> > Steve
> >> >
> >> >
> >> > On Fri, Dec 18, 2015 at 10:29 AM, Roy Mendelssohn - NOAA Federal 
> >> > <roy.mendelssohn@xxxxxxxx> wrote:
> >> > Hi All:
> >> >
> >> > As I hope you know, the Federal government is required to migrate to 
> >> > https for all services in the next1.5 years.  My question is can the TDS 
> >> > work with https? If so, can you point me to any documents or what 
> >> > changes, if any, need to be made to use https.  If not, are there plans 
> >> > to incorporate this ability into TDS?
> >> >
> >> > Thanks,
> >> >
> >> > -Roy
> >> >
> >> >
> >> >
> >> > **********************
> >> > "The contents of this message do not reflect any position of the U.S. 
> >> > Government or NOAA."
> >> > **********************
> >> > Roy Mendelssohn
> >> > Supervisory Operations Research Analyst
> >> > NOAA/NMFS
> >> > Environmental Research Division
> >> > Southwest Fisheries Science Center
> >> > ***Note new address and phone***
> >> > 110 Shaffer Road
> >> > Santa Cruz, CA 95060
> >> > Phone: (831)-420-3666
> >> > Fax: (831) 420-3980
> >> > e-mail: Roy.Mendelssohn@xxxxxxxx www: http://www.pfeg.noaa.gov/
> >> >
> >> > "Old age and treachery will overcome youth and skill."
> >> > "From those who have been given much, much will be expected"
> >> > "the arc of the moral universe is long, but it bends toward justice" 
> >> > -MLK Jr.
> >> >
> >> > _______________________________________________
> >> > thredds mailing list
> >> > thredds@xxxxxxxxxxxxxxxx
> >> > For list information or to unsubscribe,  visit: 
> >> > http://www.unidata.ucar.edu/mailing_lists/
> >> >
> >> >
> >> >
> >> > --
> >> > Steve Ansari
> >> > Physical Scientist
> >> > NOAA National Centers for Environmental Information (NCEI)
> >> > (828) 271-4611
> >> >
> >> > The newly formed NCEI merges the National Oceanographic Data Center 
> >> > (NODC), the National Climatic Data Center (NCDC), and the National 
> >> > Geophysical Data Center (NGDC).
> >>
> >> **********************
> >> "The contents of this message do not reflect any position of the U.S. 
> >> Government or NOAA."
> >> **********************
> >> Roy Mendelssohn
> >> Supervisory Operations Research Analyst
> >> NOAA/NMFS
> >> Environmental Research Division
> >> Southwest Fisheries Science Center
> >> ***Note new address and phone***
> >> 110 Shaffer Road
> >> Santa Cruz, CA 95060
> >> Phone: (831)-420-3666
> >> Fax: (831) 420-3980
> >> e-mail: Roy.Mendelssohn@xxxxxxxx www: http://www.pfeg.noaa.gov/
> >>
> >> "Old age and treachery will overcome youth and skill."
> >> "From those who have been given much, much will be expected"
> >> "the arc of the moral universe is long, but it bends toward justice" -MLK 
> >> Jr.
> >>
> >>
> >>
> >>
> >> --
> >>
> >> Steve Ansari
> >>
> >> Physical Scientist
> >>
> >> NOAA National Centers for Environmental Information (NCEI)
> >>
> >> (828) 271-4611
> >>
> >>
> >> The newly formed NCEI merges the National Oceanographic Data Center 
> >> (NODC), the National Climatic Data Center (NCDC), and the National 
> >> Geophysical Data Center (NGDC).
> >>
> >> _______________________________________________
> >> thredds mailing list
> >> thredds@xxxxxxxxxxxxxxxx
> >> For list information or to unsubscribe,  visit: 
> >> http://www.unidata.ucar.edu/mailing_lists/
> >>
> >>
> >> --
> >>
> >> James Gallagher
> >> jgallagher@xxxxxxxxxxx
> >>
> >>
> >>
> >> _______________________________________________
> >> thredds mailing list
> >> thredds@xxxxxxxxxxxxxxxx
> >> For list information or to unsubscribe,  visit: 
> >> http://www.unidata.ucar.edu/mailing_lists/
> >>
> >>
> >>
> >>
> >> _______________________________________________
> >> thredds mailing list
> >>
> >> thredds@xxxxxxxxxxxxxxxx
> >>
> >> For list information or to unsubscribe,  visit:
> >> http://www.unidata.ucar.edu/mailing_lists/
> >
> >
> > _______________________________________________
> > thredds mailing list
> > thredds@xxxxxxxxxxxxxxxx
> > For list information or to unsubscribe,  visit: 
> > http://www.unidata.ucar.edu/mailing_lists/
> >
> >
> >
> > --
> > Gerry Creager
> > NSSL/CIMMS
> > 405.325.6371
> > ++++++++++++++++++++++
> > “Big whorls have little whorls,
> > That feed on their velocity;
> > And little whorls have lesser whorls,
> > And so on to viscosity.”
> > Lewis Fry Richardson (1881-1953)
> > _______________________________________________
> > thredds mailing list
> > thredds@xxxxxxxxxxxxxxxx
> > For list information or to unsubscribe,  visit: 
> > http://www.unidata.ucar.edu/mailing_lists/
> 
> **********************
> "The contents of this message do not reflect any position of the U.S. 
> Government or NOAA."
> **********************
> Roy Mendelssohn
> Supervisory Operations Research Analyst
> NOAA/NMFS
> Environmental Research Division
> Southwest Fisheries Science Center
> ***Note new address and phone***
> 110 Shaffer Road
> Santa Cruz, CA 95060
> Phone: (831)-420-3666
> Fax: (831) 420-3980
> e-mail: Roy.Mendelssohn@xxxxxxxx www: http://www.pfeg.noaa.gov/
> 
> "Old age and treachery will overcome youth and skill."
> "From those who have been given much, much will be expected"
> "the arc of the moral universe is long, but it bends toward justice" -MLK Jr.
> 
> _______________________________________________
> thredds mailing list
> thredds@xxxxxxxxxxxxxxxx
> For list information or to unsubscribe,  visit: 
> http://www.unidata.ucar.edu/mailing_lists/
> 

**********************
"The contents of this message do not reflect any position of the U.S. 
Government or NOAA."
**********************
Roy Mendelssohn
Supervisory Operations Research Analyst
NOAA/NMFS
Environmental Research Division
Southwest Fisheries Science Center
***Note new address and phone***
110 Shaffer Road
Santa Cruz, CA 95060
Phone: (831)-420-3666
Fax: (831) 420-3980
e-mail: Roy.Mendelssohn@xxxxxxxx www: http://www.pfeg.noaa.gov/

"Old age and treachery will overcome youth and skill."
"From those who have been given much, much will be expected" 
"the arc of the moral universe is long, but it bends toward justice" -MLK Jr.



  • 2015 messages navigation, sorted by:
    1. Thread
    2. Subject
    3. Author
    4. Date
    5. ↑ Table Of Contents
  • Search the thredds archives: