Hi James:
Thanks, but the scripts are most likely just doing an http GET. From a quick
look, not all http libraries in all languages are set up to handle redirects.
But the surest way I know of finding out is setting up a test site and then
testing.
Have a good holiday.
-Roy
> On Dec 22, 2015, at 2:22 PM, James Gallagher <jgallagher@xxxxxxxxxxx> wrote:
>
> On December 22, 2015 at 3:01:08 PM, Roy Mendelssohn - NOAA Federal
> (roy.mendelssohn@xxxxxxxx) wrote:
>> When I get some time, we will be setting up a test service. My brief
>> experience with some libraries in Python and R, assuming I did things
>> correctly which may not be the case, is that they won’t handle the redirect
>> properly. Moreover, for many of the users I can’t be certain as to exactly
>> what they are using to get the data.
> Modern versions of the netCDF C (and Java?) library handle these redirects
> (as well as those involved in authentication). There are a number of
> institutional users that are pushing pretty hard on this so, if your users
> are accessing via python using netCDF C (or R using netCDF C, …), then I
> think so long as those tools are using recent versions of the library, it’s
> going to work.
>
>>
>>
>> It is pretty clear that when the executive order was made they were thinking
>> of web pages accessed by modern web browsers. In those cases, a redirect
>> will work fine. I do not think they thought a lot about web services
>> accessed by scripts, and whether those would work okay. Or if they did, they
>> are assuming a closed, readily accessed environment, that can readily be
>> notified of a change like that. However, that is not the environment we
>> operate in. We have 100’s if not 1000’s of outside users who routinely
>> access our data services using scripts. Even if we can run http and https
>> side by side will be okay, For those who want assurance of who they are
>> connecting to, https.
> Generally, I think you’re correct - the folks who made up this order do not
> have ‘programatic access’ in mind. NASA does, however, and things like its
> URS system (based on OAuth2) work with scripted access.
>
>>
>>
>> And when we get a test site up, I will do some timings. We get some very big
>> requests from users, if using https truly slows things down that much, ouch.
> Yeah, that’s a real issue.
>
> James
>
>>
>>
>> -Roy
>>
>>
>>
>>
>> > On Dec 22, 2015, at 1:16 PM, John Caron <jcaron1129@xxxxxxxxx> wrote:
>> >
>> > usually with libraries like curl, apps like wget will handle the redirects
>> > transparently, but of course one must test....
>> >
>> > On Tue, Dec 22, 2015 at 1:49 PM, Roy Mendelssohn - NOAA Federal
>> > <roy.mendelssohn@xxxxxxxx> wrote:
>> > Our problem is we have services used by 100’s of people in scripts, and
>> > this will likely break them all, as in many languages even f there is a
>> > redirect, the script can’t handle the response.
>> >
>> > -roy
>> > > On Dec 22, 2015, at 12:09 PM, Gerry Creager - NOAA Affiliate
>> > > <gerry.creager@xxxxxxxx> wrote:
>> > >
>> > > Just to touch on the subject of exemptions, We've tried and been denied.
>> > > We're encrypting everything. No, scientific data use cases were not
>> > > considered, but that's not done us much good to date.
>> > >
>> > > Gerry
>> > >
>> > > On Fri, Dec 18, 2015 at 1:05 PM, Antonio S. Cofiño <cofinoa@xxxxxxxxx>
>> > > wrote:
>> > > AJP protocol is configured ProxyPass using the mod_proxy_ajp
>> > > ProxyPass /app ajp://backend.example.com:8009/app
>> > >
>> > > may be you mean using a directly the http protocol for proxying the
>> > > backend
>> > > ProxyPass /app http://backend.example.com:8080/app
>> > >
>> > > ajp, is more convenient because simplify the things and make transparent
>> > > the proxying process to tomcat connector, i.e. the info about the SSL
>> > > connection between the frontend and client.
>> > >
>> > > Here there is some doc:
>> > > https://tomcat.apache.org/connectors-doc/common_howto/proxy.html
>> > >
>> > > http protocol, can be also repleace ajp, but you need to make some
>> > > "plumbing" with HTTP headers and tomcat connectors
>> > >
>> > > Antonio
>> > >
>> > > El 18/12/2015 a las 19:39, Guan Wang escribió:
>> > >> Hi John,
>> > >>
>> > >>
>> > >> Is AJP having any advantage particularly over ProxyPass?
>> > >>
>> > >>
>> > >> Thanks,
>> > >>
>> > >>
>> > >> Guan
>> > >>
>> > >>
>> > >> From: thredds-bounces@xxxxxxxxxxxxxxxx
>> > >> [mailto:thredds-bounces@xxxxxxxxxxxxxxxx] On Behalf Of John Caron
>> > >> Sent: Friday, December 18, 2015 12:56 PM
>> > >> To: James Gallagher
>> > >> Cc: THREDDS THREDDS
>> > >> Subject: Re: [thredds] TDS and HTTPS
>> > >>
>> > >>
>> > >> I agree, an Apache front end is a simple and standard thing to do.
>> > >>
>> > >>
>> > >> AFAIU, the user still is using SSL encryption, its just that Apache is
>> > >> doing that instead of Tomcat. So it would be good for any of us to make
>> > >> some measurements comparing large binary data transfers.
>> > >>
>> > >>
>> > >> On Fri, Dec 18, 2015 at 10:42 AM, James Gallagher
>> > >> <jgallagher@xxxxxxxxxxx> wrote:
>> > >>
>> > >>
>> > >> On Dec 18, 2015, at 9:06 AM, Steve Ansari - NOAA Federal
>> > >> <steve.ansari@xxxxxxxx> wrote:
>> > >>
>> > >>
>> > >> Sure - I'll follow up offline.
>> > >>
>> > >>
>> > >> Steve
>> > >>
>> > >>
>> > >>
>> > >> On Fri, Dec 18, 2015 at 11:04 AM, Roy Mendelssohn - NOAA Federal
>> > >> <roy.mendelssohn@xxxxxxxx> wrote:
>> > >>
>> > >> Hi Steve
>> > >>
>> > >> I was hoping that would work. That any proxying, whether AJP or other,
>> > >> would be hidden. I have had problems in the past getting AJP proxying
>> > >> to work, if I need to do that. Can you send me (offline) the part of
>> > >> you httpd.conf where you proxy over to tomcat using AJP?
>> > >>
>> > >>
>> > >> We have had good success using Apache & AJP. Apache as a front end
>> > >> provides a number of options, particularly WRT authentication and this
>> > >> might provide for a compromise should HTTPS be too much of a bottle
>> > >> neck. I have not tested the impact of HTTPS compared to HTTP (it would
>> > >> be easy enough to do using simple file transfers).
>> > >>
>> > >>
>> > >> James
>> > >>
>> > >>
>> > >>
>> > >>
>> > >> Thanks,
>> > >>
>> > >> -Roy
>> > >>
>> > >>
>> > >> > On Dec 18, 2015, at 7:59 AM, Steve Ansari - NOAA Federal
>> > >> > <steve.ansari@xxxxxxxx> wrote:
>> > >> >
>> > >> > Hey Roy,
>> > >> >
>> > >> > We are using Apache to handle all the HTTPS stuff. Apache then
>> > >> > forwards requests to Tomcat and TDS using AJP.
>> > >> > https://tomcat.apache.org/tomcat-7.0-doc/config/ajp.html
>> > >> >
>> > >> > Our TDS:
>> > >> > https://www.ncdc.noaa.gov/thredds/catalog.html
>> > >> >
>> > >> >
>> > >> > Steve
>> > >> >
>> > >> >
>> > >> > On Fri, Dec 18, 2015 at 10:29 AM, Roy Mendelssohn - NOAA Federal
>> > >> > <roy.mendelssohn@xxxxxxxx> wrote:
>> > >> > Hi All:
>> > >> >
>> > >> > As I hope you know, the Federal government is required to migrate to
>> > >> > https for all services in the next1.5 years. My question is can the
>> > >> > TDS work with https? If so, can you point me to any documents or what
>> > >> > changes, if any, need to be made to use https. If not, are there
>> > >> > plans to incorporate this ability into TDS?
>> > >> >
>> > >> > Thanks,
>> > >> >
>> > >> > -Roy
>> > >> >
>> > >> >
>> > >> >
>> > >> > **********************
>> > >> > "The contents of this message do not reflect any position of the U.S.
>> > >> > Government or NOAA."
>> > >> > **********************
>> > >> > Roy Mendelssohn
>> > >> > Supervisory Operations Research Analyst
>> > >> > NOAA/NMFS
>> > >> > Environmental Research Division
>> > >> > Southwest Fisheries Science Center
>> > >> > ***Note new address and phone***
>> > >> > 110 Shaffer Road
>> > >> > Santa Cruz, CA 95060
>> > >> > Phone: (831)-420-3666
>> > >> > Fax: (831) 420-3980
>> > >> > e-mail: Roy.Mendelssohn@xxxxxxxx www: http://www.pfeg.noaa.gov/
>> > >> >
>> > >> > "Old age and treachery will overcome youth and skill."
>> > >> > "From those who have been given much, much will be expected"
>> > >> > "the arc of the moral universe is long, but it bends toward justice"
>> > >> > -MLK Jr.
>> > >> >
>> > >> > _______________________________________________
>> > >> > thredds mailing list
>> > >> > thredds@xxxxxxxxxxxxxxxx
>> > >> > For list information or to unsubscribe, visit:
>> > >> > http://www.unidata.ucar.edu/mailing_lists/
>> > >> >
>> > >> >
>> > >> >
>> > >> > --
>> > >> > Steve Ansari
>> > >> > Physical Scientist
>> > >> > NOAA National Centers for Environmental Information (NCEI)
>> > >> > (828) 271-4611
>> > >> >
>> > >> > The newly formed NCEI merges the National Oceanographic Data Center
>> > >> > (NODC), the National Climatic Data Center (NCDC), and the National
>> > >> > Geophysical Data Center (NGDC).
>> > >>
>> > >> **********************
>> > >> "The contents of this message do not reflect any position of the U.S.
>> > >> Government or NOAA."
>> > >> **********************
>> > >> Roy Mendelssohn
>> > >> Supervisory Operations Research Analyst
>> > >> NOAA/NMFS
>> > >> Environmental Research Division
>> > >> Southwest Fisheries Science Center
>> > >> ***Note new address and phone***
>> > >> 110 Shaffer Road
>> > >> Santa Cruz, CA 95060
>> > >> Phone: (831)-420-3666
>> > >> Fax: (831) 420-3980
>> > >> e-mail: Roy.Mendelssohn@xxxxxxxx www: http://www.pfeg.noaa.gov/
>> > >>
>> > >> "Old age and treachery will overcome youth and skill."
>> > >> "From those who have been given much, much will be expected"
>> > >> "the arc of the moral universe is long, but it bends toward justice"
>> > >> -MLK Jr.
>> > >>
>> > >>
>> > >>
>> > >>
>> > >> --
>> > >>
>> > >> Steve Ansari
>> > >>
>> > >> Physical Scientist
>> > >>
>> > >> NOAA National Centers for Environmental Information (NCEI)
>> > >>
>> > >> (828) 271-4611
>> > >>
>> > >>
>> > >> The newly formed NCEI merges the National Oceanographic Data Center
>> > >> (NODC), the National Climatic Data Center (NCDC), and the National
>> > >> Geophysical Data Center (NGDC).
>> > >>
>> > >> _______________________________________________
>> > >> thredds mailing list
>> > >> thredds@xxxxxxxxxxxxxxxx
>> > >> For list information or to unsubscribe, visit:
>> > >> http://www.unidata.ucar.edu/mailing_lists/
>> > >>
>> > >>
>> > >> --
>> > >>
>> > >> James Gallagher
>> > >> jgallagher@xxxxxxxxxxx
>> > >>
>> > >>
>> > >>
>> > >> _______________________________________________
>> > >> thredds mailing list
>> > >> thredds@xxxxxxxxxxxxxxxx
>> > >> For list information or to unsubscribe, visit:
>> > >> http://www.unidata.ucar.edu/mailing_lists/
>> > >>
>> > >>
>> > >>
>> > >>
>> > >> _______________________________________________
>> > >> thredds mailing list
>> > >>
>> > >> thredds@xxxxxxxxxxxxxxxx
>> > >>
>> > >> For list information or to unsubscribe, visit:
>> > >> http://www.unidata.ucar.edu/mailing_lists/
>> > >
>> > >
>> > > _______________________________________________
>> > > thredds mailing list
>> > > thredds@xxxxxxxxxxxxxxxx
>> > > For list information or to unsubscribe, visit:
>> > > http://www.unidata.ucar.edu/mailing_lists/
>> > >
>> > >
>> > >
>> > > --
>> > > Gerry Creager
>> > > NSSL/CIMMS
>> > > 405.325.6371
>> > > ++++++++++++++++++++++
>> > > “Big whorls have little whorls,
>> > > That feed on their velocity;
>> > > And little whorls have lesser whorls,
>> > > And so on to viscosity.”
>> > > Lewis Fry Richardson (1881-1953)
>> > > _______________________________________________
>> > > thredds mailing list
>> > > thredds@xxxxxxxxxxxxxxxx
>> > > For list information or to unsubscribe, visit:
>> > > http://www.unidata.ucar.edu/mailing_lists/
>> >
>> > **********************
>> > "The contents of this message do not reflect any position of the U.S.
>> > Government or NOAA."
>> > **********************
>> > Roy Mendelssohn
>> > Supervisory Operations Research Analyst
>> > NOAA/NMFS
>> > Environmental Research Division
>> > Southwest Fisheries Science Center
>> > ***Note new address and phone***
>> > 110 Shaffer Road
>> > Santa Cruz, CA 95060
>> > Phone: (831)-420-3666
>> > Fax: (831) 420-3980
>> > e-mail: Roy.Mendelssohn@xxxxxxxx www: http://www.pfeg.noaa.gov/
>> >
>> > "Old age and treachery will overcome youth and skill."
>> > "From those who have been given much, much will be expected"
>> > "the arc of the moral universe is long, but it bends toward justice" -MLK
>> > Jr.
>> >
>> > _______________________________________________
>> > thredds mailing list
>> > thredds@xxxxxxxxxxxxxxxx
>> > For list information or to unsubscribe, visit:
>> > http://www.unidata.ucar.edu/mailing_lists/
>> >
>>
>> **********************
>> "The contents of this message do not reflect any position of the U.S.
>> Government or NOAA."
>> **********************
>> Roy Mendelssohn
>> Supervisory Operations Research Analyst
>> NOAA/NMFS
>> Environmental Research Division
>> Southwest Fisheries Science Center
>> ***Note new address and phone***
>> 110 Shaffer Road
>> Santa Cruz, CA 95060
>> Phone: (831)-420-3666
>> Fax: (831) 420-3980
>> e-mail: Roy.Mendelssohn@xxxxxxxx www: http://www.pfeg.noaa.gov/
>>
>> "Old age and treachery will overcome youth and skill."
>> "From those who have been given much, much will be expected"
>> "the arc of the moral universe is long, but it bends toward justice" -MLK Jr.
>>
>> _______________________________________________
>> thredds mailing list
>> thredds@xxxxxxxxxxxxxxxx
>> For list information or to unsubscribe, visit:
>> http://www.unidata.ucar.edu/mailing_lists/
>
>
>
> --
> James Gallagher
> jgallagher@xxxxxxxxxxx
**********************
"The contents of this message do not reflect any position of the U.S.
Government or NOAA."
**********************
Roy Mendelssohn
Supervisory Operations Research Analyst
NOAA/NMFS
Environmental Research Division
Southwest Fisheries Science Center
***Note new address and phone***
110 Shaffer Road
Santa Cruz, CA 95060
Phone: (831)-420-3666
Fax: (831) 420-3980
e-mail: Roy.Mendelssohn@xxxxxxxx www: http://www.pfeg.noaa.gov/
"Old age and treachery will overcome youth and skill."
"From those who have been given much, much will be expected"
"the arc of the moral universe is long, but it bends toward justice" -MLK Jr.
