Re: [thredds] TDS and HTTPS

        The RCurl package in R works fine for redirects.  We use the 
getBinaryURL() function to accept a redirect after passing in digest 
authentication, which allows access to restricted datasets.  We do not 
currently use https for this purpose, however.

        -Rob


> On Dec 22, 2015, at 2:33 PM, Roy Mendelssohn - NOAA Federal 
> <roy.mendelssohn@xxxxxxxx> wrote:
> 
> Hi Dennis:
> 
> Thank you kindly.    But what I need is where http is not allowed, and that 
> the http request is redirected to https.  If most libraries can handle that 
> smoothly, then we have an easy path to having only https responses.  If not, 
> we have problems.
> 
> Have a good holiday.
> 
> -Roy
> 
> 
>> On Dec 22, 2015, at 2:29 PM, dmh@xxxxxxxx wrote:
>> 
>> Roy-
>> We (Unidata/netcdf-c) have a test server that supports both http:
>> and https:. You might try it as long as not too much traffic
>> is generated. The server is remotetest.unidata.ucar.edu/thredds
>> =Dennis Heimbigner
>> 
>> p.s. the netcdf-c library supports https via curl (There is documentation
>> in the library: auth.html).
>> I am currently in the process of upgrading the authorization support
>> in netcdf-java. The existing one works with https:, but does not
>> support e.g. URS.
>> 
>> On 12/22/2015 3:00 PM, Roy Mendelssohn - NOAA Federal wrote:
>>> When I get some time, we will be setting up a test service.  My brief 
>>> experience with some libraries in Python and R, assuming I did things 
>>> correctly which may not be the case, is that they won’t handle the redirect 
>>> properly.  Moreover, for many of the users I can’t be certain as to exactly 
>>> what they are using to get the data.
>>> 
>>> It is pretty clear that when the executive order was made they were 
>>> thinking of web pages accessed by modern web browsers.  In those cases, a 
>>> redirect will work fine.  I do not think they thought a lot about web 
>>> services accessed by scripts, and whether those would work okay.  Or if 
>>> they did, they are assuming a closed, readily accessed environment, that 
>>> can readily be notified of a change like that.  However, that is not the 
>>> environment we operate in.  We have 100’s if not 1000’s of outside users 
>>> who routinely access our data services using scripts.  Even if we can run 
>>> http and https side by side will be okay,  For those who want assurance of 
>>> who they are connecting to, https.
>>> 
>>> And when we get a test site up, I will do some timings.  We get some very 
>>> big requests from users, if using https truly slows things down that much, 
>>> ouch.
>>> 
>>> -Roy
>>> 
>>> 
>>> 
>>> 
>>>> On Dec 22, 2015, at 1:16 PM, John Caron <jcaron1129@xxxxxxxxx> wrote:
>>>> 
>>>> usually with libraries like curl, apps like wget will handle the redirects 
>>>> transparently, but of course one must test....
>>>> 
>>>> On Tue, Dec 22, 2015 at 1:49 PM, Roy Mendelssohn - NOAA Federal 
>>>> <roy.mendelssohn@xxxxxxxx> wrote:
>>>> Our problem is we have services used by 100’s of people in scripts, and 
>>>> this will likely break them all, as in many languages even f there is a 
>>>> redirect, the script can’t handle the response.
>>>> 
>>>> -roy
>>>>> On Dec 22, 2015, at 12:09 PM, Gerry Creager - NOAA Affiliate 
>>>>> <gerry.creager@xxxxxxxx> wrote:
>>>>> 
>>>>> Just to touch on the subject of exemptions, We've tried and been denied. 
>>>>> We're encrypting everything. No, scientific data use cases were not 
>>>>> considered, but that's not done us much good to date.
>>>>> 
>>>>> Gerry
>>>>> 
>>>>> On Fri, Dec 18, 2015 at 1:05 PM, Antonio S. Cofiño <cofinoa@xxxxxxxxx> 
>>>>> wrote:
>>>>> AJP protocol is configured ProxyPass using the mod_proxy_ajp
>>>>> ProxyPass /app ajp://backend.example.com:8009/app
>>>>> 
>>>>> may be you mean using a directly the http protocol for proxying the 
>>>>> backend
>>>>> ProxyPass /app http://backend.example.com:8080/app
>>>>> 
>>>>> ajp, is more convenient because simplify the things and make transparent 
>>>>> the proxying process to tomcat connector, i.e. the info about the SSL 
>>>>> connection between the frontend and client.
>>>>> 
>>>>> Here there is some doc:
>>>>> https://tomcat.apache.org/connectors-doc/common_howto/proxy.html
>>>>> 
>>>>> http protocol, can be also repleace ajp, but you need to make some 
>>>>> "plumbing" with HTTP headers and tomcat connectors
>>>>> 
>>>>> Antonio
>>>>> 
>>>>> El 18/12/2015 a las 19:39, Guan Wang escribió:
>>>>>> Hi John,
>>>>>> 
>>>>>> 
>>>>>> Is AJP having any advantage particularly over ProxyPass?
>>>>>> 
>>>>>> 
>>>>>> Thanks,
>>>>>> 
>>>>>> 
>>>>>> Guan
>>>>>> 
>>>>>> 
>>>>>> From: thredds-bounces@xxxxxxxxxxxxxxxx 
>>>>>> [mailto:thredds-bounces@xxxxxxxxxxxxxxxx] On Behalf Of John Caron
>>>>>> Sent: Friday, December 18, 2015 12:56 PM
>>>>>> To: James Gallagher
>>>>>> Cc: THREDDS THREDDS
>>>>>> Subject: Re: [thredds] TDS and HTTPS
>>>>>> 
>>>>>> 
>>>>>> I agree, an Apache front end is a simple and standard thing to do.
>>>>>> 
>>>>>> 
>>>>>> AFAIU, the user still is using SSL encryption, its just that Apache is 
>>>>>> doing that instead of Tomcat. So it would be good for any of us to make 
>>>>>> some measurements comparing large binary data transfers.
>>>>>> 
>>>>>> 
>>>>>> On Fri, Dec 18, 2015 at 10:42 AM, James Gallagher 
>>>>>> <jgallagher@xxxxxxxxxxx> wrote:
>>>>>> 
>>>>>> 
>>>>>> On Dec 18, 2015, at 9:06 AM, Steve Ansari - NOAA Federal 
>>>>>> <steve.ansari@xxxxxxxx> wrote:
>>>>>> 
>>>>>> 
>>>>>> Sure - I'll follow up offline.
>>>>>> 
>>>>>> 
>>>>>> Steve
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> On Fri, Dec 18, 2015 at 11:04 AM, Roy Mendelssohn - NOAA Federal 
>>>>>> <roy.mendelssohn@xxxxxxxx> wrote:
>>>>>> 
>>>>>> Hi Steve
>>>>>> 
>>>>>> I was hoping that would work.  That any proxying, whether AJP or other, 
>>>>>> would be hidden.  I have had problems in the past getting AJP proxying 
>>>>>> to work, if I need to do that.  Can  you send me (offline) the part of 
>>>>>> you httpd.conf where you proxy over to tomcat using AJP?
>>>>>> 
>>>>>> 
>>>>>> We have had good success using Apache & AJP. Apache as a front end 
>>>>>> provides a number of options, particularly WRT authentication and this 
>>>>>> might provide for a compromise should HTTPS be too much of a bottle 
>>>>>> neck. I have not tested the impact of HTTPS compared to HTTP (it would 
>>>>>> be easy enough to do using simple file transfers).
>>>>>> 
>>>>>> 
>>>>>> James
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> Thanks,
>>>>>> 
>>>>>> -Roy
>>>>>> 
>>>>>> 
>>>>>>> On Dec 18, 2015, at 7:59 AM, Steve Ansari - NOAA Federal 
>>>>>>> <steve.ansari@xxxxxxxx> wrote:
>>>>>>> 
>>>>>>> Hey Roy,
>>>>>>> 
>>>>>>> We are using Apache to handle all the HTTPS stuff.  Apache then 
>>>>>>> forwards requests to Tomcat and TDS using AJP.
>>>>>>> https://tomcat.apache.org/tomcat-7.0-doc/config/ajp.html
>>>>>>> 
>>>>>>> Our TDS:
>>>>>>> https://www.ncdc.noaa.gov/thredds/catalog.html
>>>>>>> 
>>>>>>> 
>>>>>>> Steve
>>>>>>> 
>>>>>>> 
>>>>>>> On Fri, Dec 18, 2015 at 10:29 AM, Roy Mendelssohn - NOAA Federal 
>>>>>>> <roy.mendelssohn@xxxxxxxx> wrote:
>>>>>>> Hi All:
>>>>>>> 
>>>>>>> As I hope you know, the Federal government is required to migrate to 
>>>>>>> https for all services in the next1.5 years.  My question is can the 
>>>>>>> TDS work with https? If so, can you point me to any documents or what 
>>>>>>> changes, if any, need to be made to use https.  If not, are there plans 
>>>>>>> to incorporate this ability into TDS?
>>>>>>> 
>>>>>>> Thanks,
>>>>>>> 
>>>>>>> -Roy
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> **********************
>>>>>>> "The contents of this message do not reflect any position of the U.S. 
>>>>>>> Government or NOAA."
>>>>>>> **********************
>>>>>>> Roy Mendelssohn
>>>>>>> Supervisory Operations Research Analyst
>>>>>>> NOAA/NMFS
>>>>>>> Environmental Research Division
>>>>>>> Southwest Fisheries Science Center
>>>>>>> ***Note new address and phone***
>>>>>>> 110 Shaffer Road
>>>>>>> Santa Cruz, CA 95060
>>>>>>> Phone: (831)-420-3666
>>>>>>> Fax: (831) 420-3980
>>>>>>> e-mail: Roy.Mendelssohn@xxxxxxxx www: http://www.pfeg.noaa.gov/
>>>>>>> 
>>>>>>> "Old age and treachery will overcome youth and skill."
>>>>>>> "From those who have been given much, much will be expected"
>>>>>>> "the arc of the moral universe is long, but it bends toward justice" 
>>>>>>> -MLK Jr.
>>>>>>> 
>>>>>>> _______________________________________________
>>>>>>> thredds mailing list
>>>>>>> thredds@xxxxxxxxxxxxxxxx
>>>>>>> For list information or to unsubscribe,  visit: 
>>>>>>> http://www.unidata.ucar.edu/mailing_lists/
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> --
>>>>>>> Steve Ansari
>>>>>>> Physical Scientist
>>>>>>> NOAA National Centers for Environmental Information (NCEI)
>>>>>>> (828) 271-4611
>>>>>>> 
>>>>>>> The newly formed NCEI merges the National Oceanographic Data Center 
>>>>>>> (NODC), the National Climatic Data Center (NCDC), and the National 
>>>>>>> Geophysical Data Center (NGDC).
>>>>>> **********************
>>>>>> "The contents of this message do not reflect any position of the U.S. 
>>>>>> Government or NOAA."
>>>>>> **********************
>>>>>> Roy Mendelssohn
>>>>>> Supervisory Operations Research Analyst
>>>>>> NOAA/NMFS
>>>>>> Environmental Research Division
>>>>>> Southwest Fisheries Science Center
>>>>>> ***Note new address and phone***
>>>>>> 110 Shaffer Road
>>>>>> Santa Cruz, CA 95060
>>>>>> Phone: (831)-420-3666
>>>>>> Fax: (831) 420-3980
>>>>>> e-mail: Roy.Mendelssohn@xxxxxxxx www: http://www.pfeg.noaa.gov/
>>>>>> 
>>>>>> "Old age and treachery will overcome youth and skill."
>>>>>> "From those who have been given much, much will be expected"
>>>>>> "the arc of the moral universe is long, but it bends toward justice" 
>>>>>> -MLK Jr.
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> --
>>>>>> 
>>>>>> Steve Ansari
>>>>>> 
>>>>>> Physical Scientist
>>>>>> 
>>>>>> NOAA National Centers for Environmental Information (NCEI)
>>>>>> 
>>>>>> (828) 271-4611
>>>>>> 
>>>>>> 
>>>>>> The newly formed NCEI merges the National Oceanographic Data Center 
>>>>>> (NODC), the National Climatic Data Center (NCDC), and the National 
>>>>>> Geophysical Data Center (NGDC).
>>>>>> 
>>>>>> _______________________________________________
>>>>>> thredds mailing list
>>>>>> thredds@xxxxxxxxxxxxxxxx
>>>>>> For list information or to unsubscribe,  visit: 
>>>>>> http://www.unidata.ucar.edu/mailing_lists/
>>>>>> 
>>>>>> 
>>>>>> --
>>>>>> 
>>>>>> James Gallagher
>>>>>> jgallagher@xxxxxxxxxxx
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> _______________________________________________
>>>>>> thredds mailing list
>>>>>> thredds@xxxxxxxxxxxxxxxx
>>>>>> For list information or to unsubscribe,  visit: 
>>>>>> http://www.unidata.ucar.edu/mailing_lists/
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> _______________________________________________
>>>>>> thredds mailing list
>>>>>> 
>>>>>> thredds@xxxxxxxxxxxxxxxx
>>>>>> 
>>>>>> For list information or to unsubscribe,  visit:
>>>>>> http://www.unidata.ucar.edu/mailing_lists/
>>>>> 
>>>>> _______________________________________________
>>>>> thredds mailing list
>>>>> thredds@xxxxxxxxxxxxxxxx
>>>>> For list information or to unsubscribe,  visit: 
>>>>> http://www.unidata.ucar.edu/mailing_lists/
>>>>> 
>>>>> 
>>>>> 
>>>>> --
>>>>> Gerry Creager
>>>>> NSSL/CIMMS
>>>>> 405.325.6371
>>>>> ++++++++++++++++++++++
>>>>> “Big whorls have little whorls,
>>>>> That feed on their velocity;
>>>>> And little whorls have lesser whorls,
>>>>> And so on to viscosity.”
>>>>> Lewis Fry Richardson (1881-1953)
>>>>> _______________________________________________
>>>>> thredds mailing list
>>>>> thredds@xxxxxxxxxxxxxxxx
>>>>> For list information or to unsubscribe,  visit: 
>>>>> http://www.unidata.ucar.edu/mailing_lists/
>>>> **********************
>>>> "The contents of this message do not reflect any position of the U.S. 
>>>> Government or NOAA."
>>>> **********************
>>>> Roy Mendelssohn
>>>> Supervisory Operations Research Analyst
>>>> NOAA/NMFS
>>>> Environmental Research Division
>>>> Southwest Fisheries Science Center
>>>> ***Note new address and phone***
>>>> 110 Shaffer Road
>>>> Santa Cruz, CA 95060
>>>> Phone: (831)-420-3666
>>>> Fax: (831) 420-3980
>>>> e-mail: Roy.Mendelssohn@xxxxxxxx www: http://www.pfeg.noaa.gov/
>>>> 
>>>> "Old age and treachery will overcome youth and skill."
>>>> "From those who have been given much, much will be expected"
>>>> "the arc of the moral universe is long, but it bends toward justice" -MLK 
>>>> Jr.
>>>> 
>>>> _______________________________________________
>>>> thredds mailing list
>>>> thredds@xxxxxxxxxxxxxxxx
>>>> For list information or to unsubscribe,  visit: 
>>>> http://www.unidata.ucar.edu/mailing_lists/
>>>> 
>>> **********************
>>> "The contents of this message do not reflect any position of the U.S. 
>>> Government or NOAA."
>>> **********************
>>> Roy Mendelssohn
>>> Supervisory Operations Research Analyst
>>> NOAA/NMFS
>>> Environmental Research Division
>>> Southwest Fisheries Science Center
>>> ***Note new address and phone***
>>> 110 Shaffer Road
>>> Santa Cruz, CA 95060
>>> Phone: (831)-420-3666
>>> Fax: (831) 420-3980
>>> e-mail: Roy.Mendelssohn@xxxxxxxx www: http://www.pfeg.noaa.gov/
>>> 
>>> "Old age and treachery will overcome youth and skill."
>>> "From those who have been given much, much will be expected"
>>> "the arc of the moral universe is long, but it bends toward justice" -MLK 
>>> Jr.
>>> 
>>> _______________________________________________
>>> thredds mailing list
>>> thredds@xxxxxxxxxxxxxxxx
>>> For list information or to unsubscribe,  visit: 
>>> http://www.unidata.ucar.edu/mailing_lists/
>> 
> 
> **********************
> "The contents of this message do not reflect any position of the U.S. 
> Government or NOAA."
> **********************
> Roy Mendelssohn
> Supervisory Operations Research Analyst
> NOAA/NMFS
> Environmental Research Division
> Southwest Fisheries Science Center
> ***Note new address and phone***
> 110 Shaffer Road
> Santa Cruz, CA 95060
> Phone: (831)-420-3666
> Fax: (831) 420-3980
> e-mail: Roy.Mendelssohn@xxxxxxxx www: http://www.pfeg.noaa.gov/
> 
> "Old age and treachery will overcome youth and skill."
> "From those who have been given much, much will be expected" 
> "the arc of the moral universe is long, but it bends toward justice" -MLK Jr.
> 
> _______________________________________________
> thredds mailing list
> thredds@xxxxxxxxxxxxxxxx
> For list information or to unsubscribe,  visit: 
> http://www.unidata.ucar.edu/mailing_lists/



  • 2015 messages navigation, sorted by:
    1. Thread
    2. Subject
    3. Author
    4. Date
    5. ↑ Table Of Contents
  • Search the thredds archives: