Pierre and I got the CERN proxy setup for the Darkside prototype.
Using your CERN single-sign-on identity, you should be able to login to this page
https://m-darkside.web.cern.ch/
and see our normal MIDAS webpage.
The CERN server is proxying the port 80 on ds-proto-daq. You can also see all the other services through the
same page:
elog:
https://m-darkside.web.cern.ch/elog/DS+Prototype/
chronobox:
https://m-darkside.web.cern.ch/chronobox/
js-root:
https://m-darkside.web.cern.ch/rootana/
_________________________________
Technical details
1) We followed these instructions for creating a SSO-proxy:
https://cern.service-now.com/service-portal/article.do?n=KB0005442
We pointed the proxy to port 80 on ds-proto-daq
2) On ds-proto-daq, we needed to poke a hole through the firewall for port 80:
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="188.184.28.139/32" port
protocol="tcp" port="80" accept"
firewall-cmd --reload
[root@ds-proto-daq ~]# firewall-cmd --list-all
public (active)
...
rule family="ipv4" source address="188.184.28.139/32" port port="80" protocol="tcp" accept
This firewall rule is pointing to some particular IP that seems to be the proxy side of the server:
[root@ds-proto-daq ~]# host 188.184.28.139
139.28.184.188.in-addr.arpa domain name pointer oostandardprod-7b34bdf1f3.cern.ch.
It is not clear if this particular IP will be stable in long term.
3) We needed to modify mhttpd so it would serve content to hosts other than localhost. So changed mhttpd
command from
mhttpd -a localhost -D
to
mhttpd -D |