Roy- We (Unidata/netcdf-c) have a test server that supports both http: and https:. You might try it as long as not too much traffic is generated. The server is remotetest.unidata.ucar.edu/thredds =Dennis Heimbigner p.s. the netcdf-c library supports https via curl (There is documentation in the library: auth.html). I am currently in the process of upgrading the authorization support in netcdf-java. The existing one works with https:, but does not support e.g. URS. On 12/22/2015 3:00 PM, Roy Mendelssohn - NOAA Federal wrote:
When I get some time, we will be setting up a test service. My brief experience with some libraries in Python and R, assuming I did things correctly which may not be the case, is that they won’t handle the redirect properly. Moreover, for many of the users I can’t be certain as to exactly what they are using to get the data. It is pretty clear that when the executive order was made they were thinking of web pages accessed by modern web browsers. In those cases, a redirect will work fine. I do not think they thought a lot about web services accessed by scripts, and whether those would work okay. Or if they did, they are assuming a closed, readily accessed environment, that can readily be notified of a change like that. However, that is not the environment we operate in. We have 100’s if not 1000’s of outside users who routinely access our data services using scripts. Even if we can run http and https side by side will be okay, For those who want assurance of who they are connecting to, https. And when we get a test site up, I will do some timings. We get some very big requests from users, if using https truly slows things down that much, ouch. -RoyOn Dec 22, 2015, at 1:16 PM, John Caron <jcaron1129@xxxxxxxxx> wrote: usually with libraries like curl, apps like wget will handle the redirects transparently, but of course one must test.... On Tue, Dec 22, 2015 at 1:49 PM, Roy Mendelssohn - NOAA Federal <roy.mendelssohn@xxxxxxxx> wrote: Our problem is we have services used by 100’s of people in scripts, and this will likely break them all, as in many languages even f there is a redirect, the script can’t handle the response. -royOn Dec 22, 2015, at 12:09 PM, Gerry Creager - NOAA Affiliate <gerry.creager@xxxxxxxx> wrote: Just to touch on the subject of exemptions, We've tried and been denied. We're encrypting everything. No, scientific data use cases were not considered, but that's not done us much good to date. Gerry On Fri, Dec 18, 2015 at 1:05 PM, Antonio S. Cofiño <cofinoa@xxxxxxxxx> wrote: AJP protocol is configured ProxyPass using the mod_proxy_ajp ProxyPass /app ajp://backend.example.com:8009/app may be you mean using a directly the http protocol for proxying the backend ProxyPass /app http://backend.example.com:8080/app ajp, is more convenient because simplify the things and make transparent the proxying process to tomcat connector, i.e. the info about the SSL connection between the frontend and client. Here there is some doc: https://tomcat.apache.org/connectors-doc/common_howto/proxy.html http protocol, can be also repleace ajp, but you need to make some "plumbing" with HTTP headers and tomcat connectors Antonio El 18/12/2015 a las 19:39, Guan Wang escribió:Hi John, Is AJP having any advantage particularly over ProxyPass? Thanks, Guan From: thredds-bounces@xxxxxxxxxxxxxxxx [mailto:thredds-bounces@xxxxxxxxxxxxxxxx] On Behalf Of John Caron Sent: Friday, December 18, 2015 12:56 PM To: James Gallagher Cc: THREDDS THREDDS Subject: Re: [thredds] TDS and HTTPS I agree, an Apache front end is a simple and standard thing to do. AFAIU, the user still is using SSL encryption, its just that Apache is doing that instead of Tomcat. So it would be good for any of us to make some measurements comparing large binary data transfers. On Fri, Dec 18, 2015 at 10:42 AM, James Gallagher <jgallagher@xxxxxxxxxxx> wrote: On Dec 18, 2015, at 9:06 AM, Steve Ansari - NOAA Federal <steve.ansari@xxxxxxxx> wrote: Sure - I'll follow up offline. Steve On Fri, Dec 18, 2015 at 11:04 AM, Roy Mendelssohn - NOAA Federal <roy.mendelssohn@xxxxxxxx> wrote: Hi Steve I was hoping that would work. That any proxying, whether AJP or other, would be hidden. I have had problems in the past getting AJP proxying to work, if I need to do that. Can you send me (offline) the part of you httpd.conf where you proxy over to tomcat using AJP? We have had good success using Apache & AJP. Apache as a front end provides a number of options, particularly WRT authentication and this might provide for a compromise should HTTPS be too much of a bottle neck. I have not tested the impact of HTTPS compared to HTTP (it would be easy enough to do using simple file transfers). James Thanks, -RoyOn Dec 18, 2015, at 7:59 AM, Steve Ansari - NOAA Federal <steve.ansari@xxxxxxxx> wrote: Hey Roy, We are using Apache to handle all the HTTPS stuff. Apache then forwards requests to Tomcat and TDS using AJP. https://tomcat.apache.org/tomcat-7.0-doc/config/ajp.html Our TDS: https://www.ncdc.noaa.gov/thredds/catalog.html Steve On Fri, Dec 18, 2015 at 10:29 AM, Roy Mendelssohn - NOAA Federal <roy.mendelssohn@xxxxxxxx> wrote: Hi All: As I hope you know, the Federal government is required to migrate to https for all services in the next1.5 years. My question is can the TDS work with https? If so, can you point me to any documents or what changes, if any, need to be made to use https. If not, are there plans to incorporate this ability into TDS? Thanks, -Roy ********************** "The contents of this message do not reflect any position of the U.S. Government or NOAA." ********************** Roy Mendelssohn Supervisory Operations Research Analyst NOAA/NMFS Environmental Research Division Southwest Fisheries Science Center ***Note new address and phone*** 110 Shaffer Road Santa Cruz, CA 95060 Phone: (831)-420-3666 Fax: (831) 420-3980 e-mail: Roy.Mendelssohn@xxxxxxxx www: http://www.pfeg.noaa.gov/ "Old age and treachery will overcome youth and skill." "From those who have been given much, much will be expected" "the arc of the moral universe is long, but it bends toward justice" -MLK Jr. _______________________________________________ thredds mailing list thredds@xxxxxxxxxxxxxxxx For list information or to unsubscribe, visit: http://www.unidata.ucar.edu/mailing_lists/ -- Steve Ansari Physical Scientist NOAA National Centers for Environmental Information (NCEI) (828) 271-4611 The newly formed NCEI merges the National Oceanographic Data Center (NODC), the National Climatic Data Center (NCDC), and the National Geophysical Data Center (NGDC).********************** "The contents of this message do not reflect any position of the U.S. Government or NOAA." ********************** Roy Mendelssohn Supervisory Operations Research Analyst NOAA/NMFS Environmental Research Division Southwest Fisheries Science Center ***Note new address and phone*** 110 Shaffer Road Santa Cruz, CA 95060 Phone: (831)-420-3666 Fax: (831) 420-3980 e-mail: Roy.Mendelssohn@xxxxxxxx www: http://www.pfeg.noaa.gov/ "Old age and treachery will overcome youth and skill." "From those who have been given much, much will be expected" "the arc of the moral universe is long, but it bends toward justice" -MLK Jr. -- Steve Ansari Physical Scientist NOAA National Centers for Environmental Information (NCEI) (828) 271-4611 The newly formed NCEI merges the National Oceanographic Data Center (NODC), the National Climatic Data Center (NCDC), and the National Geophysical Data Center (NGDC). _______________________________________________ thredds mailing list thredds@xxxxxxxxxxxxxxxx For list information or to unsubscribe, visit: http://www.unidata.ucar.edu/mailing_lists/ -- James Gallagher jgallagher@xxxxxxxxxxx _______________________________________________ thredds mailing list thredds@xxxxxxxxxxxxxxxx For list information or to unsubscribe, visit: http://www.unidata.ucar.edu/mailing_lists/ _______________________________________________ thredds mailing list thredds@xxxxxxxxxxxxxxxx For list information or to unsubscribe, visit: http://www.unidata.ucar.edu/mailing_lists/_______________________________________________ thredds mailing list thredds@xxxxxxxxxxxxxxxx For list information or to unsubscribe, visit: http://www.unidata.ucar.edu/mailing_lists/ -- Gerry Creager NSSL/CIMMS 405.325.6371 ++++++++++++++++++++++ “Big whorls have little whorls, That feed on their velocity; And little whorls have lesser whorls, And so on to viscosity.” Lewis Fry Richardson (1881-1953) _______________________________________________ thredds mailing list thredds@xxxxxxxxxxxxxxxx For list information or to unsubscribe, visit: http://www.unidata.ucar.edu/mailing_lists/********************** "The contents of this message do not reflect any position of the U.S. Government or NOAA." ********************** Roy Mendelssohn Supervisory Operations Research Analyst NOAA/NMFS Environmental Research Division Southwest Fisheries Science Center ***Note new address and phone*** 110 Shaffer Road Santa Cruz, CA 95060 Phone: (831)-420-3666 Fax: (831) 420-3980 e-mail: Roy.Mendelssohn@xxxxxxxx www: http://www.pfeg.noaa.gov/ "Old age and treachery will overcome youth and skill." "From those who have been given much, much will be expected" "the arc of the moral universe is long, but it bends toward justice" -MLK Jr. _______________________________________________ thredds mailing list thredds@xxxxxxxxxxxxxxxx For list information or to unsubscribe, visit: http://www.unidata.ucar.edu/mailing_lists/********************** "The contents of this message do not reflect any position of the U.S. Government or NOAA." ********************** Roy Mendelssohn Supervisory Operations Research Analyst NOAA/NMFS Environmental Research Division Southwest Fisheries Science Center ***Note new address and phone*** 110 Shaffer Road Santa Cruz, CA 95060 Phone: (831)-420-3666 Fax: (831) 420-3980 e-mail: Roy.Mendelssohn@xxxxxxxx www: http://www.pfeg.noaa.gov/ "Old age and treachery will overcome youth and skill." "From those who have been given much, much will be expected" "the arc of the moral universe is long, but it bends toward justice" -MLK Jr. _______________________________________________ thredds mailing list thredds@xxxxxxxxxxxxxxxx For list information or to unsubscribe, visit: http://www.unidata.ucar.edu/mailing_lists/
thredds archives: