Creating items with oEmbed media failing when using proxy
Omeka S forum post
Laminas forum post
There are two problems. The first is the proxy being unable to fulfill the request, and the MiVideo server not behaving in the same way as when Omeka S was on a MiServer instance.
proxy adapter failing
Current theory is that this is an variant of an open PHP bug. A secure connection is being made to the proxy server somehow, resulting in the socket context(?) listing the proxy as its peer. Trying to secure a connection to the actual destination will fail when PHP compares the name of the destination with who it thinks it should be talking to based on the socket context(?). The version of laminas-http (2.11.2) used by Omeka S (3.0.1) voluntarily kills connection if it's not able to secure it.
Client determines if connection should be secure based on destination protocol
Client calls wrapper method that delegates to adapter
Client calls connects to destination using specific adapter (proxy)
Proxy adapter makes unsecure connection with proxy by calling parent class socket adapter connection method
Ln106-109 might be the culprit, usesslcontext created/overridden (set to true) if destination requires secure connection
Parent class socket adapter should end up with tcp connection to proxy
See step 4, line 207 gates ssl settings that verify peer name, line 279-288 creates socket with context that peer should be verified, might set proxy a peer, line 309 gates securing the connection to the proxy (line 320), might set proxy as peer, host should be stored as using ssl protocol if this is true
Client the writes request to destination using specific adapter (proxy)
Proxy adapter checks to see if proxy connection has expected protocol for a secure connection using destination protocol?
Proxy adapter tries to negotiate secure connection to destination
Proxy adapter sends connection request to the destination to proxy
Proxy adapter tries to secure the connection to the destination via the proxy
connection killed at this point
omeka-s/config/local.config.php 'http_client' => [ 'adapter' => \Laminas\Http\Client\Adapter\Proxy::class, 'proxy_host' => 'squidproxy-01.lsait.lsa.umich.edu', 'proxy_port' => 3128, ] Warnings stream_socket_enable_crypto(): Peer certificate CN=`vimeo.map.fastly.net' did not match expected CN=`squidproxy-01.lsait.lsa.umich.edu' in /opt/app-root/src/omeka-s/vendor/laminas/laminas-http/src/Client/Adapter/Proxy.php on line 289 stream_socket_enable_crypto(): Peer certificate CN=`*.mediaspace.kaltura.com' did not match expected CN=`squidproxy-01.lsait.lsa.umich.edu' in /opt/app-root/src/omeka-s/vendor/laminas/laminas-http/src/Client/Adapter/Proxy.php on line 289 Exceptions Unable to connect to HTTPS server through proxy: could not negotiate secure connection. in /opt/app-root/src/omeka-s/vendor/laminas/laminas-http/src/Client/Adapter/Proxy.php:296
omeka-s/config/local.config.php 'http_client' => [ 'adapter' => \Laminas\Http\Client\Adapter\Proxy::class, 'proxy_host' => 'http://squidproxy-01.lsait.lsa.umich.edu', 'proxy_port' => 3128, ] Exceptions Unable to connect to http://squidproxy-01.lsait.lsa.umich.edu:3128 . Error #0: stream_socket_client(): unable to connect to http://squidproxy-01.lsait.lsa.umich.edu:3128 (Unable to find the socket transport “http” - did you forget to enable it when you configured PHP?)
- log resulting config and host data for proxy connection, looking for sign that the proxy connect has been secured (see step 4/5)
- find/set up proxy that can be used to replicate issue outside of cluster
- find/figure out how to set up debugger to allow stepping through omeka code
- fix http error to see if specifying unsecured connection to proxy helps issue
proxy is configured to be used by a specific of campus machines, was told that creating an exception would be difficult
MiVideo server returning 421 http response
If the proxy is configured to disable peer verification, third party destinations (like vimeo) appear to be completely functional. The MiVideo url fails. The only indication of what went wrong is a flash message listing that the destination returned a 421 HTTP error code.
omeka-s/config/local.config.php 'http_client' => [ 'adapter' => \Laminas\Http\Client\Adapter\Proxy::class, 'proxy_host' => 'squidproxy-01.lsait.lsa.umich.edu', 'proxy_port' => 3128, 'sslverifypeer' => false, ‘sslverifypeername’ => false, ], flash message Error reading OEmbed URL: Misdirected Request (421)
- find out how to get the response content, omeka just tells you the response code