connection to slave use http instead https

[alex1702]

Summary

Master uses port 3012 instead of 3013 for the connection to the client.

Steps to reproduce the problem

I have activated https on the master and the slave. I call the master directly via hostname:3013 in the browser.

I added the client manually using the host name.
The master establishes the connection to the client via port 3012 instead of 3013.

Your Setup

{
	"base_app_url": "https://sub.domain.tld",
	"email_from": "admin@localhost",
	"smtp_hostname": "localhost",
	"smtp_port": 25,
	"secret_key": "*******",
	
	"log_dir": "logs",
	"log_filename": "[component].log",
	"log_columns": ["hires_epoch", "date", "hostname", "component", "category", "code", "msg", "data"],
	"log_archive_path": "logs/archives/[yyyy]/[mm]/[dd]/[filename]-[yyyy]-[mm]-[dd].log.gz",
	"log_crashes": true,
	"copy_job_logs_to": "",
	"queue_dir": "queue",
	"pid_file": "logs/cronicled.pid",
	"debug_level": 9,
	"maintenance": "04:00",
	"list_row_max": 10000,
	"job_data_expire_days": 365,
	"child_kill_timeout": 10,
	"dead_job_timeout": 120,
	"master_ping_freq": 20,
	"master_ping_timeout": 60,
	"udp_broadcast_port": 0,
	"scheduler_startup_grace": 10,
	"universal_web_hook": "",
	"track_manual_jobs": false,
	
	"server_comm_use_hostnames": true,
	"web_direct_connect": false,
	"web_socket_use_hostnames": false,
	
	"job_memory_max": 1073741824,
	"job_memory_sustain": 0,
	"job_cpu_max": 0,
	"job_cpu_sustain": 0,
	"job_log_max_size": 0,
	"job_env": {},
	
	"web_hook_text_templates": {
		"job_start": "Job started on [hostname]: [event_title] [job_details_url]",
		"job_complete": "Job completed successfully on [hostname]: [event_title] [job_details_url]",
		"job_failure": "Job failed on [hostname]: [event_title]: Error [code]: [description] [job_details_url]",
		"job_launch_failure": "Failed to launch scheduled event: [event_title]: [description] [edit_event_url]"
	},
	
	"client": {
		"name": "Cronicle",
		"debug": 1,
		"default_password_type": "password",
		"privilege_list": [
			{ "id": "admin", "title": "Administrator" },
			{ "id": "create_events", "title": "Create Events" },
			{ "id": "edit_events", "title": "Edit Events" },
			{ "id": "delete_events", "title": "Delete Events" },
			{ "id": "run_events", "title": "Run Events" },
			{ "id": "abort_events", "title": "Abort Events" },
			{ "id": "state_update", "title": "Toggle Scheduler" }
		],
		"new_event_template": { 
			"enabled": 1, 
			"params": {}, 
			"timing": { "minutes": [0] },
			"max_children": 1,
			"timeout": 3600,
			"catch_up": 0,
			"queue_max": 1000
		}
	},
	
	"Storage": {
		"engine": "Filesystem",
		"list_page_size": 50,
		"concurrency": 4,
		"log_event_types": { "get": 1, "put": 1, "head": 1, "delete": 1, "expire_set": 1 },
		
		"Filesystem": {
			"base_dir": "data",
			"key_namespaces": 1
		}
	},
	
	"WebServer": {
		"http_port": 3012,
		"http_htdocs_dir": "htdocs",
		"http_max_upload_size": 104857600,
		"http_static_ttl": 3600,
		"http_static_index": "index.html",
		"http_server_signature": "Cronicle 1.0",
		"http_gzip_text": true,
		"http_timeout": 30,
		"http_regex_json": "(text|javascript|js|json)",
		"http_response_headers": {
			"Access-Control-Allow-Origin": "*"
		},
		
		"https": true,
		"https_port": 3013,
		"https_cert_file": "/path/to/le/fullchain.pem",
		"https_key_file": "/path/to/le/key.pem",
		"https_force": true,
		"https_timeout": 30,
		"https_header_detect": {
			"Front-End-Https": "^on$",
			"X-Url-Scheme": "^https$",
			"X-Forwarded-Protocol": "^https$",
			"X-Forwarded-Proto": "^https$",
			"X-Forwarded-Ssl": "^on$"
		}
	},
	
	"User": {
		"session_expire_days": 30,
		"max_failed_logins_per_hour": 5,
		"max_forgot_passwords_per_hour": 3,
		"free_accounts": false,
		"sort_global_users": true,
		"use_bcrypt": true,
		
		"email_templates": {
			"welcome_new_user": "conf/emails/welcome_new_user.txt",
			"changed_password": "conf/emails/changed_password.txt",
			"recover_password": "conf/emails/recover_password.txt"
		},
		
		"default_privileges": {
			"admin": 0,
			"create_events": 1,
			"edit_events": 1,
			"delete_events": 1,
			"run_events": 0,
			"abort_events": 0,
			"state_update": 0
		}
	}
	
}

Operating system and version?

ubuntu 16.04

Node.js version?

$node -v
v8.11.4

Cronicle software version?

last from today

Are you using a multi-server setup, or just a single server?

yes multi server, with one master and one client.

Are you using the filesystem as back-end storage, or S3/Couchbase?

yes, filesystem.

tcpdump

14:00:22.416922 IP slave.3012 > master.56726: Flags [P.], seq 3727457547:3727457722, ack 3411078853, win 235, options [nop,nop,TS val 11176135 ecr 295150963], length 175
14:00:22.439411 IP master.56726 > slave.3012: Flags [.], ack 175, win 1444, options [nop,nop,TS val 295151219 ecr 11176135], length 0
14:00:23.418376 IP slave.3012 > master.56726: Flags [P.], seq 175:350, ack 1, win 235, options [nop,nop,TS val 11176385 ecr 295151219], length 175
14:00:23.426308 IP master.56726 > slave.3012: Flags [.], ack 350, win 1444, options [nop,nop,TS val 295151466 ecr 11176385], length 0
14:00:24.419906 IP slave.3012 > master.56726: Flags [P.], seq 350:525, ack 1, win 235, options [nop,nop,TS val 11176635 ecr 295151466], length 175
14:00:24.429023 IP master.56726 > slave.3012: Flags [.], ack 525, win 1444, options [nop,nop,TS val 295151717 ecr 11176635], length 0
14:00:25.420910 IP slave.3012 > master.56726: Flags [P.], seq 525:699, ack 1, win 235, options [nop,nop,TS val 11176886 ecr 295151717], length 174
14:00:25.480854 IP master.56726 > slave.3012: Flags [.], ack 699, win 1444, options [nop,nop,TS val 295151980 ecr 11176886], length 0

[alex1702]

ok, I still found out that https also occurs.
When adding and I think http is used to check if the server is reachable.
And I would like to close HTTP port 3012 with iptables. Only then the slave is no longer accessible from the master.