Improved maintenance page handling of 503 errors [release_2.0] (#2202)

* Improved maintenance page handling of 503 errors [release_2.0]
Fixes #2196
* Fix maintenance to allow redirect back to OnDemand

ood-portal-generator/spec/fixtures/ood-portal.conf.all

@@ -70,12 +70,10 @@ Listen 8080
   RewriteEngine On
   RewriteCond /var/www/configured/public/maintenance/index.html -f
   RewriteCond /etc/ood/maintenance.enable -f
-  RewriteCond %{REQUEST_URI} !/public/maintenance/.*$
+  RewriteCond %{REQUEST_URI} !/assets/maintenance/.*$
   RewriteCond %{REMOTE_ADDR} !^192\.168\.0\..*
   RewriteCond %{REMOTE_ADDR} !^192\.168\.1\..*
-  RewriteRule ^.*$ /assets/maintenance/index.html [R=503,L]
-  ErrorDocument 503 /assets/maintenance/index.html
-  Header Set Cache-Control "max-age=0, no-store"
+  RewriteRule ^.*$ /assets/maintenance/index.html [R=302,L]
 
   Header always set Content-Security-Policy "frame-ancestors https://test.server.name;"
   Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
@@ -233,6 +231,20 @@ Listen 8080
     Require valid-user
   </Location>
 
+  # Maintenance location
+  #
+  #     https://test.server.name:8080/assets/maintenance
+  #     #=> Displays /var/www/configured/public/maintenance/index.html
+  #
+  <Directory "/var/www/configured/public/maintenance">
+    RewriteCond /etc/ood/maintenance.enable !-f
+    ReWriteRule ^.*$ /
+
+    RewriteCond %{REQUEST_URI} !/assets/maintenance/index\.html$
+    RewriteRule ^.*$ /assets/maintenance/index.html [R=503,L]
+    ErrorDocument 503 /assets/maintenance/index.html
+  </Directory>
+
   # Discover URI for OpenID Connect (used for multiple Id Providers):
   #
   #     https://test.server.name:8080/discover

ood-portal-generator/spec/fixtures/ood-portal.conf.default

@@ -53,9 +53,7 @@
   RewriteCond /var/www/ood/public/maintenance/index.html -f
   RewriteCond /etc/ood/maintenance.enable -f
   RewriteCond %{REQUEST_URI} !/public/maintenance/.*$
-  RewriteRule ^.*$ /public/maintenance/index.html [R=503,L]
-  ErrorDocument 503 /public/maintenance/index.html
-  Header Set Cache-Control "max-age=0, no-store"
+  RewriteRule ^.*$ /public/maintenance/index.html [R=302,L]
 
   Header always set Content-Security-Policy "frame-ancestors http://example.com;"
 
@@ -147,5 +145,19 @@
   Redirect "/logout" "/pun/sys/dashboard/logout"
 
 
+  # Maintenance location
+  #
+  #     http://localhost:80/public/maintenance
+  #     #=> Displays /var/www/ood/public/maintenance/index.html
+  #
+  <Directory "/var/www/ood/public/maintenance">
+    RewriteCond /etc/ood/maintenance.enable !-f
+    ReWriteRule ^.*$ /
+
+    RewriteCond %{REQUEST_URI} !/public/maintenance/index\.html$
+    RewriteRule ^.*$ /public/maintenance/index.html [R=503,L]
+    ErrorDocument 503 /public/maintenance/index.html
+  </Directory>
+
 
 </VirtualHost>

ood-portal-generator/spec/fixtures/ood-portal.conf.dex

@@ -53,9 +53,7 @@
   RewriteCond /var/www/ood/public/maintenance/index.html -f
   RewriteCond /etc/ood/maintenance.enable -f
   RewriteCond %{REQUEST_URI} !/public/maintenance/.*$
-  RewriteRule ^.*$ /public/maintenance/index.html [R=503,L]
-  ErrorDocument 503 /public/maintenance/index.html
-  Header Set Cache-Control "max-age=0, no-store"
+  RewriteRule ^.*$ /public/maintenance/index.html [R=302,L]
 
   Header always set Content-Security-Policy "frame-ancestors http://example.com;"
 
@@ -170,5 +168,19 @@
     Require valid-user
   </Location>
 
+  # Maintenance location
+  #
+  #     http://localhost:80/public/maintenance
+  #     #=> Displays /var/www/ood/public/maintenance/index.html
+  #
+  <Directory "/var/www/ood/public/maintenance">
+    RewriteCond /etc/ood/maintenance.enable !-f
+    ReWriteRule ^.*$ /
+
+    RewriteCond %{REQUEST_URI} !/public/maintenance/index\.html$
+    RewriteRule ^.*$ /public/maintenance/index.html [R=503,L]
+    ErrorDocument 503 /public/maintenance/index.html
+  </Directory>
+
 
 </VirtualHost>

ood-portal-generator/spec/fixtures/ood-portal.conf.dex-full

@@ -65,9 +65,7 @@
   RewriteCond /var/www/ood/public/maintenance/index.html -f
   RewriteCond /etc/ood/maintenance.enable -f
   RewriteCond %{REQUEST_URI} !/public/maintenance/.*$
-  RewriteRule ^.*$ /public/maintenance/index.html [R=503,L]
-  ErrorDocument 503 /public/maintenance/index.html
-  Header Set Cache-Control "max-age=0, no-store"
+  RewriteRule ^.*$ /public/maintenance/index.html [R=302,L]
 
   Header always set Content-Security-Policy "frame-ancestors https://example.com;"
   Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
@@ -188,5 +186,19 @@
     Require valid-user
   </Location>
 
+  # Maintenance location
+  #
+  #     https://example.com:443/public/maintenance
+  #     #=> Displays /var/www/ood/public/maintenance/index.html
+  #
+  <Directory "/var/www/ood/public/maintenance">
+    RewriteCond /etc/ood/maintenance.enable !-f
+    ReWriteRule ^.*$ /
+
+    RewriteCond %{REQUEST_URI} !/public/maintenance/index\.html$
+    RewriteRule ^.*$ /public/maintenance/index.html [R=503,L]
+    ErrorDocument 503 /public/maintenance/index.html
+  </Directory>
+
 
 </VirtualHost>

ood-portal-generator/spec/fixtures/ood-portal.conf.dex-ldap

@@ -65,9 +65,7 @@
   RewriteCond /var/www/ood/public/maintenance/index.html -f
   RewriteCond /etc/ood/maintenance.enable -f
   RewriteCond %{REQUEST_URI} !/public/maintenance/.*$
-  RewriteRule ^.*$ /public/maintenance/index.html [R=503,L]
-  ErrorDocument 503 /public/maintenance/index.html
-  Header Set Cache-Control "max-age=0, no-store"
+  RewriteRule ^.*$ /public/maintenance/index.html [R=302,L]
 
   Header always set Content-Security-Policy "frame-ancestors https://example.com;"
   Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
@@ -188,5 +186,19 @@
     Require valid-user
   </Location>
 
+  # Maintenance location
+  #
+  #     https://example.com:443/public/maintenance
+  #     #=> Displays /var/www/ood/public/maintenance/index.html
+  #
+  <Directory "/var/www/ood/public/maintenance">
+    RewriteCond /etc/ood/maintenance.enable !-f
+    ReWriteRule ^.*$ /
+
+    RewriteCond %{REQUEST_URI} !/public/maintenance/index\.html$
+    RewriteRule ^.*$ /public/maintenance/index.html [R=503,L]
+    ErrorDocument 503 /public/maintenance/index.html
+  </Directory>
+
 
 </VirtualHost>

ood-portal-generator/spec/fixtures/ood-portal.conf.dex-proxy

@@ -65,9 +65,7 @@
   RewriteCond /var/www/ood/public/maintenance/index.html -f
   RewriteCond /etc/ood/maintenance.enable -f
   RewriteCond %{REQUEST_URI} !/public/maintenance/.*$
-  RewriteRule ^.*$ /public/maintenance/index.html [R=503,L]
-  ErrorDocument 503 /public/maintenance/index.html
-  Header Set Cache-Control "max-age=0, no-store"
+  RewriteRule ^.*$ /public/maintenance/index.html [R=302,L]
 
   Header always set Content-Security-Policy "frame-ancestors https://example.com;"
   Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
@@ -194,5 +192,19 @@
     Require valid-user
   </Location>
 
+  # Maintenance location
+  #
+  #     https://example.com:443/public/maintenance
+  #     #=> Displays /var/www/ood/public/maintenance/index.html
+  #
+  <Directory "/var/www/ood/public/maintenance">
+    RewriteCond /etc/ood/maintenance.enable !-f
+    ReWriteRule ^.*$ /
+
+    RewriteCond %{REQUEST_URI} !/public/maintenance/index\.html$
+    RewriteRule ^.*$ /public/maintenance/index.html [R=503,L]
+    ErrorDocument 503 /public/maintenance/index.html
+  </Directory>
+
 
 </VirtualHost>

ood-portal-generator/spec/fixtures/ood-portal.conf.maint_with_ips

@@ -55,9 +55,7 @@
   RewriteCond %{REQUEST_URI} !/public/maintenance/.*$
   RewriteCond %{REMOTE_ADDR} !^192\.168\.1\..*
   RewriteCond %{REMOTE_ADDR} !^10\.0\.0\..*
-  RewriteRule ^.*$ /public/maintenance/index.html [R=503,L]
-  ErrorDocument 503 /public/maintenance/index.html
-  Header Set Cache-Control "max-age=0, no-store"
+  RewriteRule ^.*$ /public/maintenance/index.html [R=302,L]
 
   Header always set Content-Security-Policy "frame-ancestors http://example.com;"
 
@@ -149,5 +147,19 @@
   Redirect "/logout" "/pun/sys/dashboard/logout"
 
 
+  # Maintenance location
+  #
+  #     http://localhost:80/public/maintenance
+  #     #=> Displays /var/www/ood/public/maintenance/index.html
+  #
+  <Directory "/var/www/ood/public/maintenance">
+    RewriteCond /etc/ood/maintenance.enable !-f
+    ReWriteRule ^.*$ /
+
+    RewriteCond %{REQUEST_URI} !/public/maintenance/index\.html$
+    RewriteRule ^.*$ /public/maintenance/index.html [R=503,L]
+    ErrorDocument 503 /public/maintenance/index.html
+  </Directory>
+
 
 </VirtualHost>

ood-portal-generator/spec/fixtures/ood-portal.conf.nomaint

@@ -138,5 +138,4 @@
   Redirect "/logout" "/pun/sys/dashboard/logout"
 
 
-
 </VirtualHost>

ood-portal-generator/spec/fixtures/ood-portal.conf.oidc

@@ -57,9 +57,7 @@
   RewriteCond /var/www/ood/public/maintenance/index.html -f
   RewriteCond /etc/ood/maintenance.enable -f
   RewriteCond %{REQUEST_URI} !/public/maintenance/.*$
-  RewriteRule ^.*$ /public/maintenance/index.html [R=503,L]
-  ErrorDocument 503 /public/maintenance/index.html
-  Header Set Cache-Control "max-age=0, no-store"
+  RewriteRule ^.*$ /public/maintenance/index.html [R=302,L]
 
   Header always set Content-Security-Policy "frame-ancestors http://ondemand.example.com;"
 
@@ -178,5 +176,19 @@
     Require valid-user
   </Location>
 
+  # Maintenance location
+  #
+  #     http://ondemand.example.com:80/public/maintenance
+  #     #=> Displays /var/www/ood/public/maintenance/index.html
+  #
+  <Directory "/var/www/ood/public/maintenance">
+    RewriteCond /etc/ood/maintenance.enable !-f
+    ReWriteRule ^.*$ /
+
+    RewriteCond %{REQUEST_URI} !/public/maintenance/index\.html$
+    RewriteRule ^.*$ /public/maintenance/index.html [R=503,L]
+    ErrorDocument 503 /public/maintenance/index.html
+  </Directory>
+
 
 </VirtualHost>

ood-portal-generator/spec/fixtures/ood-portal.conf.oidc-ssl

@@ -65,9 +65,7 @@
   RewriteCond /var/www/ood/public/maintenance/index.html -f
   RewriteCond /etc/ood/maintenance.enable -f
   RewriteCond %{REQUEST_URI} !/public/maintenance/.*$
-  RewriteRule ^.*$ /public/maintenance/index.html [R=503,L]
-  ErrorDocument 503 /public/maintenance/index.html
-  Header Set Cache-Control "max-age=0, no-store"
+  RewriteRule ^.*$ /public/maintenance/index.html [R=302,L]
 
   Header always set Content-Security-Policy "frame-ancestors https://ondemand.example.com;"
   Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
@@ -192,5 +190,19 @@
     Require valid-user
   </Location>
 
+  # Maintenance location
+  #
+  #     https://ondemand.example.com:443/public/maintenance
+  #     #=> Displays /var/www/ood/public/maintenance/index.html
+  #
+  <Directory "/var/www/ood/public/maintenance">
+    RewriteCond /etc/ood/maintenance.enable !-f
+    ReWriteRule ^.*$ /
+
+    RewriteCond %{REQUEST_URI} !/public/maintenance/index\.html$
+    RewriteRule ^.*$ /public/maintenance/index.html [R=503,L]
+    ErrorDocument 503 /public/maintenance/index.html
+  </Directory>
+
 
 </VirtualHost>

ood-portal-generator/spec/fixtures/ood-portal.dex-full.proxy.conf

@@ -65,9 +65,7 @@
   RewriteCond /var/www/ood/public/maintenance/index.html -f
   RewriteCond /etc/ood/maintenance.enable -f
   RewriteCond %{REQUEST_URI} !/public/maintenance/.*$
-  RewriteRule ^.*$ /public/maintenance/index.html [R=503,L]
-  ErrorDocument 503 /public/maintenance/index.html
-  Header Set Cache-Control "max-age=0, no-store"
+  RewriteRule ^.*$ /public/maintenance/index.html [R=302,L]
 
   Header always set Content-Security-Policy "frame-ancestors https://example.com;"
   Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
@@ -188,5 +186,19 @@
     Require valid-user
   </Location>
 
+  # Maintenance location
+  #
+  #     https://example.com:443/public/maintenance
+  #     #=> Displays /var/www/ood/public/maintenance/index.html
+  #
+  <Directory "/var/www/ood/public/maintenance">
+    RewriteCond /etc/ood/maintenance.enable !-f
+    ReWriteRule ^.*$ /
+
+    RewriteCond %{REQUEST_URI} !/public/maintenance/index\.html$
+    RewriteRule ^.*$ /public/maintenance/index.html [R=503,L]
+    ErrorDocument 503 /public/maintenance/index.html
+  </Directory>
+
 
 </VirtualHost>

ood-portal-generator/spec/fixtures/sum.default

@@ -1 +1 @@
-e5891fae1abde47d878ecbda0edbed7a132afa7ea166ecdaecb2214547fe102d /opt/rh/httpd24/root/etc/httpd/conf.d/ood-portal.conf
+5469faf1d24def9ce0693da1d892b39c17451904ce90d249f728970c5a9b8cbb /opt/rh/httpd24/root/etc/httpd/conf.d/ood-portal.conf

ood-portal-generator/templates/ood-portal.conf.erb

@@ -86,13 +86,11 @@ Listen <%= addr_port %>
   RewriteEngine On
   RewriteCond <%= @public_root %>/maintenance/index.html -f
   RewriteCond /etc/ood/maintenance.enable -f
-  RewriteCond %{REQUEST_URI} !/public/maintenance/.*$
+  RewriteCond %{REQUEST_URI} !<%= @public_uri %>/maintenance/.*$
   <%- @maintenance_ip_whitelist.each do |ip| -%>
   RewriteCond %{REMOTE_ADDR} !^<%= escape_ip(ip) %>
   <%- end -%>
-  RewriteRule ^.*$ <%= @public_uri %>/maintenance/index.html [R=503,L]
-  ErrorDocument 503 <%= @public_uri %>/maintenance/index.html
-  Header Set Cache-Control "max-age=0, no-store"
+  RewriteRule ^.*$ <%= @public_uri %>/maintenance/index.html [R=302,L]
 
   <%- end -%>
   <%- if @security_csp_frame_ancestors -%>
@@ -323,7 +321,23 @@ Listen <%= addr_port %>
     <%- end -%>
   </Location>
   <%- end -%>
+  <%- if @use_rewrites && @use_maintenance -%>
+
+  # Maintenance location
+  #
+  #     <%= @ssl ? "https" : "http" %>://<%= @servername || "localhost" %>:<%= @port %><%= @public_uri %>/maintenance
+  #     #=> Displays <%= @public_root %>/maintenance/index.html
+  #
+  <Directory "<%= @public_root %>/maintenance">
+    RewriteCond /etc/ood/maintenance.enable !-f
+    ReWriteRule ^.*$ /
 
+    RewriteCond %{REQUEST_URI} !<%= @public_uri %>/maintenance/index\.html$
+    RewriteRule ^.*$ <%= @public_uri %>/maintenance/index.html [R=503,L]
+    ErrorDocument 503 <%= @public_uri %>/maintenance/index.html
+  </Directory>
+
+  <%- end -%>
   <%- if @oidc_discover_uri && @oidc_discover_root -%>
   # Discover URI for OpenID Connect (used for multiple Id Providers):
   #