2024-09-06 test folksonomy Open Products Facts#
As we have a test to deploy of Open Products Facts, we wanted to test the folksonomy functionality.
But it can't work as it is today because of authentication problems.
How it works#
We use the session cookie to authenticate, and if we are using openproductsfacts.org, the cookie is not the same as openfoodfacts.org (because cookies can't be shared between domains).
The best way to do it is to have folksonomy engine available on each domain:
- api.folksonomy.openfoodfacts.org
- api.folksonomy.openproductsfacts.org
Each of those authenticate to the corresponding world.
Amend Folksonomy API#
I changed folksonomy API so that it deduces the server to which to authenticate from the url it is called.
Make Folksonomy API available on each domain#
I changed DNS Zones at OVH to have:
- new.openproductsfacts.org CNAME openproductsfacts.org
- *.new.openproductsfacts.org CNAME openproductsfacts.org
- api.folksonomy.new.openproductsfacts.org CNAME proxy1.openfoodfacts.org
- api.folksonomy.openproductsfacts.org CNAME proxy1.openfoodfacts.org
I modified ovh reverse proxy file for folksonomy api, to add api.folksonomy.openproductsfacts.org and api.folksonomy.new.openproductsfacts.org to server_name in both http and https sections.
I then nginx -t and systemctl reload nginx.
I then extend the certificate by running:
certbot -d 'api.folksonomy.openfoodfacts.org' -d 'api.folksonomy.openproductsfacts.org' -d 'api.folksonomy.new.openproductsfacts.org'
See commit fce11096a
Avoid basic auth#
I still had a problem, because we put basic auth in front of https://new.openproductsfacts.org to avoid accidentally indexing it.
But this was preventing folksonomy service to use this auth api, as there was no way to add basic auth.
So I modified the new.openproductsfacts.org configuration on ovh reverse proxy to remove the basic auth for /cgi path… and it worked.