Publishing Octopus Deploy Admin Site through Citrix Netscaler

We published our Octopus Deploy instance in the past through our citrix netscaler to make it available to folks working from home etc. After an in place upgrade to 2.3 on the same machine it no longer works.

This appears to be due to us doing SSL decode in the netscaler instead of passing it through to Octopus Deploy. It attempts to do redirects to non-SSL host names that no longer work.

Is there a setting I can set to tell it to use https for redirects without actually having it listen on HTTPS?

Hi Chris - no, there’s no setting of this kind currently. Can you please let us know an example redirect that is causing trouble? We may be able to figure something out.

Regards,
Nick

Happens immediately. I access https://build.everymove.org and it
immediately redirects to http://build.everymove.org/app

That stops me dead

We hit this frequently with sites that make assumptions about the protocol.

Sent from my iPhone

Thanks for the details. I’ve raised an issue at https://github.com/OctopusDeploy/Issues/issues/865

In the meantime:

  • Does Octopus run correctly if you navigate directly to https://build.everymove.org/app ?
  • Can you enable SSL on the Octopus server and use HTTPS between the appliance and Octopus?

Regards,
Nick

  1. No. I believe it still does a redirect but will check in the morning.

  2. Not really. Careful about where we deploy our certs especially after
    heart bleed. Performance would also be poor also due to essentially
    encrypting/decrypting twice. Sad thing is 1.x worked great. 2.x breaks
    badly…

On #1 I was wrong. If I initially request
https://build.everymove.org:8081/app#/ then it is good to go at least to
the dashboard. Haven’t checked if it breaks further on down the road…

OK, good to hear; let us know if you hit anything else, we’ll follow up via the GitHub issue.

Cheers,
Nick