Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 7.1.3.Final (EAP), EAP 6.1.0.Alpha (7.2.0.Final)
Affects Version/s: 7.1.1.Final
Component/s: Documentation, Domain Management
Labels:
None

Workaround Description:

Hide

add something like this to config (reported to NOT work with all apache httpd versions and fails to cover the case when opening http://server_public_ip /notice the lack of trailing slash/):
<Location /asconsole/>
ProxyPassReverse /
</Location>

Second workaround: use URL rewriting but this is more complicated and it seems less flexible

Show
add something like this to config (reported to NOT work with all apache httpd versions and fails to cover the case when opening http://server_public_ip /notice the lack of trailing slash/): <Location /asconsole/> ProxyPassReverse / </Location> Second workaround: use URL rewriting but this is more complicated and it seems less flexible
Git Pull Request:
https://github.com/jbossas/jboss-as/pull/2656, https://github.com/jbossas/jboss-as/pull/2657

Description

The HTTP interface uses relative address in Location header when redirecting:

$ curl -v localhost:9990
* About to connect() to localhost port 9990 (#0)
*   Trying 127.0.0.1... connected
* Connected to localhost (127.0.0.1) port 9990 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.12.9.0 zlib/1.2.3 libidn/1.18 libssh2/1.2.2
> Host: localhost:9990
> Accept: */*
> 
< HTTP/1.1 301 Moved Permanently
< Transfer-encoding: chunked
< Location: /console/index.html
< Date: Wed, 04 Apr 2012 12:50:14 GMT
< 
* Connection #0 to host localhost left intact
* Closing connection #0

This is a problem running a reverse proxy to server the console. RFC 1945 requires that to be a complete absolute URI [1]. The problem is that mod_proxy expects a complete URI. The problem manifests when proxying is performed on path other than ROOT of the http server (e.g. you open http://server_public_hostname/asconsole to access console). A typical mod_proxy configuration in this case would be:

ProxyPass /asconsole/ http://localhost:9990/
ProxyPassReverse /asconsole/ http://localhost:9990/
ProxyPassReverseCookiePath / /asconsole/
ProxyPassReverseCookieDomain localhost server_public_hostname

redirects in this case are not translated by mod_proxy because it matches against string "http://localhost:9990/". And one is redirected to /something instead of /asconsole/something.

curl output:

curl -v http://my_public_hostname/asconsole
* About to connect() to my_public_hostname port 80 (#0)
*   Trying 24.24.164.76... connected
* Connected to my_public_hostname (24.24.164.76) port 80 (#0)
> GET /asconsole HTTP/1.1
> User-Agent: curl/7.21.0 (i486-pc-linux-gnu) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.15 libssh2/1.2.6
> Host: my_public_hostname
> Accept: */*
> 
< HTTP/1.1 301 Moved Permanently
< Date: Wed, 04 Apr 2012 12:29:30 GMT
< Location: /console/index.html
< Connection: close
< Transfer-Encoding: chunked
< Content-Type: text/plain; charset=UTF-8
< 
* Closing connection #0

The workarounds are described in the workaround section.

I'm not really sure what the best approach for this problem would be. Using the Host header of request makes some sense but if one already uses ProxyPreserveHost On then it can also affect this functionality. Hardcoding the URL would be a complication to configuration. Perhaps making the behavior configurable and documented would be best.

[1] http://en.wikipedia.org/wiki/HTTP_location

Attachments

Issue Links

is related to

AS7-4391 admin console proxying vs header Origin

Resolved

Activity

People

Assignee:: Darran Lofthouse

Reporter:: Aleksandar Kostadinov

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2012/04/04 9:13 AM

Updated:: 2012/07/12 7:22 AM

Resolved:: 2012/07/12 7:22 AM