Re: [jetty-users] Solr admin UI redirecting root path requests to http i

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [jetty-users] Solr admin UI redirecting root path requests to http instead of https

From: Uwe Schindler <uschindler@xxxxxxxxxx>
Date: Tue, 24 May 2022 10:17:46 +0200
Delivered-to: jetty-users@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/jetty-users/>
List-help: <mailto:jetty-users-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=unsubscribe>
Organization: Apache Software Foundation
User-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.9.1

Hi Shawn,

as Greg Wilkins already said, there are often problems with proxies nottransferring the correct information to backend. What I was not able tofigure out from the Solr issue:


Is only the proxy HTTPS and Solr is HTTP, or are both HTTP?

If Solr works with HTTP and the TLS termination is only done by theproxy, then it is definitely a configuration problem of both Solr and Proxy:

- You need to enable the reverse proxy customizer in Solr:https://www.eclipse.org/jetty/javadoc/jetty-9/org/eclipse/jetty/server/ForwardedRequestCustomizer.html- This one gets the special proxy "X-Forwarded-..." headers and sets theinternal request parameters inside Jetty correct

- The proxy has to be configured to send above headers, especially the"X-Forwarded-Proto" needs to be set. Apache does not do this by default,nginx does (seehttps://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Proto).


Uwe

Am 24.05.2022 um 06:52 schrieb Shawn Heisey:

I'm with the Solr project. Solr runs in Jetty. It is not embedded,the startup script runs start.jar.
I'm trying to help one of our users with a problem. They have a proxyserver handling TLS, Solr listens without encryption.
Here's the bug report on Solr:

https://issues.apache.org/jira/browse/SOLR-16200/
If they access the admin UI via the proxy server using https on the/solr URL path, where the webapp lives, everything's fine. All linksstay https even though Solr is listening without encryption. But ifthey access the root URL with https, Jetty is redirecting them to aURL that is hardcoded as http://server:port/solr/ instead ofpreserving the https:// that was used to access it, which doesn'twork, because the proxy is configured with TLS. I have reproduced theproblem. I found a way to work around the issue with my proxy server,but it would be really nice if that was not required.
Is there any way in the jetty config to have it preserve the URLscheme when it redirects? If it were to redirect to a relative pathof /solr instead of an absolute URL that contains http:// that wouldfix it.
What information do I need to provide to help troubleshoot and find afix?
Thanks,
Shawn

_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To unsubscribe from this list, visithttps://www.eclipse.org/mailman/listinfo/jetty-users


--
Uwe Schindler
uschindler@xxxxxxxxxx
ASF Member, Member of PMC and Committer of Apache Lucene and Apache Solr
Bremen, Germany
https://lucene.apache.org/
https://solr.apache.org/

References:
- [jetty-users] Solr admin UI redirecting root path requests to http instead of https
  - From: Shawn Heisey

Prev by Date: Re: [jetty-users] Solr admin UI redirecting root path requests to http instead of https
Next by Date: Re: [jetty-users] Solr admin UI redirecting root path requests to http instead of https
Previous by thread: Re: [jetty-users] Solr admin UI redirecting root path requests to http instead of https
Next by thread: [jetty-users] copyright/license to jetty-base/etc/keystore?
Index(es):
- Date
- Thread

Breadcrumbs