Re: [jetty-users] Solr admin UI redirecting root path requests to http i

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [jetty-users] Solr admin UI redirecting root path requests to http instead of https

From: Joakim Erdfelt <joakim@xxxxxxxxxxx>
Date: Tue, 24 May 2022 13:30:07 -0500
Delivered-to: jetty-users@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/jetty-users/>
List-help: <mailto:jetty-users-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=unsubscribe>

If you are going to use the ForwardedRequestCustomizer do yourself a favor and only use the RFC 7239 mode.

Do not use the X-Forwarded-* headers, they are a giant mess of conflicting behaviors and rules with no standardization behind them.

Big players interpret the headers differently (Google, vs AWS, vs Azure, vs haproxy, etc)

Only use the `Forwarded` header, per the https://tools.ietf.org/html/rfc7239 spec.

You'll eliminate so many support issues just by doing this.

Joakim Erdfelt / joakim@xxxxxxxxxxx

On Tue, May 24, 2022 at 12:09 PM Shawn Heisey <eclipse@xxxxxxxxxxxx> wrote:

On 5/24/22 10:31, Shawn Heisey wrote:
> Where would I do HttpConfiguration.setRelativeRedirectAllowed(true)?
> That looks like Java code, and Jetty is not embedded. This is the
> jetty.xml in Solr 8.x:
>
> https://gitbox.apache.org/repos/asf?p=lucene-solr.git;a=blob_plain;f=solr/server/etc/jetty.xml;h=e2f4ab095984aac27185a9879964862f9ba35d4d;hb=refs/heads/branch_8_11

If we incorporated the ForwardedRequestCustomizer that Uwe mentioned in
our jetty config, would that work for those using a proxy as well as
those NOT using a proxy? I see that this config is already in our
jetty.xml, commented.

What I am hoping for is coming up with an xml config that allows this to
work properly for all users whether they incorporate a proxy or not.
Most proxies send X-Forwarded-For, and configuring X-Forwarded-Proto is
typically very easy.

I uncommented the call to ForwardedRequestCustomizer and configured
haproxy to send the X-Forwarded-Proto header. This fixed the redirect,
and it looks like a request sent directly to Solr still works properly
too. Can anyone imagine any unintended side effects from uncommenting
ForwardedRequestCustomizer in our source repo's XML configs for jetty?

Is there a more generic fix that would cause jetty to NOT send an
absolute URL path in its redirect? (what I was initially aiming for)

Thanks,
Shawn

_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users

Follow-Ups:
- Re: [jetty-users] Solr admin UI redirecting root path requests to http instead of https
  - From: Shawn Heisey

References:
- [jetty-users] Solr admin UI redirecting root path requests to http instead of https
  - From: Shawn Heisey
- Re: [jetty-users] Solr admin UI redirecting root path requests to http instead of https
  - From: Greg Wilkins
- Re: [jetty-users] Solr admin UI redirecting root path requests to http instead of https
  - From: Shawn Heisey
- Re: [jetty-users] Solr admin UI redirecting root path requests to http instead of https
  - From: Shawn Heisey

Prev by Date: Re: [jetty-users] Solr admin UI redirecting root path requests to http instead of https
Next by Date: Re: [jetty-users] Solr admin UI redirecting root path requests to http instead of https
Previous by thread: Re: [jetty-users] Solr admin UI redirecting root path requests to http instead of https
Next by thread: Re: [jetty-users] Solr admin UI redirecting root path requests to http instead of https
Index(es):
- Date
- Thread

Breadcrumbs