Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] Jetty 12 return wrong Host header?

I opened: https://github.com/eclipse/jetty.project/issues/10304

Am 12.08.2023 um 19:30 schrieb Uwe Schindler via jetty-users:

I have seen the same after upgrading my project to Java 12. The problem is that all Customizers are not able to correctly set the port number.

This is a blocker issue, because it makes it impossible to setup this common setup:

  • NGINX as user facing web server with HTTPS enabled
  • NGINX forwarding the requests to jetty listen only on localhost with some arbitrary port number (in my case 8081). NGINX sets the following headers: X-Forwarded-For, X-Forwarded-Proto, original "Host" header as sent by client (no rewriting)
  • Jetty with: http_config.addCustomizer(new ForwardedRequestCustomizer());
  • Jetty 10 works fine it reads the clien't IP address and all other information from X-Forwarded-For, the scheme is read from X-Forwarded-Proto, and host header is coming from "Host" header. It also extracts the port number from the host.
  • Jetty 12 is setup in same way, it successfully extracts the client's IP address and also it returns secure=true and uses "https://" for javax.servlet.HttServletRequest#getRequestURL(). But it always adds its own private port number. I also tried to use setForcedHost("xyz:443") to make sure it sees a port number. It still constructs all URLs with port number 8081 where it listens on.

I will open a bug report. From my experience the "customize()" method in the RequestCustomizer does everything right also also returns the port number, but the javax.servlet API seems to still use the port number used by the connector's channel.

I reverted back to Jetty 10. This won't work here. If you have any suggestion to get the port corrcet, tell me, everything like subclassing and implementing my own cutsomizer did not work. I was not able to debug through everything and figure out where the listener port gets injected again.

I can say: With current status Jetty 12 is unuseable with the common proxy setup using ForwardedRequestCustomizer as it tried to always inject its own hidden/private port number instead of the default for the port as negotiated by client/proxy with the Host header.

-- 
Uwe Schindler
uschindler@xxxxxxxxxx 
ASF Member, Member of PMC and Committer of Apache Lucene and Apache Solr
Bremen, Germany
https://lucene.apache.org/
https://solr.apache.org/

Back to the top