Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] Jetty 12 return wrong Host header?

Hi,

to me both issues looked related, but yes - it is a bit different. In my case it affects HTTP/1.1 (as NGINX forwards using that protocol), in Silvio's it looks HTTP/2.

If I have a bit of time I will try to write a small embedded jetty reproducer that returns different results for Jetty 10 and 12.

Because Silvio said, that he uses HostHeaderCustomizer I thought it might be related. But difference is that for me the getRequestURL() contains wrong port, but for him it is the host header (I have no checked the Host header here, as the servilet in questin was using getRequestURL()).

Uwe

Am 14.08.2023 um 00:54 schrieb Silvio Bierman via jetty-users:
Issue opened:

https://github.com/eclipse/jetty.project/issues/10306

On 13-08-2023 01:31, Greg Wilkins via jetty-users wrote:
Actually,

I think Uwe's and Silvio's problems are similar but different.  

Silvio, you have no forwarded request customizer headers and a real "demo.jambo.software:8443" as the host header value.  This could be a http2 issue in recreating that header.
Uwe's issue is more about the customizer.

So Silvio, perhaps open a second issue?

cheers

P.S. We expect at least a monthly cadence of 12.0.x releases.



On Sun, 13 Aug 2023 at 08:52, Greg Wilkins <gregw@xxxxxxxxxxx> wrote:
Silvio,

I'll respond more in Uwe's issue.  Please post your details there to help the triage.

cheers



On Sun, 13 Aug 2023 at 05:19, Uwe Schindler via jetty-users <jetty-users@xxxxxxxxxxx> wrote:

I opened: https://github.com/eclipse/jetty.project/issues/10304

Am 12.08.2023 um 19:30 schrieb Uwe Schindler via jetty-users:

I have seen the same after upgrading my project to Java 12. The problem is that all Customizers are not able to correctly set the port number.

This is a blocker issue, because it makes it impossible to setup this common setup:

  • NGINX as user facing web server with HTTPS enabled
  • NGINX forwarding the requests to jetty listen only on localhost with some arbitrary port number (in my case 8081). NGINX sets the following headers: X-Forwarded-For, X-Forwarded-Proto, original "Host" header as sent by client (no rewriting)
  • Jetty with: http_config.addCustomizer(new ForwardedRequestCustomizer());
  • Jetty 10 works fine it reads the clien't IP address and all other information from X-Forwarded-For, the scheme is read from X-Forwarded-Proto, and host header is coming from "Host" header. It also extracts the port number from the host.
  • Jetty 12 is setup in same way, it successfully extracts the client's IP address and also it returns secure=true and uses "https://" for javax.servlet.HttServletRequest#getRequestURL(). But it always adds its own private port number. I also tried to use setForcedHost("xyz:443") to make sure it sees a port number. It still constructs all URLs with port number 8081 where it listens on.

I will open a bug report. From my experience the "customize()" method in the RequestCustomizer does everything right also also returns the port number, but the javax.servlet API seems to still use the port number used by the connector's channel.

I reverted back to Jetty 10. This won't work here. If you have any suggestion to get the port corrcet, tell me, everything like subclassing and implementing my own cutsomizer did not work. I was not able to debug through everything and figure out where the listener port gets injected again.

I can say: With current status Jetty 12 is unuseable with the common proxy setup using ForwardedRequestCustomizer as it tried to always inject its own hidden/private port number instead of the default for the port as negotiated by client/proxy with the Host header.

-- 
Uwe Schindler
uschindler@xxxxxxxxxx 
ASF Member, Member of PMC and Committer of Apache Lucene and Apache Solr
Bremen, Germany
https://lucene.apache.org/
https://solr.apache.org/
_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users


--


--

_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users


_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users
-- 
Uwe Schindler
uschindler@xxxxxxxxxx 
ASF Member, Member of PMC and Committer of Apache Lucene and Apache Solr
Bremen, Germany
https://lucene.apache.org/
https://solr.apache.org/

Back to the top