[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [jetty-users] Jetty 12 return wrong Host header?
|
Hi,
to me both issues looked related, but yes - it is a bit
different. In my case it affects HTTP/1.1 (as NGINX forwards using
that protocol), in Silvio's it looks HTTP/2.
If I have a bit of time I will try to write a small embedded
jetty reproducer that returns different results for Jetty 10 and
12.
Because Silvio said, that he uses HostHeaderCustomizer I thought
it might be related. But difference is that for me the
getRequestURL() contains wrong port, but for him it is the host
header (I have no checked the Host header here, as the servilet in
questin was using getRequestURL()).
Uwe
Am 14.08.2023 um 00:54 schrieb Silvio
Bierman via jetty-users:
Issue opened:
https://github.com/eclipse/jetty.project/issues/10306
On 13-08-2023 01:31, Greg Wilkins via
jetty-users wrote:
Actually,
I think Uwe's and Silvio's problems are similar but
different.
Silvio, you have no forwarded request customizer headers
and a real "demo.jambo.software:8443" as the host header
value. This could be a http2 issue in recreating that
header.
Uwe's issue is more about the customizer.
So Silvio, perhaps open a second issue?
cheers
P.S. We expect at least a monthly cadence of 12.0.x
releases.
Silvio,
I'll respond more in Uwe's issue. Please post your
details there to help the triage.
cheers
I opened: https://github.com/eclipse/jetty.project/issues/10304
Am 12.08.2023 um 19:30 schrieb Uwe Schindler via
jetty-users:
I have seen the same after upgrading my project
to Java 12. The problem is that all Customizers
are not able to correctly set the port number.
This is a blocker issue, because it makes it
impossible to setup this common setup:
- NGINX as user facing web server with HTTPS
enabled
- NGINX forwarding the requests to jetty listen
only on localhost with some arbitrary port
number (in my case 8081). NGINX sets the
following headers: X-Forwarded-For,
X-Forwarded-Proto, original "Host" header as
sent by client (no rewriting)
- Jetty with: http_config.addCustomizer(new
ForwardedRequestCustomizer());
- Jetty 10 works fine it reads the clien't IP
address and all other information from
X-Forwarded-For, the scheme is read from
X-Forwarded-Proto, and host header is coming
from "Host" header. It also extracts the port
number from the host.
- Jetty 12 is setup in same way, it successfully
extracts the client's IP address and also it
returns secure=true and uses "https://" for
javax.servlet.HttServletRequest#getRequestURL().
But it always adds its own private port number.
I also tried to use setForcedHost("xyz:443") to
make sure it sees a port number. It still
constructs all URLs with port number 8081 where
it listens on.
I will open a bug report. From my experience the
"customize()" method in the RequestCustomizer does
everything right also also returns the port
number, but the javax.servlet API seems to still
use the port number used by the connector's
channel.
I reverted back to Jetty 10. This won't work
here. If you have any suggestion to get the port
corrcet, tell me, everything like subclassing and
implementing my own cutsomizer did not work. I was
not able to debug through everything and figure
out where the listener port gets injected again.
I can say: With current status Jetty 12 is
unuseable with the common proxy setup using
ForwardedRequestCustomizer as it tried to always
inject its own hidden/private port number instead
of the default for the port as negotiated by
client/proxy with the Host header.
--
Uwe Schindler
uschindler@xxxxxxxxxx
ASF Member, Member of PMC and Committer of Apache Lucene and Apache Solr
Bremen, Germany
https://lucene.apache.org/
https://solr.apache.org/
_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users
--
--
_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users
_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users
--
Uwe Schindler
uschindler@xxxxxxxxxx
ASF Member, Member of PMC and Committer of Apache Lucene and Apache Solr
Bremen, Germany
https://lucene.apache.org/
https://solr.apache.org/