I opened: https://github.com/eclipse/jetty.project/issues/10304
Am 12.08.2023 um 19:30 schrieb Uwe Schindler via jetty-users:
I have seen the same after upgrading my project to Java 12. The
problem is that all Customizers are not able to correctly set the port
number.
This is a blocker issue, because it makes it impossible to setup this
common setup:
* NGINX as user facing web server with HTTPS enabled
* NGINX forwarding the requests to jetty listen only on localhost
with some arbitrary port number (in my case 8081). NGINX sets the
following headers: X-Forwarded-For, X-Forwarded-Proto, original
"Host" header as sent by client (no rewriting)
* Jetty with: http_config.addCustomizer(new
ForwardedRequestCustomizer());
* Jetty 10 works fine it reads the clien't IP address and all other
information from X-Forwarded-For, the scheme is read from
X-Forwarded-Proto, and host header is coming from "Host" header.
It also extracts the port number from the host.
* Jetty 12 is setup in same way, it successfully extracts the
client's IP address and also it returns secure=true and uses
"https://" for javax.servlet.HttServletRequest#getRequestURL().
But it always adds its own private port number. I also tried to
use setForcedHost("xyz:443") to make sure it sees a port number.
It still constructs all URLs with port number 8081 where it
listens on.
I will open a bug report. From my experience the "customize()" method
in the RequestCustomizer does everything right also also returns the
port number, but the javax.servlet API seems to still use the port
number used by the connector's channel.
I reverted back to Jetty 10. This won't work here. If you have any
suggestion to get the port corrcet, tell me, everything like
subclassing and implementing my own cutsomizer did not work. I was not
able to debug through everything and figure out where the listener
port gets injected again.
I can say: With current status Jetty 12 is unuseable with the common
proxy setup using ForwardedRequestCustomizer as it tried to always
inject its own hidden/private port number instead of the default for
the port as negotiated by client/proxy with the Host header.
--
Uwe Schindler
uschind...@apache.org
ASF Member, Member of PMC and Committer of Apache Lucene and Apache Solr
Bremen, Germany
https://lucene.apache.org/
https://solr.apache.org/
_______________________________________________
jetty-users mailing list
jetty-users@eclipse.org
To unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users