[
https://issues.apache.org/jira/browse/KNOX-464?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Kevin Minder updated KNOX-464:
------------------------------
Description:
When you make a request like this that is routed through a load balancer
{code}
curl -i -u guest:guest-password -X PUT
'http://localhost:8080/gateway/default/webhdfs/v1/tmp/LICENSE?op=CREATE'
{code}
Knox currently will return something like this
{code}
https://backend:8443/gateway/default/webhdfs/data/v1/webhdfs/v1/tmp/LICENSE?_=AAAACAAAABAAAACQccBhGqTbDtfqAt7vzK1H39SnCZo7W14qCIs67ctZAJDXr9fEyJbo1H9AO8prLGdV8Jmz5TO_novslggJwY7E9Vep4eFP0auaxVpfBz4QG-ktSuviEU5aHl8om_SkuGLOwSDjBRZASXrV1huqKU-K_mKkCaPnC0NkCpRQRL0LMkGvB8yrl6_1vNkaoXTxwjm0kp1EhgniovHJVmfcPbjKmmoh-boVy1cj
{code}
To avoid confusion the 'backend' in the URL above is in no way correct but is
in part caused because nginx is sending that value in the Host header. That is
peculiar to nginx and could be fixed with nginx configuration.
The issue here is that Knox used the hostname from the Host header and the
local port. I'm not exactly sure what the right answer it but I'm sure mixing
is bad. We should either be using the information from the Host header or the
information from the local endpoint of the socket. The way Knox was working
before the fix for KNOX-439 was to use the local endpoint information so I'm
going to fix this issue making that assumption.
I used nginx to reproduce the issue. This is the final configured I used to
verify the fix. Note that the 'proxy_redirect' would need to be removed to see
exactly what Knox is returning and compare to what is shown above.
{code}
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
upstream backend {
server c6402.ambari.apache.org:8443;
}
server {
listen 8080;
server_name localhost;
location / {
proxy_pass https://backend;
proxy_redirect https://c6402.ambari.apache.org:8443/
http://$host:$server_port/;
}
}
}
{code}
was:
curl -i -u guest:guest-password -X PUT
'http://localhost:8080/gateway/default/webhdfs/v1/tmp/LICENSE?op=CREATE'
https://backend:8443/gateway/default/webhdfs/data/v1/webhdfs/v1/tmp/LICENSE?_=AAAACAAAABAAAACQccBhGqTbDtfqAt7vzK1H39SnCZo7W14qCIs67ctZAJDXr9fEyJbo1H9AO8prLGdV8Jmz5TO_novslggJwY7E9Vep4eFP0auaxVpfBz4QG-ktSuviEU5aHl8om_SkuGLOwSDjBRZASXrV1huqKU-K_mKkCaPnC0NkCpRQRL0LMkGvB8yrl6_1vNkaoXTxwjm0kp1EhgniovHJVmfcPbjKmmoh-boVy1cj
To avoid confusion the 'backend' in the URL above is in no way correct but is
in part caused because nginx is sending that value in the Host header. That is
peculiar to nginx and could be fixed with nginx configuration.
The issue here is that Knox used the hostname from the Host header and the
local port. I'm not exactly sure what the right answer it but I'm sure mixing
is bad. We should either be using the information from the Host header or the
information from the local endpoint of the socket. The way Knox was working
before the fix for KNOX-439 was to use the local endpoint information so I'm
going to fix this issue making that assumption.
I used nginx to reproduce the issue. This is the final configured I used to
verify the fix. Note that the 'proxy_redirect' would need to be removed to see
exactly what Knox is returning and compare to what is shown above.
{code}
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
upstream backend {
server c6402.ambari.apache.org:8443;
}
server {
listen 8080;
server_name localhost;
location / {
proxy_pass https://backend;
proxy_redirect https://c6402.ambari.apache.org:8443/
http://$host:$server_port/;
}
}
}
{code}
> Location headers have wrong hostname when used behind load balancer
> -------------------------------------------------------------------
>
> Key: KNOX-464
> URL: https://issues.apache.org/jira/browse/KNOX-464
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Affects Versions: 0.5.0
> Reporter: Kevin Minder
> Assignee: Kevin Minder
> Priority: Critical
> Fix For: 0.6.0
>
>
> When you make a request like this that is routed through a load balancer
> {code}
> curl -i -u guest:guest-password -X PUT
> 'http://localhost:8080/gateway/default/webhdfs/v1/tmp/LICENSE?op=CREATE'
> {code}
> Knox currently will return something like this
> {code}
> https://backend:8443/gateway/default/webhdfs/data/v1/webhdfs/v1/tmp/LICENSE?_=AAAACAAAABAAAACQccBhGqTbDtfqAt7vzK1H39SnCZo7W14qCIs67ctZAJDXr9fEyJbo1H9AO8prLGdV8Jmz5TO_novslggJwY7E9Vep4eFP0auaxVpfBz4QG-ktSuviEU5aHl8om_SkuGLOwSDjBRZASXrV1huqKU-K_mKkCaPnC0NkCpRQRL0LMkGvB8yrl6_1vNkaoXTxwjm0kp1EhgniovHJVmfcPbjKmmoh-boVy1cj
> {code}
> To avoid confusion the 'backend' in the URL above is in no way correct but is
> in part caused because nginx is sending that value in the Host header. That
> is peculiar to nginx and could be fixed with nginx configuration.
> The issue here is that Knox used the hostname from the Host header and the
> local port. I'm not exactly sure what the right answer it but I'm sure
> mixing is bad. We should either be using the information from the Host
> header or the information from the local endpoint of the socket. The way
> Knox was working before the fix for KNOX-439 was to use the local endpoint
> information so I'm going to fix this issue making that assumption.
> I used nginx to reproduce the issue. This is the final configured I used to
> verify the fix. Note that the 'proxy_redirect' would need to be removed to
> see exactly what Knox is returning and compare to what is shown above.
> {code}
> worker_processes 1;
> events {
> worker_connections 1024;
> }
> http {
> include mime.types;
> default_type application/octet-stream;
> sendfile on;
> keepalive_timeout 65;
> upstream backend {
> server c6402.ambari.apache.org:8443;
> }
> server {
> listen 8080;
> server_name localhost;
> location / {
> proxy_pass https://backend;
> proxy_redirect https://c6402.ambari.apache.org:8443/
> http://$host:$server_port/;
> }
> }
> }
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
