[jira] [Commented] (GEODE-381) Gfsh using https connections does not work in environments with SSL termination

Fri, 02 Oct 2015 15:09:08 -0700 

    [ 
https://issues.apache.org/jira/browse/GEODE-381?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14941857#comment-14941857
 ] 

Jens Deppe commented on GEODE-381:
----------------------------------

An initial fix for this sends an additional param along with the {{/index}} 
request. E.g. something like {{/index?scheme=https}} where the scheme is 
derived from the initial {{connect}} URL. The {{scheme}} param can then be used 
on the server to correctly create the index URLs.

Another option is to check the {{X-Forwarded-Proto}} http header, on the 
server, and use that to set the scheme. {{X-Forwarded-Proto}} is being 
formalized as {{Forwarded-Proto}} in [RFC 
7239|http://tools.ietf.org/html/rfc7239].

I think the first option is the safest as we can't guarantee the presence of 
{{X-Forwarded-Proto}} by every SSL termination implementation.

> Gfsh using https connections does not work in environments with SSL 
> termination
> -------------------------------------------------------------------------------
>
>                 Key: GEODE-381
>                 URL: https://issues.apache.org/jira/browse/GEODE-381
>             Project: Geode
>          Issue Type: Bug
>          Components: management & tools
>    Affects Versions: 1.0.0-incubating
>            Reporter: Jens Deppe
>            Priority: Critical
>
> In Cloud Foundry we have SSL termination, i.e. our transport path looks 
> something like this:
> {code}
>    gfsh <---- https ---->  ELB  <---- http ----> Cluster
> {code}
> Where ELB is an Elastic Load Balancer or HAProxy.
> When attempting to connect using a https URL, the following occurs:
> {code}
> gfsh>connect --use-http 
> --url=https://gf-plan-1-dashboard-253bff71-a09b-4f1a-49fb-ef6b13c39c34.gf1.pcf-gemfire.com/gemfire/v1
> Successfully connected to: GemFire Manager HTTP service @ 
> https://gf-plan-1-dashboard-253bff71-a09b-4f1a-49fb-ef6b13c39c34.gf1.pcf-gemfire.com/gemfire/v1
> gfsh>
> No longer connected to GemFire Manager HTTP service @ 
> https://gf-plan-1-dashboard-253bff71-a09b-4f1a-49fb-ef6b13c39c34.gf1.pcf-gemfire.com/gemfire/v1.
> gfsh>
> Exiting...
> {code}
> The problem is that gfsh retrieves meta-information consisting of an index of 
> commands mapped to URL endpoints. Even though an initial https connection is 
> made, the URLs returned in the index are http URLs.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to