Marcelo Masiero Vanzin created SPARK-30240:
----------------------------------------------
Summary: Spark UI redirects do not always work behind (dumb)
proxies
Key: SPARK-30240
URL: https://issues.apache.org/jira/browse/SPARK-30240
Project: Spark
Issue Type: Improvement
Components: Web UI
Affects Versions: 3.0.0
Reporter: Marcelo Masiero Vanzin
Spark's support for proxy servers allows the code to prepend a prefix to URIs
generated by Spark pages. But if Spark sends a redirect to the client, then
Spark's own full URL is exposed. If the client cannot access that URL, or it's
incorrect for whatever reason, then things do not work.
For example, if you set up an stunnel HTTPS proxy on port 4443, and get the
root of the Spark UI, you get this back (with all the TLS stuff stripped):
{noformat}
$ curl -v -k https://vanzin-t460p:4443/
* Trying 127.0.1.1...
* Connected to vanzin-t460p (127.0.1.1) port 4443 (#0)
> GET / HTTP/1.1
> Host: vanzin-t460p:4443
> User-Agent: curl/7.58.0
> Accept: */*
>
< HTTP/1.1 302 Found
< Date: Thu, 12 Dec 2019 22:09:52 GMT
< Cache-Control: no-cache, no-store, must-revalidate
< X-Frame-Options: SAMEORIGIN
< X-XSS-Protection: 1; mode=block
< X-Content-Type-Options: nosniff
< Location: http://vanzin-t460p:4443/jobs/
< Content-Length: 0
< Server: Jetty(9.4.18.v20190429)
{noformat}
So you can see that Jetty respects the "Host" header, but that has no
information about the protocol, and Spark has no idea that the proxy is using
HTTPS. So the returned URL does not work.
Some proxies are smart enough to rewrite responses, but it would be nice (and
pretty easy) for Spark to support this simple use case.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
