Thanks Larry for the suggestion and comments.
I'm now unblocked after explicitly setting X-Forward-Port to default https port
'443' when reverse proxying.FYI, I found this link that defaulted the port to
80 or 443 based on proto. May be we can revisit it later.
Regards,Mohammad
On Monday, October 31, 2016 11:31 AM, larry mccay <[email protected]> wrote:
That is an interesting point and we should look into the spec for X-Forward-*
header use and see if we should change the default.I could see and argument for
either way actually.
On Mon, Oct 31, 2016 at 1:58 PM, Mohammad Islam <[email protected]> wrote:
Thanks Larry, Sumit, Sandeep for informative answers.
I'm going to try the suggestions and let you know if there is still any issue.
@Larry: Yes duplicate file name is copy/paste issue. However, the port (8445)
was copied properly. Looks like, Knox was using it's own port "8445" in fronted
url. I found the requested proxy didn't pass any port in header
(X-forwarded-Port). I thought the default port should be "80" not "8445"
(Knox's own port).
On Monday, October 31, 2016 9:17 AM, larry mccay <[email protected]> wrote:
Hi Mohammad -
I'd like to point you to the Knox support for X-Forwarded headers for such
proxying deployment scenarios: http://knox.apache.org/books/
knox-0-9-1/user-guide.html#X- Forwarded-*+Headers+Support
You will need to investigate what needs to be done from your external
load-balancer to propagate the needed headers.Between the frontend url and the
x-forwarded-* headers, you should have enough for what you need and we
shouldn't need a JIRA.If you can't get either of those to work then maybe there
is something else there.
In addition, I am curious about the actual URL that you pasted and whether it
has more problems than just the port or whether it was a copy-paste issue
putting it into the email:
https://<EXTERNAL_HOST>:8445/ gateway/sandbox/hdfs/static/
jquery-1.10.2.min.jsjquery-1. 10.2.min.js,
Looks like the end of the filename is doubled up.
thanks,
--larry
On Mon, Oct 31, 2016 at 11:11 AM, Sandeep More <[email protected]> wrote:
Ah, didn't think of that ! Thanks Sumit !
On Mon, Oct 31, 2016 at 9:54 AM, Sumit Gupta <[email protected]>
wrote:
Hi Mohammad,
Not sure if I got all the details right for what you need, but if you want to
proxy knox and have knox use that proxy’s host and port, then we have a
facility to configure that URL as the ‘frontend URL’.
This can be configured as the property ‘gateway.frontend.url’ in the
gateway-site.xml file. Some details can be found here:
http://knox.apache.org/books/k nox-0-9-1/user-guide.html#Gate
way+Server+Configuration
HTH,Sumit
From: Sandeep More <[email protected]>
Reply-To: "[email protected]" <[email protected]>
Date: Monday, October 31, 2016 at 9:36 AM
To: "[email protected]" <[email protected]>, Mohammad Islam
<[email protected]>
Cc: "[email protected]" <[email protected]>
Subject: Re: Knox can't load UI when being proxied
Hello Mohammad,
This looks more like an issue with the proxy host (i.e. EXTERNAL_HOST in this
case), the reason I think so is because KNOX_HOST seems to work fine when
accessed directly as per your observation.
I also noticed that you are using https for EXTERNAL_HOST and http for
KNOX_KNOX, could this be perhaps an issue forwarding https (something like
https_proxy variable not set correctly) ?
Also do you see any errors in Knox gateway logs ? Hope that helps !
Best,Sandeep
On Sun, Oct 30, 2016 at 4:09 PM, Mohammad Islam <[email protected]> wrote:
Hi,I was successfully able to load Namenode UI through Knox
(i.ehttp://<KNOX_HOST>:8445/gatewa y/sandbox/hdfs)
However, when I tried to proxy the Knox service from another frontend service
due to firewall, it could not load the namenode UI. Looks like the cause was
the js and css files could not be download by browser. A typical error message
looks like this: "[Error] Failed to load resource: The request timed out.
(https://<EXTERNAL_HOST>:8445/ gateway/sandbox/hdfs/static/jq
uery-1.10.2.min.jsjquery-1.10. 2.min.js,"
When further investigation revealed it was the port issue. For example, my KNOX
port was 8445 whereas my proxy service was running on host EXTERNAL_HOST
withdefault port. I believe the port was 80 andNOT 8445. For some reason, Knox
was creating the file download path with port 8445 which was knox port not the
proxy port.For testing purpose, I tried to manually download the file without
any port and it was working fine.
Now, I believe it is related to rewrite approach. Also I think it is a Bug. Is
this already resolved? If not, any pointer to look to provide a patch?
Regards,Mohammad
