Re: [che-dev] Forwarding headers in Everret and HATEOAS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [che-dev] Forwarding headers in Everret and HATEOAS

From: Sergii Kabashniuk <skabashnyuk@xxxxxxxxxxx>
Date: Wed, 3 Jun 2015 12:56:47 +0300
Delivered-to: che-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/che-dev>
List-help: <mailto:che-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/che-dev>, <mailto:che-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/che-dev>, <mailto:che-dev-request@eclipse.org?subject=unsubscribe>

Hello Tareq

We have expirience the same problem after we setup haproxy (as reverse proxy) and set up https.

Solution for this is following

On haproxy side we added X-Forwarded-Proto header

On tomcat we added to server.xml

<Valve className="org.apache.catalina.valves.RemoteIpValve" protocolHeader="X-Forwarded-Proto"

internalProxies="Proxy IP here"/>

When Everest start making correct links because after that tomcat correctly answer HttpRequest.isSecure()

hth

Sergii Kabashniuk

On Wed, Jun 3, 2015 at 12:43 PM, Sharafy, Tareq <tareq.sharafy@xxxxxxx> wrote:

Hi,

We're trying to deploy Che-based servers on a landscape that dispatched requests through reverse proxies. The de-facto standard forwarding headers are used:

X-Forwarded-Host
X-Forwarded-Port
X-Forwarded-Proto

We noticed that the HATEAOS links that are returned by Che are incorrect and are narrowly based on the direct URLs of the requests that the server receives, which are the internal proxy-to-Che URLs in this case. Further inspection show that that root cause is that Everrest constructs request object objects (org.everrest.core.servlet.ServletContainerRequest) without taking the forwarding headers into account.

Our proposal is to contribute a code fix in everrest that takes the forwarding headers into account when construct the URLs. An alternative is make a higher-level change, e.g. at ServiceContextImpl (inside che-core-api).

Can you please provide insights? Is the current behavior intentional for some reason?

thank you

Tareq Sharafy

Cloud Development Experience | SAP Labs Israel | 15 Hatidhar st, Raanana 43665, Israel

T +972-(0)7-4732-1647 | F +972-(0)9-777-5618

_______________________________________________
che-dev mailing list
che-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/che-dev

Follow-Ups:
- Re: [che-dev] Forwarding headers in Everret and HATEOAS
  - From: Sharafy, Tareq

References:
- [che-dev] Forwarding headers in Everret and HATEOAS
  - From: Sharafy, Tareq

Prev by Date: [che-dev] Forwarding headers in Everret and HATEOAS
Next by Date: Re: [che-dev] JGit
Previous by thread: [che-dev] Forwarding headers in Everret and HATEOAS
Next by thread: Re: [che-dev] Forwarding headers in Everret and HATEOAS
Index(es):
- Date
- Thread

Breadcrumbs