-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New WebUI Authentication Manager Breaks Forwarded HTTPS #2908
Comments
Configuring the load balancer to listen on a port besides 443 works around the issue. |
Is your load balancer sending |
It’s an AWS Application Load Balancer. It’s certainly sending
X-Forwarded-Proto as Presto recognizes that traffic is encrypted. If it’s
not sending X-Forwarded-For then whatever header it is supplying should be
supported as well. But I assume it is sending the default headers.
…On Sat, Feb 22, 2020 at 6:03 AM Piotr Findeisen ***@***.***> wrote:
Browsing to https://presto.domain.com delivers a 303 status code,
redirecting to https://presto.domain.com:80/ui.
Is your load balancer sending X-Forwarded-For, X-Forwarded-Proto headers?
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#2908>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAJ4W3VBOX2NKRBAIBPGXQDREEPAZANCNFSM4KZMHD3Q>
.
|
@findepi this doesn't seem to have fixed the issue for me? As I mentioned in slack, I don't usually build Presto, but I'm really quite sure I'm running I captured the headers the ALB is sending:
Delivering this to Presto results in the following response:
|
The code is activating only when |
We use a load balancer in front of Presto to handle HTTPS. The load balancer forwards to Presto on port 8080. We enable
http-server.authentication.allow-forwarded-https
to support authentication in this scenario.Running a snapshot of master, I am not able to reach Presto through the load balancer. Browsing to
https://presto.domain.com
delivers a 303 status code, redirecting tohttps://presto.domain.com:80/ui
. This is incorrect, as no one is listening on port 80.The text was updated successfully, but these errors were encountered: