Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New WebUI Authentication Manager Breaks Forwarded HTTPS #2908

Closed
ddrinka opened this issue Feb 21, 2020 · 5 comments · Fixed by #2916 or #2944
Closed

New WebUI Authentication Manager Breaks Forwarded HTTPS #2908

ddrinka opened this issue Feb 21, 2020 · 5 comments · Fixed by #2916 or #2944
Labels
bug Something isn't working ui Web UI
Milestone

Comments

@ddrinka
Copy link
Member

ddrinka commented Feb 21, 2020

We use a load balancer in front of Presto to handle HTTPS. The load balancer forwards to Presto on port 8080. We enable http-server.authentication.allow-forwarded-https to support authentication in this scenario.

Running a snapshot of master, I am not able to reach Presto through the load balancer. Browsing to https://presto.domain.com delivers a 303 status code, redirecting to https://presto.domain.com:80/ui. This is incorrect, as no one is listening on port 80.

@ddrinka
Copy link
Member Author

ddrinka commented Feb 22, 2020

Configuring the load balancer to listen on a port besides 443 works around the issue. https://presto.domain.com:4433 is accessible.

@findepi findepi added bug Something isn't working ui Web UI labels Feb 22, 2020
@findepi
Copy link
Member

findepi commented Feb 22, 2020

Browsing to https://presto.domain.com delivers a 303 status code, redirecting to https://presto.domain.com:80/ui.

Is your load balancer sending X-Forwarded-For, X-Forwarded-Proto headers?

@ddrinka
Copy link
Member Author

ddrinka commented Feb 22, 2020 via email

@findepi findepi mentioned this issue Feb 24, 2020
6 tasks
@findepi findepi added this to the 331 milestone Feb 24, 2020
@ddrinka
Copy link
Member Author

ddrinka commented Feb 25, 2020

@findepi this doesn't seem to have fixed the issue for me?

As I mentioned in slack, I don't usually build Presto, but I'm really quite sure I'm running head, and am still getting redirected incorrectly.

I captured the headers the ALB is sending:

GET / HTTP/1.1
X-Forwarded-For: <MY IP>
X-Forwarded-Proto: https
X-Forwarded-Port: 443
Host: presto.domain.net
X-Amzn-Trace-Id: Root=1-5e546e4c-4d18dc28137ff5ce1b626b72
cache-control: max-age=0
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
sec-fetch-user: ?1
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Delivering this to Presto results in the following response:

content-length: 0
date: Tue, 25 Feb 2020 00:49:03 GMT
location: http://presto.domain.net:80/ui/
status: 303

@dain dain reopened this Feb 25, 2020
@dain
Copy link
Member

dain commented Feb 25, 2020

The code is activating only when X-Forwarded-Host is present, which isn't required.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working ui Web UI
Development

Successfully merging a pull request may close this issue.

3 participants