geode-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jens Deppe (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (GEODE-381) Gfsh using https connections does not work in environments with SSL termination
Date Fri, 02 Oct 2015 22:08:26 GMT

    [ https://issues.apache.org/jira/browse/GEODE-381?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14941857#comment-14941857
] 

Jens Deppe commented on GEODE-381:
----------------------------------

An initial fix for this sends an additional param along with the {{/index}} request. E.g.
something like {{/index?scheme=https}} where the scheme is derived from the initial {{connect}}
URL. The {{scheme}} param can then be used on the server to correctly create the index URLs.

Another option is to check the {{X-Forwarded-Proto}} http header, on the server, and use that
to set the scheme. {{X-Forwarded-Proto}} is being formalized as {{Forwarded-Proto}} in [RFC
7239|http://tools.ietf.org/html/rfc7239].

I think the first option is the safest as we can't guarantee the presence of {{X-Forwarded-Proto}}
by every SSL termination implementation.

> Gfsh using https connections does not work in environments with SSL termination
> -------------------------------------------------------------------------------
>
>                 Key: GEODE-381
>                 URL: https://issues.apache.org/jira/browse/GEODE-381
>             Project: Geode
>          Issue Type: Bug
>          Components: management & tools
>    Affects Versions: 1.0.0-incubating
>            Reporter: Jens Deppe
>            Priority: Critical
>
> In Cloud Foundry we have SSL termination, i.e. our transport path looks something like
this:
> {code}
>    gfsh <---- https ---->  ELB  <---- http ----> Cluster
> {code}
> Where ELB is an Elastic Load Balancer or HAProxy.
> When attempting to connect using a https URL, the following occurs:
> {code}
> gfsh>connect --use-http --url=https://gf-plan-1-dashboard-253bff71-a09b-4f1a-49fb-ef6b13c39c34.gf1.pcf-gemfire.com/gemfire/v1
> Successfully connected to: GemFire Manager HTTP service @ https://gf-plan-1-dashboard-253bff71-a09b-4f1a-49fb-ef6b13c39c34.gf1.pcf-gemfire.com/gemfire/v1
> gfsh>
> No longer connected to GemFire Manager HTTP service @ https://gf-plan-1-dashboard-253bff71-a09b-4f1a-49fb-ef6b13c39c34.gf1.pcf-gemfire.com/gemfire/v1.
> gfsh>
> Exiting...
> {code}
> The problem is that gfsh retrieves meta-information consisting of an index of commands
mapped to URL endpoints. Even though an initial https connection is made, the URLs returned
in the index are http URLs.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message