Geoserver Admin UI Behind Spring Cloud Gateway Not Working As Expected - spring-cloud

I'm working on moving our Geoserver 2.15.4 instance behind a Spring Cloud Gateway instance. These are all running in a standalone Docker instance on a local server. I've been able to get the requests for map data working fine. However the Admin interface is not functioning correctly. I can bring up the login page, but when I try to log in, it's not maintaining the route from the reverse proxy.
So instead of POSTing to https://HOST/geoserver-admin/xxxx, it's going to https://HOST/xxxx, which is failing.
My assumption is that I'll be able to pick up the X-Forwarded-* headers from the proxy, but what I can't figure out is how to update Tomcat and/or Geoserver configuration to pick up these headers.
Thanks!

Related

ProxySQl HTTP Web Server doesn't work behind HAProxy

I trying to mount a docker-compose stack with a mariadb and proxysql and all works fine. When i navigate to https://172.25.0.174:6080/ (the VM that holds docker stack), the browser shows the ProxySQL Web UI. On top of this stack, i mount another VM with HAProxy not using docker at all. This last VM routes requests across several other services. All works fine, but ProxySQl Web UI. When i navigate to admin.testdomain.com/proxysql (HAProxy route this address to 172.25.0.174:6080), the browser ask me for the authentication, but then a 404 Not Found error is thrown.
It seems that the problem is the digest auth that ProxySQL Web UI uses. I tried many config options on the HAProxy side, but no one seems to work.
Anybody can help me, please?

Left over application in GKE - how to remove and make webpreview work as before

I deployed an application (let's say app1) in GKE with a service, deployment and certificate setup in an existing cluster with Jenkins and another app (let's say app2).
The other app is deployed in the same way as the new one, with a certificate (and a static IP and DNS entry).
Jenkins is not exposed to an external IP, so I used to use the port forward option in the cloud console and then web preview - this creates an appspot URL which alloww me to login to the web admin.
Something strange happened after I deployed app2.
I tested it with the webpreview button and could reach it.
All was fine and it was accessible at the new URL with HTTPS and all.
But after that, the web preview to Jenkins was not working anymore.
Instead, I would be redirected to app2, always.
I could not figure out why, so I removed everything from app2 and now I have some very strange situation:
in the (Chrome) browser where I did most of the actions, I can still access the (broken) app on both the FQDN in DNS and on the appspot link ( https://8080-dot-1234567-dot-devshell.appspot.com/ even after I reboot, clear cache and logout the google account (and removed the statis IP even) - the port forward actions works and gives the above link (with other numbers)
in another (Chromium) browser on the same laptop running Ubuntu, the portford action works, but when clicking the link in the browser it does not generate another appsot url and fails with a 500 error screen
After reading up a bit, I understand there is some proxy that is used to do the forward, I expect the proxy to be 'hanging' some how and on top of that it seems there are application left overs in the cluster that should really not be there
I have basic support currently, so not eligable for technical support.
I cannot find a manual way to access the appspot proxy and I found no load balancer or any other thing I know of that may cause this.
If I run the portfoward in the cloud shell in the second browser, I can curl to the localhost on the exposed port and get Jenkins, so that part seems to work, but the web preview then does not.
How can I go about troubleshooting this (meaning getting back to the web preview working for Jenkins and getting rid of the application left overs)?
I actually found the cause of this issue with the help of a colleague.
The second application I deployed was Yopass.
It turned out that it uses a serviceworker, that cached (almost) everything in the browser, including most of the application, I suppose to run offline.
Although I tried clearing cache in the network tab in developer options, I still had this behaviour which made me think it was not a cache issue.
After removing all cache in the applications tab for both the FQDN url and the appspot domain, behavior went back to normal.
I was not able to fix it in the other browser yet, but I suppose that is cache too. Thanks for the help, I consider this solved.

possible to access an application in Websphere application server cluster without load balances or web server?

I am trying setting up an websphere application server cluster and deploy an web application on it. I have successfully access the application with a web server. but i have some question, if i would access the application bypassing the web server by using 9080 to the single server, i get error when sign in servlet respond.redirect to jsp page. the session was lost, are we not suppose to access the application in cluster environment with out the web server ?
As long as you target an individual server in the cluster, you should not lose your session or suffer any other ill effects for not using/having a proxy server between you and the cluster. You should look closely at the Cookies issued through that flow and make sure they don't have a bad domain or path and that you don't get redirected back through the webserver or otherwise to another JVM.
Also verify there is no DNS-based load balancing. If you don't have session persistence/distribution/replication it won't work.

How to add security to run Ignite Web Console in k8s

I am running Ignite Web Console and Web Agent in k8s v1.9, but connection fails when using security - works fine without security. I am able to access Ignite REST API by passing 'X-Signature' value in Header using Postman, but see no way to do this through the Web Console. Same with dBeaver.
Web Console do not support connection to secured cluster.
I created issue: IGNITE-8428 Web Console: Support connect to secured cluster.
You can track it.

Confugaration/steps needed when consuming external Restful service from Fiori front end server

I have deployed a custom UI5 app ( using external REST ful services--> service hosted in another Java stack system) in the front end server.
I used Ajax to call the service directly with the URL as shown below.
This app has run successfully when i use "proxy" in local host(eclipse).
-->Ajax Call code Snippet
So i replaced proxy with target url while deploying in front end. (http ://xxx.xxx:port)
When running from front end server i got cross origin error as shown below.
Error1:<http://xxx:port/xxx/ngservices/rest/query/ZQUE_WEBSERV_APPHISTORY/executeGet. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://xxx:port' is therefore not allowed access. The response had HTTP status code 401>
After enabling CORS plugin in chrome i got unauthorised error as shown below.
Error2:<http://xxx:port/xxx/ngservices/rest/query/ZQUE_WEBSERV_APPHISTORY/executeGet. Response for preflight has invalid HTTP status code 401>
I got the above errors initally while running from localhost.After that i used proxy and it got solved.
I just deployed the app in frontend server and ran it directly. I haven't done any other configurations.
Do i need to do any extra configurations for consuming these external services or kindly suggest any other suggestions.
Important info:
*Able to call external service from localhost(eclipse--> used proxy here) but not able to call service from frontend server.
*Front end architecture: Central hub deployement and connected to SRM,HR and CRM backends currently.
Regards
Phani Poorna
Both of these errors can be solved by creating and configuring a destination on your platform.
A destination is essentially a proxy: when you create it, you specify the backend URL, the authentication mechanism (Principal propagation/basic authentication etc). From your client, you just need to then connect to your destination to query the backend.
What do you mean by Fiori front end server? Are you referring to the Portal service hosted on HANA Cloud Platform?
If so, then you can create a destination by going to Connectivity - Destinations from your HCP account. From your Fiori application, you then need to connect your destination using the following URL pattern:
/destinations/<destination name>/<whatever you want to add to the URL the destination points to>
If you are using a different PaaS, I'm sure it will have some similar way of creating a proxy between your client and your backend. (Edit: I just saw you're using the Central hub deployment - I am not familiar with this system but it must have a very similar way of creating destinations).
Hope this helps, let me know if you have any questions.