I'm using istio as proxy in front of keycloak. I'm offloading TLS at NLB, and am serving Keycloak using http port.
I can correctly reach the first keycloak page, but when I click Administration Console, I get the result below.
I'm blocked at keycloak.js?version=4hm2q, and I see that Request URL is http://mykeycloak-address/auth/js/keycloak.js?version=4hm2q, and Referrer Policy is no-referrer. Request Headers show that Referer header is empty.
I have PROXY_ADDRESS_FORWARDING set as "true". I tried both http to https redirect and none redirection. When I set https redirect false, I get https required error.
Any help? Thanks.
I have the following setup
User Request --> AWS ELB Application load balancer --> Kong Gateway --> Integration
The SSL termination happens at application load balancer.
One of my endpoint makes the Integration respond a redirect URL with a code 302. Ex. when I make a request to https://api.domain.my/a/b/c should make the integration return a redirect path /x/y/z
This redirect request with a status of 302 reaches the API gateway which should add a location header to the response with the complete URL i.e. https://api.domain.my/x/y/z
But the response I get in the header on my browser is http://api.domain.my/x/y/z in the location header. I am guessing this is happening because my SSL termination happens at the ELB and hence Kong is just returning http:// in the location header.
Is there a workaround for this? How can I use the response transformer maybe to achieve this?
Is there any better way to achieve this?
I'm trying to redirect messages internet URL with the Application Request Routing (ARR), the component to the IIS in Windows Server.
I want to redirect that messages by the HTTP Method. Example:
HTTP POST: http://XXX.XXX.XXX.XX:7050/api/createUser
HTTP DELETE: http://XXX.XXX.XXX.XX:7050/api/deleteUser
HTTP PUT: http://XXX.XXX.XXX.XX:7050/api/modifyUser
The endpoint will be Mule (REST API Service with RAML).
Is it possible to make this filter?
I think you could do it by using choice router with this MEL expression #[message.inboundProperties.'http.method'] ?
created a webserver(http port 80, https:443) and proxy server(http 8080,https:8081)
am seeing issue when I access proxy over https like
https://xyz:8081/
wireshark shows client(fireforx or chrome) is sending certificate data in HTTP packet , I see certificate text .
Any idea what could be wrong ? browser says no data received
If TLS session is already established(https webserver) would another TLS sessions is created if I try to access https proxy ?
I created SSL socket like
ctx_init
put the socket on select and did accept/sslaccept once I get
and then did SSL_Read
NB: Rest all access like http/https to webserver or http to proxy server works fine.
Updates: Issue was client was sending fragmented HTTP request
So for a GET request it was sent by client like this
Packet 1 was GE
Packet 2 was rest T ....\r\n\r\n
So in code I have to collect until until full HTTP packet is received
How can I route requests in haproxy using a cookie that was set on the app servers?
Example: SESS=<hash-of-username>
haproxy should not insert cookies by itself in any case.
For testing a specific server behind haproxy I can recommend this approach:
frontend http
acl is_cookie_hack_1 hdr_sub(cookie) server_test_hack=server1
acl is_cookie_hack_2 hdr_sub(cookie) server_test_hack=server2
... insert your normal acl rules here
use_backend bk_server_1 if is_cookie_hack_1
use_backend bk_server_2 if is_cookie_hack_2
... insert your normal use_backend expressions here
backend bk_server_1
...
backend bk_server_2
...
I insert the server_test_hack cookie by javascript in my browser's js console by this script:
document.cookie="server_test_hack=server1";
You can't use your existing cookie for balancing, the way you could use the URI parameter. You can't just take the md5() or build the hash table of the cookie, at least that is not documented. You could use prefix parameter for the cookie to achieve a different result. It might be what you are looking for (if you want to avoid creation of yet another cookie).
So in your case the config would look like this:
backend bk_web
balance roundrobin
cookie SESS prefix indirect nocache
server s1 192.168.10.11:80 check cookie s1
server s2 192.168.10.21:80 check cookie s2
When the request arrives without a cookie, any server is chosen by round-robin and request is redirected to it. When response arrives from the backend, HAProxy checks for the SESS cookie and if it's set, it prepends the server name (sX) to the cookie and sends it to the client. In the browser, the cookie looks like sX~, but when the next request is sent with that cookie, the backend server only sees in the cookie, as HAProxy strips the sX~ part
Source: load balancing, affinity, persistence, sticky sessions: what you need to know
If you just want to read cookies in the request and route accordingly, you can do something like this in your configuration:
frontend http
acl cookie_found hdr_sub(cookie) COOKIENAME
use_backend app_server if cookie_found
backend app_server
balance roundrobin
server channel1 X.X.X.X:PORT #Host1
server channel2 Y.Y.Y.Y:PORT #Host2