Trying out the spring cloud gateway 2.0.
A simple path rewrite route works well. But switching to https, the route starts failing.
Code to reproduce the issue can be found at https://github.com/saiyedzaidi/spring-cloud-gateway-https
URI /test is a simple controller, always works irrespective of https
URI /try/1 is a proxy, only works without https.
Is there anything I am doing wrong here ? or perhaps point out which classes I should start looking into to fix it, if it's a bug.
Related
We have a reverse proxy (traefik) that handles our redirects for sonarqube. It seems like all of our requests going to the api returns a 302
It always returns /api as the new location. Locally everything seems to work as expected:
This is our ingress rule:
We're using Gitlab as our SAML -- does anyone have a clue why this may be happening?
I am able to hit my web service with Below URL:
http://localhost:8080/projectservices/route/rest/gethealth
But I want to force the app to access REST resource using https only as:
http://localhost:8080/projectservices/route/rest/gethealth
FYI, I am using jboss wildfly 10 server.
It will be very helpful if anyone over here will let me know what are the different approaches and you can also suggest me some link to get more understanding of it. Thanks in Advance!
http vs https is not dependent on Rest webservices.
Enabling your application to be https need to be done at your server level. In your case - Jboss.
Im not familiar on how this can be done in Jboss, see if below helps:
https://docs.jboss.org/jbossweb/3.0.x/ssl-howto.html
I'm using Eclipse to develop an app that consists of an Angular 2 front end and a Java REST back end.
For the front end, I'm using the Angular CLI plugin, which starts the app by issuing an ng serve command to the CLI. This command sets up an http server on port 4200.
For the back end, I'm using an in-company framework that launches in Jetty within Eclipse in port 8088.
While both these ports are configurable, by nature of the frameworks and plugins in use, they'll always be distinct.
Authentication works via an OAuth2 service that is also deployed to port 8088, as part of the framework. This service sets a cookie which certifies the browser session as authenticated. I have verified that this service works correctly by testing it against a Swagger instance of the REST API (also running in 8088 as part of the same framework).
The problem is that when the browser is aimed at the Angular 2 app on :4200, its internal REST API requests to :8088 aren't carrying the authentication cookie. Presumably, this is because of cross-site protection.
Is there any way for the app or the framework to tell the browser that these two "sites" are actually part of the same system?
Alternatively, if I have to configure the dev browser (Chrome) to work, I can live with that too. However, I've tried the --disable-web-security --user-data-dir recommendation, but the cookie still doesn't show up on the requests.
Lastly, I have Apache installed on the dev machine. If I can set up appropriate vhosts and use it as a proxy so that the browser thinks it's all the same, that would probably work too. It would just be a matter of intercepting all /swagger and /api requests and sending them to :8088, and all forwarding all other requests to :4200. However, I've been banging my head against mod_rewrite and mod_proxy and haven't been able to come up with anything that works.
I think what you're looking for is
withCredentials = true
https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest/withCredentials
In my development system ( macos ) I have a webapp running in a jetty container on port 8080
Part of this webapp is a REST service
I can hit the REST service as follows
curl http://fake.hostname.com:8080/find/http%3A%2F%2Fwww.nfl.com
and I get the expected JSON result from this call.
Because on the server I am deploying on, I have an apache front end using ajp to route to tomcat, on my dev system I have an apache vhost routing to port 8080. This helps with testing some oauth dependencies where facebook redirects to a specific host URL.
The webapp works fine in this configuration except when I try and hit the service using
curl http://fake.hostname.com/find/http%3A%2F%2Fwww.nfl.com
Nothing is showing up in the jetty console reporting a proplem and I am getting a 404 response from apache.
Can anyone suggest how to troubleshoot such an issue? Or things I should look at?
note 1. I know the issue of using apache as a proxy to tomcat or jetty is contentious but given there are other apps already living on apache port 80 I’m not willing to run tomcat in its place.
note 2. the webapp is in scala using the lift framework.
Not really an answer to the exact question, but did you consider to use nginx as a proxy+load balancer? It's a de-facto standard, as far as I know.
Also, what's in the logs? tomcat-s logs, apache logs..
I've got a problem accessing futon interface when it is proxied using nginx.
This config works fine when http protocol is used, but when I try to use
https, I constantly receive no_db_file errors (but operations succeed,
e.g. I can create databases, insert values, etc.)
location / {
proxy_pass http://127.0.0.1:5984;
}
What can I do to make it work correctly using https protocol?
I have used Apache proxying to proxy https to http to do https on CouchDB: http://wiki.apache.org/couchdb/Apache_As_a_Reverse_Proxy
I have found that a trailing slash on the URL affects whether or not https proxying works. Maybe it affects Nginx the same way?
That's not bad! At least you have a working link between nginx and CouchDB.
no_db_file is CouchDB's 404 response when a database (the first thing after the slash) is not there. Check the logs and see what path CouchDB actually received in the query. It may be one of the AJAX calls that Futon does; but whatever it is, the logs will say.