If you are going to use the ForwardedRequestCustomizer do yourself a favor
and *only use the RFC 7239 mode*.
Do not use the X-Forwarded-* headers, they are a giant mess of conflicting
behaviors and rules with no standardization behind them.
Big players interpret the headers differently (Google,
On 5/24/22 12:30, Joakim Erdfelt wrote:
If you are going to use the ForwardedRequestCustomizer do yourself a
favor and _only use the RFC 7239 mode_.
Do not use the X-Forwarded-* headers, they are a giant mess of
conflicting behaviors and rules with no standardization behind them.
Big players
On 5/24/22 10:31, Shawn Heisey wrote:
Where would I do HttpConfiguration.setRelativeRedirectAllowed(true)?
That looks like Java code, and Jetty is not embedded. This is the
jetty.xml in Solr 8.x:
Shawn,
You should be able to add --module=http-forwarded to the command line to
enable the ForwardedRequestCustomizer module.
You should be able to add jetty.httpConfig.relativeRedirectAllowed=true to
the command line to configure relative redirection.
However, typically jetty start.jar likes to
Shawn,
I think you may have a solution now, but I'll just answer any outstanding
questions just in case.
To turn on relative redirects, you need to set the property
`jetty.httpConfig.relativeRedirectAllowed=true`, which can be done on the
command line or better yet in the server.ini file.
The
On 5/24/2022 4:34 PM, Greg Wilkins wrote:
To turn on relative redirects, you need to set the property
`jetty.httpConfig.relativeRedirectAllowed=true`, which can be done on
the command line or better yet in the server.ini file.
There is no server.ini file in a Solr install. How would I
Shawn,
Have you tried configuring
HttpConfiguration.setRelativeRedirectAllowed(true) ?
This should stop Jetty trying to make a relative redirect into an absolute
one and perhaps using the wrong authority.
However, even without this, the server should get the authority correct if
the proxy is
Hi Shawn,
as Greg Wilkins already said, there are often problems with proxies not
transferring the correct information to backend. What I was not able to
figure out from the Solr issue:
Is only the proxy HTTPS and Solr is HTTP, or are both HTTP?
If Solr works with HTTP and the TLS
On 5/24/22 02:03, Greg Wilkins wrote:
To say more, we'd need to see the headers of the request arriving at
the proxy and then arriving at jetty but my money is on their
proxy being configured to rewrite the host header.
I was able to duplicate the issue, and I did not have haproxy