[ https://issues.apache.org/jira/browse/KNOX-464?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14206819#comment-14206819 ]
Kevin Minder commented on KNOX-464: ----------------------------------- All of the magic is in gateway-provider-rewrite/src/main/java/org/apache/hadoop/gateway/filter/rewrite/impl/UrlRewriteResponse.java method getGatewayParam. This is what ultimately ends up resolving the {gateway.url} in this rule. <rule dir="OUT" name="WEBHDFS/webhdfs/outbound/namenode/headers/location"> <match pattern="{scheme}://{host}:{port}/{path=**}?{**}"/> <rewrite template="{gateway.url}/webhdfs/data/v1/{path=**}?{scheme}?host={$hostmap(host)}?{port}?{**}"/> <encrypt-query/> </rule> in this ruleset. gateway-service-webhdfs/src/main/resources/org/apache/hadoop/gateway/hdfs/WebHdfsDeploymentContributor/rewrite.xml This was put into the code before I had implemented functions in rules so it is a bit wierd. > Location headers have wrong hostname when used behind load balancer > ------------------------------------------------------------------- > > Key: KNOX-464 > URL: https://issues.apache.org/jira/browse/KNOX-464 > Project: Apache Knox > Issue Type: Bug > Components: Server > Affects Versions: 0.5.0 > Reporter: Kevin Minder > Assignee: Kevin Minder > Priority: Critical > Fix For: 0.6.0 > > Attachments: KNOX-464.patch > > > When you make a request like this that is routed through a load balancer > {code} > curl -i -u guest:guest-password -X PUT > 'http://localhost:8080/gateway/default/webhdfs/v1/tmp/LICENSE?op=CREATE' > {code} > Knox currently will return something like this > {code} > https://backend:8443/gateway/default/webhdfs/data/v1/webhdfs/v1/tmp/LICENSE?_=AAAACAAAABAAAACQccBhGqTbDtfqAt7vzK1H39SnCZo7W14qCIs67ctZAJDXr9fEyJbo1H9AO8prLGdV8Jmz5TO_novslggJwY7E9Vep4eFP0auaxVpfBz4QG-ktSuviEU5aHl8om_SkuGLOwSDjBRZASXrV1huqKU-K_mKkCaPnC0NkCpRQRL0LMkGvB8yrl6_1vNkaoXTxwjm0kp1EhgniovHJVmfcPbjKmmoh-boVy1cj > {code} > To avoid confusion the 'backend' in the URL above is in no way correct but is > in part caused because nginx is sending that value in the Host header. That > is peculiar to nginx and could be fixed with nginx configuration. > The issue here is that Knox used the hostname from the Host header and the > local port. I'm not exactly sure what the right answer it but I'm sure > mixing is bad. We should either be using the information from the Host > header or the information from the local endpoint of the socket. The way > Knox was working before the fix for KNOX-439 was to use the local endpoint > information so I'm going to fix this issue making that assumption. > I used nginx to reproduce the issue. This is the final configured I used to > verify the fix. Note that the 'proxy_redirect' would need to be removed to > see exactly what Knox is returning and compare to what is shown above. > {code} > worker_processes 1; > events { > worker_connections 1024; > } > http { > include mime.types; > default_type application/octet-stream; > sendfile on; > keepalive_timeout 65; > upstream backend { > server c6402.ambari.apache.org:8443; > } > server { > listen 8080; > server_name localhost; > location / { > proxy_pass https://backend; > proxy_redirect https://c6402.ambari.apache.org:8443/ > http://$host:$server_port/; > } > } > } > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)