[jira] [Commented] (ARTEMIS-5559) Cannot proxy traffic to jolokia when SSL is terminated

Tue, 01 Jul 2025 14:51:41 -0700 


    [ 
https://issues.apache.org/jira/browse/ARTEMIS-5559?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17987282#comment-17987282
 ] 

Justin Bertram commented on ARTEMIS-5559:
-----------------------------------------

The unsafe behavior is giving the end user the impression that HTTPS is being 
used end-to-end (which is the implicit expectation when using an {{https://}} 
url from a browser) when in fact HTTPS is terminating at the proxy and the 
request is forwarded via HTTP potentially exposing sensitive information in 
plain-text.

To be clear, the issue here isn't with Jetty, despite your assertion(s) 
otherwise. The issue is specifically with Jolokia. 

Furthermore, the [documentation which called this 
out|https://activemq.apache.org/components/artemis/documentation/latest/versions.html#upgrading-from-2-39-0]
 is _not_  "jetty upgrade notes" but rather the upgrade instructions for 
ActiveMQ Artemis.

That said, I agree that it's worth putting a related comment into the default 
{{jolokia-access.xml}}.

> Cannot proxy traffic to jolokia when SSL is terminated
> ------------------------------------------------------
>
>                 Key: ARTEMIS-5559
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-5559
>             Project: ActiveMQ Artemis
>          Issue Type: Bug
>          Components: Web Console
>            Reporter: Gašper Čefarin
>            Priority: Major
>         Attachments: jolokia_403.png, results2.png
>
>
> A problem appeared when upgrading from 2.37 to 2.41. I strongly suspect it 
> happens when upgrading from jetty 11 to 12.
> This is one of the only visible problems - response from 
> {{https://xxxxxxxxxx/console/jolokia}} (actual http response is 200)
> !jolokia_403.png|width=75%!
> This is how the "console" looks:
> !results2.png|width=75%!
> I was not able to find a solution yet which would work with haproxy.
> Exposing via jetty only works fine.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
For further information, visit: https://activemq.apache.org/contact

Reply via email to