[jira] [Closed] (MRM-1845) Virtual repository not accessible behind https reverse proxy

Sun, 10 Mar 2019 09:35:12 -0700 


     [ 
https://issues.apache.org/jira/browse/MRM-1845?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Martin Stockhammer closed MRM-1845.
-----------------------------------
    Resolution: Workaround

Closing, because workaround available.

> Virtual repository not accessible behind https reverse proxy
> ------------------------------------------------------------
>
>                 Key: MRM-1845
>                 URL: https://issues.apache.org/jira/browse/MRM-1845
>             Project: Archiva
>          Issue Type: Bug
>          Components: repository interface
>    Affects Versions: 1.4-M4, 2.0.1
>         Environment: Archiva in intranet company, accessed from internet with 
> a https reverse proxy
>            Reporter: Alix Lourme
>            Priority: Major
>
> +Context+ : 
> * Company with multiple repositories (internet/proxied ... snapshot/release) 
> => a virtual repository is configured to provide central access. 
> * No credentials configured to access to Archiva (except admin).
> * This _virtual_ repository is used from internet (suppliers, personal dev, 
> etc) in *https*, a IT reverse proxy bind https internet url to intranet 
> Archiva url.
> +Use case+ : 
> || Url || Result ||
> | 
> http://repository.company-intranet.com/repository/company-releases/groupId/artifactId
>  | works |
> | 
> http://repository.company-intranet.com/repository/virtual/groupId/artifactId 
> | works |
> | 
> https://repository.company-internet.com/repository/company-releases/groupId/artifactId
>  | works (with proxy credentials ... browser or maven) |
> | 
> https://repository.company-internet.com/repository/virtual/groupId/artifactId 
> | *don't works : HTTP 401* |
> _Virtual_ respository from https wan't credentials, with domain : *Repository 
> Archiva Managed virtual Repository* (Powered by _Jetty_).
> After some tests and http call analysis, _virtual_ repository has 
> inconvenience with the header : 
> {code}
> Authorization: Basic Zm9vOm5pY2VUcnkh
> {code}
> This header is filled by reverse proxy.
> _virtual_ repository has no reason to have a different security strategy 
> compared to _classic_ repository => whence this bug.
> ----
> +Workaround+ : If an Apache is in front of Archiva, you could cancel this 
> problem with this configuration rule in _VirtualHost_ context (prerequisite : 
> _headers_module_): 
> {code}
> RequestHeader unset Authorization
> {code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to