Re: [jetty-users] Jetty 12 return wrong Host header?

Mon, 14 Aug 2023 00:27:27 -0700 

Hi,
to me both issues looked related, but yes - it is a bit different. In my case it affects HTTP/1.1 (as NGINX forwards using that protocol), in Silvio's it looks HTTP/2. 


If I have a bit of time I will try to write a small embedded jetty 
reproducer that returns different results for Jetty 10 and 12.



Because Silvio said, that he uses HostHeaderCustomizer I thought it 
might be related. But difference is that for me the getRequestURL() 
contains wrong port, but for him it is the host header (I have no 
checked the Host header here, as the servilet in questin was using 
getRequestURL()).


Uwe

Am 14.08.2023 um 00:54 schrieb Silvio Bierman via jetty-users:

Issue opened:

https://github.com/eclipse/jetty.project/issues/10306

On 13-08-2023 01:31, Greg Wilkins via jetty-users wrote:

Actually,

I think Uwe's and Silvio's problems are similar but different.


Silvio, you have no forwarded request customizer headers and a real 
"demo.jambo.software:8443" as the host header value.  This could be a 
http2 issue in recreating that header.

Uwe's issue is more about the customizer.

So Silvio, perhaps open a second issue?

cheers

P.S. We expect at least a monthly cadence of 12.0.x releases.



On Sun, 13 Aug 2023 at 08:52, Greg Wilkins <[email protected]> wrote:

    Silvio,

    I'll respond more in Uwe's issue.  Please post your details there
    to help the triage.

    cheers



    On Sun, 13 Aug 2023 at 05:19, Uwe Schindler via jetty-users
    <[email protected]> wrote:

        I opened: https://github.com/eclipse/jetty.project/issues/10304

        Am 12.08.2023 um 19:30 schrieb Uwe Schindler via jetty-users:


        I have seen the same after upgrading my project to Java 12.
        The problem is that all Customizers are not able to
        correctly set the port number.

        This is a blocker issue, because it makes it impossible to
        setup this common setup:

          * NGINX as user facing web server with HTTPS enabled
          * NGINX forwarding the requests to jetty listen only on
            localhost with some arbitrary port number (in my case
            8081). NGINX sets the following headers:
            X-Forwarded-For, X-Forwarded-Proto, original "Host"
            header as sent by client (no rewriting)
          * Jetty with: http_config.addCustomizer(new
            ForwardedRequestCustomizer());
          * Jetty 10 works fine it reads the clien't IP address and
            all other information from X-Forwarded-For, the scheme
            is read from X-Forwarded-Proto, and host header is
            coming from "Host" header. It also extracts the port
            number from the host.
          * Jetty 12 is setup in same way, it successfully extracts
            the client's IP address and also it returns secure=true
            and uses "https://"; for
            javax.servlet.HttServletRequest#getRequestURL(). But it
            always adds its own private port number. I also tried to
            use setForcedHost("xyz:443") to make sure it sees a port
            number. It still constructs all URLs with port number
            8081 where it listens on.

        I will open a bug report. From my experience the
        "customize()" method in the RequestCustomizer does
        everything right also also returns the port number, but the
        javax.servlet API seems to still use the port number used by
        the connector's channel.

        I reverted back to Jetty 10. This won't work here. If you
        have any suggestion to get the port corrcet, tell me,
        everything like subclassing and implementing my own
        cutsomizer did not work. I was not able to debug through
        everything and figure out where the listener port gets
        injected again.

        I can say: With current status Jetty 12 is unuseable with
        the common proxy setup using ForwardedRequestCustomizer as
        it tried to always inject its own hidden/private port number
        instead of the default for the port as negotiated by
        client/proxy with the Host header.


        -- 
        Uwe Schindler
        [email protected]  
        ASF Member, Member of PMC and Committer of Apache Lucene and Apache Solr

        Bremen, Germany
        https://lucene.apache.org/
        https://solr.apache.org/

        _______________________________________________
        jetty-users mailing list
        [email protected]
        To unsubscribe from this list, visit
        https://www.eclipse.org/mailman/listinfo/jetty-users




    -- 
    Greg Wilkins <[email protected]> CTO http://webtide.com




--
Greg Wilkins <[email protected]> CTO http://webtide.com

_______________________________________________
jetty-users mailing list
[email protected]
To unsubscribe from this list, 
visithttps://www.eclipse.org/mailman/listinfo/jetty-users



_______________________________________________
jetty-users mailing list
[email protected]
To unsubscribe from this list, 
visithttps://www.eclipse.org/mailman/listinfo/jetty-users


--
Uwe Schindler

[email protected]  
ASF Member, Member of PMC and Committer of Apache Lucene and Apache Solr

Bremen, Germany
https://lucene.apache.org/
https://solr.apache.org/

_______________________________________________
jetty-users mailing list
[email protected]
To unsubscribe from this list, visit 
https://www.eclipse.org/mailman/listinfo/jetty-users






















					Reply via email to