[
https://issues.apache.org/jira/browse/KNOX-464?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14206819#comment-14206819
]
Kevin Minder commented on KNOX-464:
---
All of the magic is in
gateway-provider-rewrite/src/main/java/org/apache/hadoop/gateway/filter/rewrite/impl/UrlRewriteResponse.java
method getGatewayParam.
This is what ultimately ends up resolving the {gateway.url} in this rule.
rule dir=OUT name=WEBHDFS/webhdfs/outbound/namenode/headers/location
match pattern={scheme}://{host}:{port}/{path=**}?{**}/
rewrite
template={gateway.url}/webhdfs/data/v1/{path=**}?{scheme}?host={$hostmap(host)}?{port}?{**}/
encrypt-query/
/rule
in this ruleset.
gateway-service-webhdfs/src/main/resources/org/apache/hadoop/gateway/hdfs/WebHdfsDeploymentContributor/rewrite.xml
This was put into the code before I had implemented functions in rules so it is
a bit wierd.
Location headers have wrong hostname when used behind load balancer
---
Key: KNOX-464
URL: https://issues.apache.org/jira/browse/KNOX-464
Project: Apache Knox
Issue Type: Bug
Components: Server
Affects Versions: 0.5.0
Reporter: Kevin Minder
Assignee: Kevin Minder
Priority: Critical
Fix For: 0.6.0
Attachments: KNOX-464.patch
When you make a request like this that is routed through a load balancer
{code}
curl -i -u guest:guest-password -X PUT
'http://localhost:8080/gateway/default/webhdfs/v1/tmp/LICENSE?op=CREATE'
{code}
Knox currently will return something like this
{code}
https://backend:8443/gateway/default/webhdfs/data/v1/webhdfs/v1/tmp/LICENSE?_=CBCQccBhGqTbDtfqAt7vzK1H39SnCZo7W14qCIs67ctZAJDXr9fEyJbo1H9AO8prLGdV8Jmz5TO_novslggJwY7E9Vep4eFP0auaxVpfBz4QG-ktSuviEU5aHl8om_SkuGLOwSDjBRZASXrV1huqKU-K_mKkCaPnC0NkCpRQRL0LMkGvB8yrl6_1vNkaoXTxwjm0kp1EhgniovHJVmfcPbjKmmoh-boVy1cj
{code}
To avoid confusion the 'backend' in the URL above is in no way correct but is
in part caused because nginx is sending that value in the Host header. That
is peculiar to nginx and could be fixed with nginx configuration.
The issue here is that Knox used the hostname from the Host header and the
local port. I'm not exactly sure what the right answer it but I'm sure
mixing is bad. We should either be using the information from the Host
header or the information from the local endpoint of the socket. The way
Knox was working before the fix for KNOX-439 was to use the local endpoint
information so I'm going to fix this issue making that assumption.
I used nginx to reproduce the issue. This is the final configured I used to
verify the fix. Note that the 'proxy_redirect' would need to be removed to
see exactly what Knox is returning and compare to what is shown above.
{code}
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfileon;
keepalive_timeout 65;
upstream backend {
server c6402.ambari.apache.org:8443;
}
server {
listen 8080;
server_name localhost;
location / {
proxy_pass https://backend;
proxy_redirect https://c6402.ambari.apache.org:8443/
http://$host:$server_port/;
}
}
}
{code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)