Marcelo Masiero Vanzin created SPARK-30240: ----------------------------------------------
Summary: Spark UI redirects do not always work behind (dumb) proxies Key: SPARK-30240 URL: https://issues.apache.org/jira/browse/SPARK-30240 Project: Spark Issue Type: Improvement Components: Web UI Affects Versions: 3.0.0 Reporter: Marcelo Masiero Vanzin Spark's support for proxy servers allows the code to prepend a prefix to URIs generated by Spark pages. But if Spark sends a redirect to the client, then Spark's own full URL is exposed. If the client cannot access that URL, or it's incorrect for whatever reason, then things do not work. For example, if you set up an stunnel HTTPS proxy on port 4443, and get the root of the Spark UI, you get this back (with all the TLS stuff stripped): {noformat} $ curl -v -k https://vanzin-t460p:4443/ * Trying 127.0.1.1... * Connected to vanzin-t460p (127.0.1.1) port 4443 (#0) > GET / HTTP/1.1 > Host: vanzin-t460p:4443 > User-Agent: curl/7.58.0 > Accept: */* > < HTTP/1.1 302 Found < Date: Thu, 12 Dec 2019 22:09:52 GMT < Cache-Control: no-cache, no-store, must-revalidate < X-Frame-Options: SAMEORIGIN < X-XSS-Protection: 1; mode=block < X-Content-Type-Options: nosniff < Location: http://vanzin-t460p:4443/jobs/ < Content-Length: 0 < Server: Jetty(9.4.18.v20190429) {noformat} So you can see that Jetty respects the "Host" header, but that has no information about the protocol, and Spark has no idea that the proxy is using HTTPS. So the returned URL does not work. Some proxies are smart enough to rewrite responses, but it would be nice (and pretty easy) for Spark to support this simple use case. -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org