Critical Description
When you make a request like this that is routed through a load balancer
curl -i -u guest:guest-password -X PUT 'http://localhost:8080/gateway/default/webhdfs/v1/tmp/LICENSE?op=CREATE'
Knox currently will return something like this
https://backend:8443/gateway/default/webhdfs/data/v1/webhdfs/v1/tmp/LICENSE?_=AAAACAAAABAAAACQccBhGqTbDtfqAt7vzK1H39SnCZo7W14qCIs67ctZAJDXr9fEyJbo1H9AO8prLGdV8Jmz5TO_novslggJwY7E9Vep4eFP0auaxVpfBz4QG-ktSuviEU5aHl8om_SkuGLOwSDjBRZASXrV1huqKU-K_mKkCaPnC0NkCpRQRL0LMkGvB8yrl6_1vNkaoXTxwjm0kp1EhgniovHJVmfcPbjKmmoh-boVy1cj
To avoid confusion the 'backend' in the URL above is in no way correct but is in part caused because nginx is sending that value in the Host header. That is peculiar to nginx and could be fixed with nginx configuration.
The issue here is that Knox used the hostname from the Host header and the local port. I'm not exactly sure what the right answer it but I'm sure mixing is bad. We should either be using the information from the Host header or the information from the local endpoint of the socket. The way Knox was working before the fix for KNOX-439 was to use the local endpoint information so I'm going to fix this issue making that assumption.
I used nginx to reproduce the issue. This is the final configured I used to verify the fix. Note that the 'proxy_redirect' would need to be removed to see exactly what Knox is returning and compare to what is shown above.
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
upstream backend {
server c6402.ambari.apache.org:8443;
}
server {
listen 8080;
server_name localhost;
location / {
proxy_pass https://backend;
proxy_redirect https://c6402.ambari.apache.org:8443/ http://$host:$server_port/;
}
}
}
Attachments
Attachments
Issue Links
- is related to
-
KNOX-439 URL pattern matching fails for default ports HTTP 80 and HTTPS 443
-
- Closed
-