Skip to Content.
Sympa Menu

grouper-users - [grouper-users] New UI problems with reverse proxy

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] New UI problems with reverse proxy


Chronological Thread 
  • From: Darren Boss <>
  • To:
  • Subject: [grouper-users] New UI problems with reverse proxy
  • Date: Mon, 18 Sep 2017 13:57:34 +0000
  • Ironport-phdr: 9a23:3XL9CR9k/qFUeP9uRHKM819IXTAuvvDOBiVQ1KB32+gcTK2v8tzYMVDF4r011RmSDNWds6oMotGVmpioYXYH75eFvSJKW713fDhBt/8rmRc9CtWOE0zxIa2iRSU7GMNfSA0tpCnjYgBaF8nkelLdvGC54yIMFRXjLwp1Ifn+FpLPg8it2e2//57ebx9UiDahfLh/MAi4oQLNu8cMnIBsMLwxyhzHontJf+RZ22ZlLk+Nkhj/+8m94odt/zxftPw9+cFAV776f7kjQrxDEDsmKWE169b1uhTFUACC+2ETUmQSkhpPHgjF8BT3VYr/vyfmquZw3jSRMMvrRr42RDui9b9mRxDohikJNDA37X/ZhdBrga1BvB6svQZyz5LIbIyXMvd1Y6PTfckdRWpERstfWTZOApmmb4QRCeoKIPtVr47mp1sVsBCzAhSjC/n1yj9SmHD227c23P8mEQHdxwwtBM4BsHPRrNXtKacSTf66w7XSwjXFdfxZxC3y5JLUfR87uPyBW697f8TWyUkqDQzFj1OQpJT5MDyP0uQCr3Wb7+58Wu21jW4osRx+rSK1ysgwkIbFnp4aylfB9SVh3YY1OcO3R1Jhbt6iCpRfqjuVO5FqTcw4RWxjpSU0yqUetJKlfSUG1JYqyhvRa/GEaIeE/hfuWemNLTtkmX5ofa6wiwqz/EWlz+DwSNe430tMoyFYiNfDrGoN2AbW6sWfSvty4EOh2TGX2gDW8O5EIEQ0mbPaK54m3rI8j5USvVrdEiDrgkn2g6iWdkIr+uis9evreKnpppiZN4NsiwH+NLohmtCnDOgmMwUCQ2qW9OGy1LDg5kL1XLBHg/IqnqXFrZzXINgUqrK4DgJQ14sv9QizACq+3NQdh3YHLVZFeBydj4juPlHDOO33Au2lg1S2jjhrwerKMabmApXWNXjOi6vufbF4605E1Qoz0c5Q6I5OBbEHOv38R1X+uMbEARAjKwC02froCM1h1oMCXmKCGqCZMLnVsV+V/uIgPfOMaJYIuDbmNfcl/eXugGQ9mV8cZqmpwYAXZG6iEvRnJUWZfWTjgs0HEWgUogoyUvbmh0OfXj5OND6OWPcz/DYmEI+8SJrYS5q2qL2HwCqhGJBKPCZLBk3fP23vctCoUu0WZSTaCMh6iXRQWbG7UYInkxuprxTSwL1iNvfI9yYRs5vv3Z5+7ruAxlkJ6TVoApHFgCm2RGZukzZQSg==

Question about the New UI and OWASP csrfguard and accessing the UI behind a nginx reverse proxy.

Took me a little while to figure out the additions to make to Tomcat to fix the major issue of accessing the UI after which the admin ui works. This is a common solution when running tomcat behind a reverse proxy. I have another tweak for Jetty that accomplished the same.

<Valve className="org.apache.catalina.valves.RemoteIpValve"
        internalProxies="my.nginx.proxy.address"
        remoteIpHeader="x-forwarded-for"
        requestAttributesEnabled="true"
        protocolHeader="x-forwarded-proto"
        protocolHeaderHttpsValue="https"/>

Now when I click on any link in the new ui I end up in an infinite redirect loop with &csrfExtraParam=xyz being added to the existing url on every redirect. I've tried to search through the mailing list to find a resolution. I know there are lots of deployments behind reverse proxies so this should be a solved issue.

Full disclousure, I'm running Grouper in containers under Kubernetes with an nginx ingress controller which is terminating TLS at the ingress. When I use "kubectl port-forward pod-name" and access the ui over localhost:8080 I have no issues in accessing the interface.

I'm also incredably new to deploying grouper but had been using the deployment at Duke when I was a staff member there and I believe their deployment was running under OpenShift so probably a similar deployment to what I'm doing now.
--

Darren Boss

Senior Programmer/Analyst
Programmeur-analyste principal


(o) 416.228.1234 x
230
(c) 919.525.0083

155 University Ave, Suite 302 Toronto, ON M5H 3B7
www.computecanada.ca / www.calculcanada.ca 
@ComputeCanada 





Archive powered by MHonArc 2.6.19.

Top of Page