grouper-users - RE: [grouper-users] New UI problems with reverse proxy
Subject: Grouper Users - Open Discussion List
List archive
- From: "Hyzer, Chris" <>
- To: Darren Boss <>, "" <>
- Subject: RE: [grouper-users] New UI problems with reverse proxy
- Date: Mon, 18 Sep 2017 14:13:16 +0000
- Accept-language: en-US
- Authentication-results: spf=none (sender IP is ) ;
- Ironport-phdr: 9a23:kHaInhGfFoh7CBJRsZw1O51GYnF86YWxBRYc798ds5kLTJ76p825bnLW6fgltlLVR4KTs6sC0LuG9fi4EUU7or+5+EgYd5JNUxJXwe43pCcHRPC/NEvgMfTxZDY7FskRHHVs/nW8LFQHUJ2mPw6arXK99yMdFQviPgRpOOv1BpTSj8Oq3Oyu5pHfeQtFiT6+bL9oMBm6sRjau9ULj4dlNqs/0AbCrGFSe+RRy2NoJFaTkAj568yt4pNt8Dletuw4+cJYXqr0Y6o3TbpDDDQ7KG81/9HktQPCTQSU+HQRVHgdnwdSDAjE6BH6WYrxsjf/u+Fg1iSWIdH6QLYpUjm58axlVAHnhzsGNz4h8WHYlMpwjL5AoBm8oxBz2pPYbJ2JOPZ7eK7WYNEUSndbXstJVyJPHJ6yb5cBAeQCM+ZXrYj9qEcBohalHwagGP/jxyVUinPq36A31fkqHwHc3AwnGtIDqHrYotf1NaYTT++11rHExijdYvNWwzf96ZPIfh48qvyLWLJ/bcrRyEkuFgzblFWdso3lPyiJ2egXrmib9/RvVeSpi2I9tQ5+vyWvy94qh4LUiIwVzVXE+j94wIYzPdC3VFR0Ydq4H5tNsyGVK5F5QsU4TG51oik20KEJtoSjcCcWz5Qnwgbfa+Gbc4eW/h3sTuCRLi1li31/Yr6wmwy9/E69weP/Tsm5yEhGojZHn9XWuX0A1gbf5tWGR/Zz5EutxyqD2xjO5uxKPUw4j67WJ4M7zrIui5YetV7PEjL0lUj3iqKda18q9fKy6+v9Z7Xrvp+cOJFwigH5KqkggtCyD+MkPgUARmSV9+Oy2bP68U3+W7pFkOc6kq7EsJDGPssbobO5AwlI3Yo58xa/FTCm0MgGknYbMFJFeRWHj47zN1HJPfD4EfO/g1OrkDdo3fzJIrrhApDVInjClrfuY6p95lZCxAYvz91T/Z1ZB7AbLP7uW0L8usbUAgElPwCsxuboEtR91ocQWWKVBa+ZNbvfsVqU6eIvI+iNZZEauCzmJvgk/P7hkWU1mUIFfaa325sXbmq0Eep7LEWEeXbsmMsOEX8WvgoiS+znkFKCUSRUZ3avR6Iz+Cs7BJu7DYfYWI+tmqeB0Ty/Hp1XfWBGFkuMHWnye4WFXfcMdDydItVnkjMaSbitVZUt2g+zuw/nmPJbKb/48zcCuJSr/t9u/KWHmRgo7zFySc6ayHqlRGZxhn4USjQ/2qlzqAp2wwHHmeJ3mftFDdFJou5SXx0hHZ/a0+FgDd3uAETMcsrDAAKpWNK7GTwrC88qzsUVS0d7B9i4iB3fhWynD6JDxJKRA5lhuILNzXXrY45Wy2zHz+Np21wtQtpdOHeOh7V0sRXLCojP1UiVivD5JuwnwCfR+TLbniK1t0ZCXVs1CP2dUA==
- Spamdiagnosticmetadata: NSPM
- Spamdiagnosticoutput: 1:99
|
> Full disclousure, I'm running Grouper in containers under Kubernetes with an nginx ingress
> controller which is terminating TLS at the ingress. When I use "kubectl port-forward pod-name"
> and access the ui over localhost:8080 I have no issues in accessing the interface. So you are saying it works when you are not load balancing? But it doesn’t work with load balancing? Is the load balancing sticky by cookie? Does it work if
it is load balancing with one node in the pool? What the X-Grouper-path response http header coming back from the server? Are you sure there are no errors in any of the logs? Thanks Chris From: [mailto:]
On Behalf Of Darren Boss Question about the New UI and OWASP csrfguard and accessing the UI behind a nginx reverse proxy. Took me a little while to figure out the additions to make to Tomcat to fix the major issue of accessing the UI after which the admin ui works. This is a common solution when running tomcat behind a reverse proxy. I have another tweak for
Jetty that accomplished the same. <Valve className="org.apache.catalina.valves.RemoteIpValve" internalProxies="my.nginx.proxy.address" remoteIpHeader="x-forwarded-for" requestAttributesEnabled="true" protocolHeader="x-forwarded-proto" protocolHeaderHttpsValue="https"/> Now when I click on any link in the new ui I end up in an infinite redirect loop with &csrfExtraParam=xyz being added to the existing url on every redirect. I've tried to search through the mailing list to find a resolution. I know there
are lots of deployments behind reverse proxies so this should be a solved issue. Full disclousure, I'm running Grouper in containers under Kubernetes with an nginx ingress controller which is terminating TLS at the ingress. When I use "kubectl port-forward pod-name" and access the ui over localhost:8080 I have no issues
in accessing the interface. I'm also incredably new to deploying grouper but had been using the deployment at Duke when I was a staff member there and I believe their deployment was running under OpenShift so probably a similar deployment to what I'm doing now. -- Darren Boss Senior Programmer/Analyst (c) 919.525.0083
|
- [grouper-users] New UI problems with reverse proxy, Darren Boss, 09/18/2017
- RE: [grouper-users] New UI problems with reverse proxy, Hyzer, Chris, 09/18/2017
- Re: [grouper-users] New UI problems with reverse proxy, Darren Boss, 09/18/2017
- Re: [grouper-users] New UI problems with reverse proxy, Darren Boss, 09/19/2017
- RE: [grouper-users] New UI problems with reverse proxy, Hyzer, Chris, 09/20/2017
- Re: [grouper-users] New UI problems with reverse proxy, Darren Boss, 09/20/2017
- Re: [grouper-users] New UI problems with reverse proxy, Darren Boss, 09/22/2017
- Re: [grouper-users] New UI problems with reverse proxy, Darren Boss, 09/22/2017
- Re: [grouper-users] New UI problems with reverse proxy, Darren Boss, 09/22/2017
- Re: [grouper-users] New UI problems with reverse proxy, Darren Boss, 09/22/2017
- RE: [grouper-users] New UI problems with reverse proxy, Hyzer, Chris, 09/22/2017
- RE: [grouper-users] New UI problems with reverse proxy, Hyzer, Chris, 09/25/2017
- Re: [grouper-users] New UI problems with reverse proxy, Darren Boss, 09/22/2017
- Re: [grouper-users] New UI problems with reverse proxy, Darren Boss, 09/22/2017
- Re: [grouper-users] New UI problems with reverse proxy, Darren Boss, 09/20/2017
- RE: [grouper-users] New UI problems with reverse proxy, Hyzer, Chris, 09/20/2017
- RE: [grouper-users] New UI problems with reverse proxy, Hyzer, Chris, 09/18/2017
Archive powered by MHonArc 2.6.19.