Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Web UI redirects to http even with base-url set to https

Description

When you run OpenNMS behind a reverse proxy that terminates the TLS connection you need to configure the

to set the correct HTTP scheme for the client. When you enter the web UI we see some redirects from Jetty happening to get you from the entrypoint / to /opennms/login.jsp. These redirects are served with HTTP scheme and it seems the base-url setting is ignored even when you enter the web app with HTTPS.

The same thing happens if you enter the password with the redirects to the index.jsp or in case you enter the wrong credentials with the j_spring_security_check which redirects via HTTP to the login.jsp?login_error=1.

In case your reverse proxy automatically redirects everything from HTTP to HTTPS the user won't notice. The problem appears if you don't have port 80 for HTTP available. The flow through these parts in the web UI got stuck cause these redirects can't be delivered.

Here are some screenshots from the network recording which shows this conversation from a browser's perspective:

Acceptance / Success Criteria

None

Attachments

8

Lucidchart Diagrams

Activity

Show:

JianYet May 2, 2022 at 8:12 PM

 

After upgrading OpenNMS, I'm still running into this redirect issue. Below is the flow.

 

log in -> admin -> Configure Notifications -> Configure Destination Paths -> Edit

log in -> admin -> Configure Notifications -> Configure Event Notifications -> Edit

 

Then, I got error

 

 

From web.log, this is recorded

2022-05-02 15:54:05,668 WARN  [qtp609350205-6055] o.e.j.w.s.WebSocketServerFactory: Not a 'HTTP/1.1' request (was [HTTP/1.0])

 

Can you guys test this flow as well? Am I the only one?

Yang Li February 16, 2022 at 2:40 PM

Cool, Thanks for testing

Ronny Trommer February 16, 2022 at 11:55 AM

Tested in and works in my lab environment, here is what I've tested

Behavior without the patch:

Behavior with :

Yang Li February 8, 2022 at 10:24 PM
Edited

Pull request is here https://github.com/OpenNMS/opennms/pull/4210

There is still one minor issue when type https://localhost/opennms into the browser address bar it will redirect to http://localhost/opennms but if type https://localhost/opennms/ it works well and all the traffic will continue to go through HTTPS.

 

The Nginx configure can solve the issue mentioned above, my Nginx conf file

 

 

Yang Li February 3, 2022 at 6:58 PM

This is a common issue when deploying SSL proxy in this way according to this article https://stackoverflow.com/questions/51909211/spring-get-actual-scheme-from-reverse-proxy

Inside LoginUrlAuthenticationEntryPoint.java at line 91 request.getScheme() always return "http". I add the following line in the applicationContext-spring-security.xml file for loginUrlAuthenticationEntryPoint bean it only partially solves the problem. 

The j_spring_security_check and j_spring_security_logout still return http

I am still trying to find another solution.

 

Fixed

Details

Assignee

Reporter

Labels

HB Grooming Date

HB Backlog Status

FD#

Components

Fix versions

Affects versions

Priority

PagerDuty

Created January 13, 2022 at 2:55 PM
Updated September 21, 2022 at 9:42 PM
Resolved February 16, 2022 at 2:41 PM