Bug 1168036

Summary: Requests made to the nginx router at '/' are forwarded to the first configured HA application
Product: OpenShift Container Platform Reporter: Timothy Williams <tiwillia>
Component: NodeAssignee: chris alfonso <calfonso>
Status: CLOSED ERRATA QA Contact: libra bugs <libra-bugs>
Severity: medium Docs Contact:
Priority: high    
Version: 2.2.0CC: adellape, bleanhar, cryan, hbrock, jialiu, jokerman, libra-onpremise-devel, mmccomas
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: rubygem-openshift-origin-routing-daemon-0.20.2.4-1.el6op Doc Type: Bug Fix
Doc Text:
In OpenShift Enterprise environments using the routing daemon with an Nginx router, requests made to the router at '/' were forwarded to the first configured high-availability application. This was due to a bug in the routing daemon. This bug fix updates the routing daemon to ensure such requests instead return a 404 status, and the requests are no longer incorrectly forwarded.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2014-12-10 13:25:33 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Timothy Williams 2014-11-25 22:55:06 UTC 
Description of problem:
With an HA openshift environment where nginx and the openshift-routing-daemon are utilized, requests made to the router at '/' are forwarded to the first configured application.

Version-Release number of selected component (if applicable):
OSE 2.2.0
rubygem-openshift-origin-routing-daemon-0.17.1.4-1.el6op.noarch

How reproducible:
Always

Steps to Reproduce:
1. Configure an OSE environment with an nginx load balancer and the openshift-routing-daemon.
2. Make a requests to the load balancer's host name
3.

Actual results:
For this example, the load balancer's host name is 'router.rosetta.com'. I set the <title> tag of every application in the env to the application's name:

[root@dns ~]# curl -IL router.rosetta.com
HTTP/1.1 200 OK
Server: nginx/1.6.1
Date: Tue, 25 Nov 2014 22:53:43 GMT
Content-Type: text/html
Content-Length: 39592
Connection: keep-alive
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.21
Status: 200
Set-Cookie: GEAR=local-5474e38fe986407bbd000065; path=/
Cache-control: private

[root@dns ~]# curl router.rosetta.com -s | grep title
  <title>test10</title>

Expected results:
404 or 200 on ngix test page

Additional info:
Comment 2 chris alfonso 2014-11-26 18:15:27 UTC 
Fixed upstream, opened PR.
https://github.com/openshift/origin-server/pull/5984

Will merge to enterprise-server.
Comment 7 Johnny Liu 2014-11-27 05:56:20 UTC 
Verified this bug with rubygem-openshift-origin-routing-daemon-0.20.2.4-1.el6op.noarch, and PASS.


1. After create a scalable app, the following conf file are built.

# cat server.conf 


ssl_certificate /etc/pki/tls/certs/node.example.com.crt;
ssl_certificate_key /etc/pki/tls/private/node.example.com.key;




server {
  listen 80 default_server;
  server_name _;
  location / {
    return 404;
  }
}

server {
  listen 443 ssl default_server;
  server_name _;
  location / {
    return 404;
  }
}


$ curl http://<nginx-host>/
<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.6.1</center>
</body>
</html>
Comment 9 errata-xmlrpc 2014-12-10 13:25:33 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2014-1979.html