Bug 1018111 - https redirection broken
https redirection broken
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-engine-webadmin-portal (Show other bugs)
3.3.0
Unspecified Unspecified
urgent Severity urgent
: ---
: 3.3.0
Assigned To: Juan Hernández
Jiri Belka
ux
: Regression, Triaged
: 1017744 (view as bug list)
Depends On: 1018365
Blocks: 3.3snap2
  Show dependency treegraph
 
Reported: 2013-10-11 05:16 EDT by Jiri Belka
Modified: 2014-01-21 17:25 EST (History)
10 users (show)

See Also:
Fixed In Version: is22
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-01-21 17:19:32 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
httpd logs (129.55 KB, application/x-xz)
2013-10-11 05:21 EDT, Jiri Belka
no flags Details
engine.log,server.log (15.17 MB, application/x-xz)
2013-10-11 05:25 EDT, Jiri Belka
no flags Details

  None (edit)
Description Jiri Belka 2013-10-11 05:16:19 EDT
Description of problem:

HTTPS is broken, instead of Admin Portal I see:

-%-
JBWEB000065: HTTP Status 403 -

JBWEB000309: type JBWEB000067: Status report

JBWEB000068: message

JBWEB000069: description JBWEB000123: Access to the specified resource has been forbidden.
JBoss Web/7.2.2.Final-redhat-1
-%-

Changing URL to have 'https' instead of 'http' makes it working again.

access.log for FF from RHEL6.4
-%-
10.34.131.48 - - [11/Oct/2013:11:13:46 +0200] "GET / HTTP/1.1" 302 364 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130912 Firefox/17.0"
10.34.131.48 - - [11/Oct/2013:11:13:46 +0200] "GET /ovirt-engine/ HTTP/1.1" 200 6965 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130912 Firefox/17.0"
10.34.131.48 - - [11/Oct/2013:11:13:46 +0200] "GET /ovirt-engine-theme/00-ovirt.brand/welcome_style.css HTTP/1.1" 200 662 "http://jb-rh33.rhev.lab.eng.brq.redhat.com/ovirt-engine/" "Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130912 Firefox/17.0"
10.34.131.48 - - [11/Oct/2013:11:13:46 +0200] "GET /ovirt-engine-theme/50-rhev-1.brand/welcome_style.css HTTP/1.1" 200 472 "http://jb-rh33.rhev.lab.eng.brq.redhat.com/ovirt-engine/" "Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130912 Firefox/17.0"
10.34.131.48 - - [11/Oct/2013:11:13:46 +0200] "GET /ovirt-engine/splash.js HTTP/1.1" 200 864 "http://jb-rh33.rhev.lab.eng.brq.redhat.com/ovirt-engine/" "Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130912 Firefox/17.0"
10.34.131.48 - - [11/Oct/2013:11:13:46 +0200] "GET /ovirt-engine-theme-resource/favicon HTTP/1.1" 200 318 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130912 Firefox/17.0"
10.34.131.48 - - [11/Oct/2013:11:13:46 +0200] "GET /ovirt-engine-theme/50-rhev-1.brand/images/welcome/bg_main.gif HTTP/1.1" 200 1395 "http://jb-rh33.rhev.lab.eng.brq.redhat.com/ovirt-engine-theme/50-rhev-1.brand/welcome_style.css" "Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130912 Firefox/17.0"
10.34.131.48 - - [11/Oct/2013:11:13:46 +0200] "GET /ovirt-engine-theme/50-rhev-1.brand/images/welcome/logo_redhat.gif HTTP/1.1" 200 2341 "http://jb-rh33.rhev.lab.eng.brq.redhat.com/ovirt-engine-theme/50-rhev-1.brand/welcome_style.css" "Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130912 Firefox/17.0"
10.34.131.48 - - [11/Oct/2013:11:13:46 +0200] "GET /ovirt-engine-theme/50-rhev-1.brand/images/welcome/header_right.jpg HTTP/1.1" 200 23647 "http://jb-rh33.rhev.lab.eng.brq.redhat.com/ovirt-engine-theme/50-rhev-1.brand/welcome_style.css" "Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130912 Firefox/17.0"
10.34.131.48 - - [11/Oct/2013:11:13:46 +0200] "GET /ovirt-engine-theme/50-rhev-1.brand/images/welcome/bg_head.gif HTTP/1.1" 200 57 "http://jb-rh33.rhev.lab.eng.brq.redhat.com/ovirt-engine-theme/50-rhev-1.brand/welcome_style.css" "Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130912 Firefox/17.0"
10.34.131.48 - - [11/Oct/2013:11:13:46 +0200] "GET /ovirt-engine-theme/00-ovirt.brand/images/triangle_down_gray.gif HTTP/1.1" 200 821 "http://jb-rh33.rhev.lab.eng.brq.redhat.com/ovirt-engine-theme/00-ovirt.brand/welcome_style.css" "Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130912 Firefox/17.0"
10.34.131.48 - - [11/Oct/2013:11:14:03 +0200] "GET /webadmin/webadmin/WebAdmin.html?locale=en_US HTTP/1.1" 403 431 "http://jb-rh33.rhev.lab.eng.brq.redhat.com/ovirt-engine/" "Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130912 Firefox/17.0"
10.34.131.48 - - [11/Oct/2013:11:14:03 +0200] "GET /favicon.ico HTTP/1.1" 404 333 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130912 Firefox/17.0"
10.34.131.48 - - [11/Oct/2013:11:14:03 +0200] "GET /favicon.ico HTTP/1.1" 404 333 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130912 Firefox/17.0"
-%-

access.log for IE from W7 64bit
-%-
10.34.61.158 - - [11/Oct/2013:11:15:10 +0200] "GET / HTTP/1.1" 302 364 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
10.34.61.158 - - [11/Oct/2013:11:15:10 +0200] "GET /ovirt-engine/ HTTP/1.1" 200 6965 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
10.34.61.158 - - [11/Oct/2013:11:15:10 +0200] "GET /ovirt-engine-theme/00-ovirt.brand/welcome_style.css HTTP/1.1" 304 - "http://jb-rh33.rhev.lab.eng.brq.redhat.com/ovirt-engine/" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
10.34.61.158 - - [11/Oct/2013:11:15:10 +0200] "GET /ovirt-engine-theme/50-rhev-1.brand/welcome_style.css HTTP/1.1" 304 - "http://jb-rh33.rhev.lab.eng.brq.redhat.com/ovirt-engine/" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
10.34.61.158 - - [11/Oct/2013:11:15:10 +0200] "GET /ovirt-engine-theme/00-ovirt.brand/images/triangle_down_gray.gif HTTP/1.1" 304 - "http://jb-rh33.rhev.lab.eng.brq.redhat.com/ovirt-engine/" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
10.34.61.158 - - [11/Oct/2013:11:15:10 +0200] "GET /ovirt-engine-theme/50-rhev-1.brand/images/welcome/header_right.jpg HTTP/1.1" 304 - "http://jb-rh33.rhev.lab.eng.brq.redhat.com/ovirt-engine/" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
10.34.61.158 - - [11/Oct/2013:11:15:10 +0200] "GET /ovirt-engine-theme/50-rhev-1.brand/images/welcome/bg_main.gif HTTP/1.1" 304 - "http://jb-rh33.rhev.lab.eng.brq.redhat.com/ovirt-engine/" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
10.34.61.158 - - [11/Oct/2013:11:15:10 +0200] "GET /ovirt-engine-theme/50-rhev-1.brand/images/welcome/logo_redhat.gif HTTP/1.1" 304 - "http://jb-rh33.rhev.lab.eng.brq.redhat.com/ovirt-engine/" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
10.34.61.158 - - [11/Oct/2013:11:15:10 +0200] "GET /ovirt-engine-theme/50-rhev-1.brand/images/welcome/bg_head.gif HTTP/1.1" 304 - "http://jb-rh33.rhev.lab.eng.brq.redhat.com/ovirt-engine/" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
10.34.61.158 - - [11/Oct/2013:11:15:12 +0200] "GET /webadmin/webadmin/WebAdmin.html?locale=en_US HTTP/1.1" 403 431 "http://jb-rh33.rhev.lab.eng.brq.redhat.com/ovirt-engine/" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
-%-

No sure if this helps...

-%-
# diff -uNp /etc/httpd/conf.d/z-ovirt-engine-proxy.con{f,f.*}
--- /etc/httpd/conf.d/z-ovirt-engine-proxy.conf 2013-10-09 17:44:54.416147990 +0200
+++ /etc/httpd/conf.d/z-ovirt-engine-proxy.conf.20131009174454  2013-10-09 17:36:18.161427000 +0200
@@ -41,7 +41,7 @@
         ProxyPass ajp://127.0.0.1:8702/
     </Location>
 
-    <LocationMatch ^/(UserPortal($|/)|RHEVManagerWeb($|/)|OvirtEngineWeb($|/)|webadmin($|/)|docs($|/)|ovirt-engine-theme/|ovirt-engine-theme-resource/|ca.crt$|engine.ssh.key.txt$|rhevm.ssh.key.txt$|ovirt-engine-files/|ovirt-engine-attachment/|ovirt-engine-novnc-main.html$|ovirt-engine-spicehtml5-main.html$)>
+    <LocationMatch ^/(UserPortal($|/)|RHEVManagerWeb($|/)|OvirtEngineWeb($|/)|webadmin($|/)|docs($|/)|ovirt-engine-novnc/|ovirt-engine-novnc-main.html$|ovirt-engine-theme/|ovirt-engine-theme-resource/|ovirt-engine-spicehtml5/|ovirt-engine-spicehtml5-main.html$|spice/|ca.crt$|engine.ssh.key.txt$|rhevm.ssh.key.txt$|ovirt-engine-attachment/)>
         ProxyPassMatch ajp://127.0.0.1:8702
         <IfModule deflate_module>
             AddOutputFilterByType DEFLATE text/javascript text/css text/html text/xml text/json application/xml application/json application/x-yaml
-%-

Version-Release number of selected component (if applicable):
is18
rhevm-3.3.0-0.25.beta1.el6ev.noarch
jbossas-core-7.3.0-1.Final_redhat_6.1.ep6.el6.noarch (from JBEAP-6.2.0.ER3.1)

How reproducible:
100%

Steps to Reproduce:
0. cd ~ ; rm -rf .mozilla (just to be sure you have clean FF profile!)
1. http://$domain
2. check url if it contains https
3. click admin portal

Actual results:
access forbidden and not via https

Expected results:
https and see login screen for admin portal

Additional info:
same for user portal
Comment 1 Jiri Belka 2013-10-11 05:21:43 EDT
Created attachment 810935 [details]
httpd logs
Comment 2 Jiri Belka 2013-10-11 05:25:47 EDT
Created attachment 810936 [details]
engine.log,server.log
Comment 3 Jiri Belka 2013-10-11 05:43:44 EDT
It did work with jboss-as-server-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch but not anymore with jboss-as-version-7.3.0-2.Final_redhat_6.1.ep6.el6.noarch (according to pnovotny@).
Comment 4 Pavel Novotny 2013-10-11 06:32:30 EDT
(In reply to Jiri Belka from comment #3)
> It did work with jboss-as-server-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch
> but not anymore with
> jboss-as-version-7.3.0-2.Final_redhat_6.1.ep6.el6.noarch (according to
> pnovotny@).

Yes, confirming that after manual update of jboss\* from 7.2.1 to 7.3.0 the redirecting to HTTPS broke.
Comment 5 Itamar Heim 2013-10-11 09:59:52 EDT
*** Bug 1017744 has been marked as a duplicate of this bug. ***
Comment 6 Itamar Heim 2013-10-11 10:01:58 EDT
we need to know if new jboss will break existing 3.1/3.2 customers as well, or its a 3.3 issue only, and the reason for breakage
Comment 7 Juan Hernández 2013-10-11 15:05:41 EDT
I verified this with the latest EAP 6.2.0 ER5.1 repository. The problem is that the "redirect-port" attribute of the AJP connector stopped working. It did work with EAP 6.1.0. It will affect 3.1 and 3.2 customers as well.

I opened bug 1018365 for EAP as I think it is a general EAP issue.
Comment 8 Juan Hernández 2013-10-16 05:37:49 EDT
The EAP bug has been moved to MODIFIED and will be included in ER7, so I guess this should be moved to MODIFIED as well. Jiri, please remember to move it to ON_QA when you start testing with ER7.
Comment 9 Jiri Belka 2013-10-16 07:06:09 EDT
Could anybody then please raise publicly what should be *next* jboss version to test with 3.3 RHEVM? Till now we were using 6.2.0.ER3.1. So it is not missed by anybody :)
Comment 10 Juan Hernández 2013-10-16 10:21:07 EDT
In my opinion it should be ER7, as soon as it becomes available.
Comment 11 Einav Cohen 2013-11-07 09:51:04 EST
is22 is to be tested with ER7, in which bug 1018365 (JBoss) has been solved.
Comment 12 Jiri Belka 2013-11-08 10:21:49 EST
ok, is22.
Comment 13 Itamar Heim 2014-01-21 17:19:32 EST
Closing - RHEV 3.3 Released
Comment 14 Itamar Heim 2014-01-21 17:25:40 EST
Closing - RHEV 3.3 Released

Note You need to log in before you can comment on or make changes to this bug.