Description of problem: HTTPS is broken, instead of Admin Portal I see: -%- JBWEB000065: HTTP Status 403 - JBWEB000309: type JBWEB000067: Status report JBWEB000068: message JBWEB000069: description JBWEB000123: Access to the specified resource has been forbidden. JBoss Web/7.2.2.Final-redhat-1 -%- Changing URL to have 'https' instead of 'http' makes it working again. access.log for FF from RHEL6.4 -%- 10.34.131.48 - - [11/Oct/2013:11:13:46 +0200] "GET / HTTP/1.1" 302 364 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130912 Firefox/17.0" 10.34.131.48 - - [11/Oct/2013:11:13:46 +0200] "GET /ovirt-engine/ HTTP/1.1" 200 6965 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130912 Firefox/17.0" 10.34.131.48 - - [11/Oct/2013:11:13:46 +0200] "GET /ovirt-engine-theme/00-ovirt.brand/welcome_style.css HTTP/1.1" 200 662 "http://jb-rh33.rhev.lab.eng.brq.redhat.com/ovirt-engine/" "Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130912 Firefox/17.0" 10.34.131.48 - - [11/Oct/2013:11:13:46 +0200] "GET /ovirt-engine-theme/50-rhev-1.brand/welcome_style.css HTTP/1.1" 200 472 "http://jb-rh33.rhev.lab.eng.brq.redhat.com/ovirt-engine/" "Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130912 Firefox/17.0" 10.34.131.48 - - [11/Oct/2013:11:13:46 +0200] "GET /ovirt-engine/splash.js HTTP/1.1" 200 864 "http://jb-rh33.rhev.lab.eng.brq.redhat.com/ovirt-engine/" "Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130912 Firefox/17.0" 10.34.131.48 - - [11/Oct/2013:11:13:46 +0200] "GET /ovirt-engine-theme-resource/favicon HTTP/1.1" 200 318 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130912 Firefox/17.0" 10.34.131.48 - - [11/Oct/2013:11:13:46 +0200] "GET /ovirt-engine-theme/50-rhev-1.brand/images/welcome/bg_main.gif HTTP/1.1" 200 1395 "http://jb-rh33.rhev.lab.eng.brq.redhat.com/ovirt-engine-theme/50-rhev-1.brand/welcome_style.css" "Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130912 Firefox/17.0" 10.34.131.48 - - [11/Oct/2013:11:13:46 +0200] "GET /ovirt-engine-theme/50-rhev-1.brand/images/welcome/logo_redhat.gif HTTP/1.1" 200 2341 "http://jb-rh33.rhev.lab.eng.brq.redhat.com/ovirt-engine-theme/50-rhev-1.brand/welcome_style.css" "Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130912 Firefox/17.0" 10.34.131.48 - - [11/Oct/2013:11:13:46 +0200] "GET /ovirt-engine-theme/50-rhev-1.brand/images/welcome/header_right.jpg HTTP/1.1" 200 23647 "http://jb-rh33.rhev.lab.eng.brq.redhat.com/ovirt-engine-theme/50-rhev-1.brand/welcome_style.css" "Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130912 Firefox/17.0" 10.34.131.48 - - [11/Oct/2013:11:13:46 +0200] "GET /ovirt-engine-theme/50-rhev-1.brand/images/welcome/bg_head.gif HTTP/1.1" 200 57 "http://jb-rh33.rhev.lab.eng.brq.redhat.com/ovirt-engine-theme/50-rhev-1.brand/welcome_style.css" "Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130912 Firefox/17.0" 10.34.131.48 - - [11/Oct/2013:11:13:46 +0200] "GET /ovirt-engine-theme/00-ovirt.brand/images/triangle_down_gray.gif HTTP/1.1" 200 821 "http://jb-rh33.rhev.lab.eng.brq.redhat.com/ovirt-engine-theme/00-ovirt.brand/welcome_style.css" "Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130912 Firefox/17.0" 10.34.131.48 - - [11/Oct/2013:11:14:03 +0200] "GET /webadmin/webadmin/WebAdmin.html?locale=en_US HTTP/1.1" 403 431 "http://jb-rh33.rhev.lab.eng.brq.redhat.com/ovirt-engine/" "Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130912 Firefox/17.0" 10.34.131.48 - - [11/Oct/2013:11:14:03 +0200] "GET /favicon.ico HTTP/1.1" 404 333 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130912 Firefox/17.0" 10.34.131.48 - - [11/Oct/2013:11:14:03 +0200] "GET /favicon.ico HTTP/1.1" 404 333 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130912 Firefox/17.0" -%- access.log for IE from W7 64bit -%- 10.34.61.158 - - [11/Oct/2013:11:15:10 +0200] "GET / HTTP/1.1" 302 364 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)" 10.34.61.158 - - [11/Oct/2013:11:15:10 +0200] "GET /ovirt-engine/ HTTP/1.1" 200 6965 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)" 10.34.61.158 - - [11/Oct/2013:11:15:10 +0200] "GET /ovirt-engine-theme/00-ovirt.brand/welcome_style.css HTTP/1.1" 304 - "http://jb-rh33.rhev.lab.eng.brq.redhat.com/ovirt-engine/" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)" 10.34.61.158 - - [11/Oct/2013:11:15:10 +0200] "GET /ovirt-engine-theme/50-rhev-1.brand/welcome_style.css HTTP/1.1" 304 - "http://jb-rh33.rhev.lab.eng.brq.redhat.com/ovirt-engine/" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)" 10.34.61.158 - - [11/Oct/2013:11:15:10 +0200] "GET /ovirt-engine-theme/00-ovirt.brand/images/triangle_down_gray.gif HTTP/1.1" 304 - "http://jb-rh33.rhev.lab.eng.brq.redhat.com/ovirt-engine/" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)" 10.34.61.158 - - [11/Oct/2013:11:15:10 +0200] "GET /ovirt-engine-theme/50-rhev-1.brand/images/welcome/header_right.jpg HTTP/1.1" 304 - "http://jb-rh33.rhev.lab.eng.brq.redhat.com/ovirt-engine/" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)" 10.34.61.158 - - [11/Oct/2013:11:15:10 +0200] "GET /ovirt-engine-theme/50-rhev-1.brand/images/welcome/bg_main.gif HTTP/1.1" 304 - "http://jb-rh33.rhev.lab.eng.brq.redhat.com/ovirt-engine/" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)" 10.34.61.158 - - [11/Oct/2013:11:15:10 +0200] "GET /ovirt-engine-theme/50-rhev-1.brand/images/welcome/logo_redhat.gif HTTP/1.1" 304 - "http://jb-rh33.rhev.lab.eng.brq.redhat.com/ovirt-engine/" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)" 10.34.61.158 - - [11/Oct/2013:11:15:10 +0200] "GET /ovirt-engine-theme/50-rhev-1.brand/images/welcome/bg_head.gif HTTP/1.1" 304 - "http://jb-rh33.rhev.lab.eng.brq.redhat.com/ovirt-engine/" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)" 10.34.61.158 - - [11/Oct/2013:11:15:12 +0200] "GET /webadmin/webadmin/WebAdmin.html?locale=en_US HTTP/1.1" 403 431 "http://jb-rh33.rhev.lab.eng.brq.redhat.com/ovirt-engine/" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)" -%- No sure if this helps... -%- # diff -uNp /etc/httpd/conf.d/z-ovirt-engine-proxy.con{f,f.*} --- /etc/httpd/conf.d/z-ovirt-engine-proxy.conf 2013-10-09 17:44:54.416147990 +0200 +++ /etc/httpd/conf.d/z-ovirt-engine-proxy.conf.20131009174454 2013-10-09 17:36:18.161427000 +0200 @@ -41,7 +41,7 @@ ProxyPass ajp://127.0.0.1:8702/ </Location> - <LocationMatch ^/(UserPortal($|/)|RHEVManagerWeb($|/)|OvirtEngineWeb($|/)|webadmin($|/)|docs($|/)|ovirt-engine-theme/|ovirt-engine-theme-resource/|ca.crt$|engine.ssh.key.txt$|rhevm.ssh.key.txt$|ovirt-engine-files/|ovirt-engine-attachment/|ovirt-engine-novnc-main.html$|ovirt-engine-spicehtml5-main.html$)> + <LocationMatch ^/(UserPortal($|/)|RHEVManagerWeb($|/)|OvirtEngineWeb($|/)|webadmin($|/)|docs($|/)|ovirt-engine-novnc/|ovirt-engine-novnc-main.html$|ovirt-engine-theme/|ovirt-engine-theme-resource/|ovirt-engine-spicehtml5/|ovirt-engine-spicehtml5-main.html$|spice/|ca.crt$|engine.ssh.key.txt$|rhevm.ssh.key.txt$|ovirt-engine-attachment/)> ProxyPassMatch ajp://127.0.0.1:8702 <IfModule deflate_module> AddOutputFilterByType DEFLATE text/javascript text/css text/html text/xml text/json application/xml application/json application/x-yaml -%- Version-Release number of selected component (if applicable): is18 rhevm-3.3.0-0.25.beta1.el6ev.noarch jbossas-core-7.3.0-1.Final_redhat_6.1.ep6.el6.noarch (from JBEAP-6.2.0.ER3.1) How reproducible: 100% Steps to Reproduce: 0. cd ~ ; rm -rf .mozilla (just to be sure you have clean FF profile!) 1. http://$domain 2. check url if it contains https 3. click admin portal Actual results: access forbidden and not via https Expected results: https and see login screen for admin portal Additional info: same for user portal
Created attachment 810935 [details] httpd logs
Created attachment 810936 [details] engine.log,server.log
It did work with jboss-as-server-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch but not anymore with jboss-as-version-7.3.0-2.Final_redhat_6.1.ep6.el6.noarch (according to pnovotny@).
(In reply to Jiri Belka from comment #3) > It did work with jboss-as-server-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch > but not anymore with > jboss-as-version-7.3.0-2.Final_redhat_6.1.ep6.el6.noarch (according to > pnovotny@). Yes, confirming that after manual update of jboss\* from 7.2.1 to 7.3.0 the redirecting to HTTPS broke.
*** Bug 1017744 has been marked as a duplicate of this bug. ***
we need to know if new jboss will break existing 3.1/3.2 customers as well, or its a 3.3 issue only, and the reason for breakage
I verified this with the latest EAP 6.2.0 ER5.1 repository. The problem is that the "redirect-port" attribute of the AJP connector stopped working. It did work with EAP 6.1.0. It will affect 3.1 and 3.2 customers as well. I opened bug 1018365 for EAP as I think it is a general EAP issue.
The EAP bug has been moved to MODIFIED and will be included in ER7, so I guess this should be moved to MODIFIED as well. Jiri, please remember to move it to ON_QA when you start testing with ER7.
Could anybody then please raise publicly what should be *next* jboss version to test with 3.3 RHEVM? Till now we were using 6.2.0.ER3.1. So it is not missed by anybody :)
In my opinion it should be ER7, as soon as it becomes available.
is22 is to be tested with ER7, in which bug 1018365 (JBoss) has been solved.
ok, is22.
Closing - RHEV 3.3 Released