Bug 997105 - Redirect from https to http
Redirect from https to http
Product: OpenShift Online
Classification: Red Hat
Component: Containers (Show other bugs)
Unspecified Linux
medium Severity medium
: ---
: ---
Assigned To: Paul Morie
libra bugs
: Security
Depends On:
  Show dependency treegraph
Reported: 2013-08-14 12:55 EDT by matzew
Modified: 2015-05-14 19:26 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2013-09-19 12:47:20 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description matzew 2013-08-14 12:55:15 EDT
Description of problem:

Getting a redirect from https to http

Version-Release number of selected component (if applicable):

How reproducible:


Steps to Reproduce:

Using a JBoss AS, on Openshift, and when accessing this URL:

So I end up http....

However, when I use a trailing slash:

I stay on https, and I get no redirect (302)

Actual results:

withoyt the trailing slash, I get http

Expected results:

https was expected

Additional info:

Just a guess.... perhaps some mod_rewrite 'fu'is needed ? Or even something 'wrong' with the ROOT.war on JBoss AS
Comment 1 matzew 2013-08-15 04:57:13 EDT
Now, I added the following for HSTS:

Now I notice two redirects (302):

Form https -> http:
https://blah/ag-push ---->  http://blah/ag-push/

And due to the HSTS, it goes back to https:
http://blah/ag-push/ ===>  https://blah/ag-push/
Comment 2 Rob Millner 2013-08-16 19:44:17 EDT
After reviewing the discussion thread, I created a separate bug to pass X-Forwarded-Port through in order to construct self-referential URLs.

The application is making the redirect request.  Passing to one of our Jboss experts for further diagnosis.
Comment 3 matzew 2013-08-20 08:50:01 EDT
This is not related to the 'push server' - it;s more a general thing.

Take a look at this CURL command:
curl -3 -v https://todo-aerogear.rhcloud.com/todo-server
(http and no trailing '/')

From the 302 response:
Location: http://todo-aerogear.rhcloud.com/todo-server/
Comment 4 Paul Morie 2013-08-22 13:31:40 EDT
I was able to get the correct behavior on a new app in a devenv by following the instructions for this in the KB.  Checking on whether this was fixed by another bug.
Comment 5 matzew 2013-08-23 02:27:11 EDT
I tested with a new application, same behavior:

curl -3 -v https://redirect-pushee.rhcloud.com/ag-push

and the 302 no longer contains the https:

HTTP/1.1 302 Moved Temporarily
Date: Fri, 23 Aug 2013 06:25:16 GMT
Server: Apache-Coyote/1.1
Location: http://redirect-pushee.rhcloud.com/ag-push/
Comment 6 Paul Morie 2013-09-08 19:05:25 EDT
Should be fixed in online production now.
Comment 7 Meng Bo 2013-09-09 01:36:02 EDT
The issue should be fixed.

[root@ip-10-147-219-9 ~]# curl -3 -v https://redirect-pushee.rhcloud.com/ag-push

< HTTP/1.1 302 Found
< Date: Mon, 09 Sep 2013 05:34:04 GMT
< Server: Apache/2.2.15 (Red Hat)
< Vary: Host
< X-Powered-By: PHP/5.3.3
< Location: https://redirect-pushee.rhcloud.com/ag-push
< Connection: close
< Content-Length: 0
< Content-Type: text/html
Comment 8 matzew 2013-09-11 06:08:15 EDT

I just tried it, but I am still getting the "old" result:

pluto:Mukke matzew$ curl -3 -v https://redirect-pushee.rhcloud.com/ag-push
* About to connect() to redirect-pushee.rhcloud.com port 443 (#0)
*   Trying
* connected
* Connected to redirect-pushee.rhcloud.com ( port 443 (#0)
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using DHE-RSA-AES256-SHA
* Server certificate:
* 	 subject: serialNumber=LnhzJHxcX0bIdlH2ITnDgaewey8ce5g3; C=US; ST=North Carolina; L=Raleigh; O=Red Hat Inc; OU=RHC Cloud Opoerations; CN=*.rhcloud.com
* 	 start date: 2013-02-02 19:15:37 GMT
* 	 expire date: 2015-05-08 01:49:13 GMT
* 	 subjectAltName: redirect-pushee.rhcloud.com matched
* 	 issuer: C=US; O=GeoTrust, Inc.; CN=GeoTrust SSL CA
* 	 SSL certificate verify ok.
> GET /ag-push HTTP/1.1
> User-Agent: curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8x zlib/1.2.5
> Host: redirect-pushee.rhcloud.com
> Accept: */*
< HTTP/1.1 302 Moved Temporarily
< Date: Wed, 11 Sep 2013 10:07:48 GMT
< Server: Apache-Coyote/1.1
< Location: http://redirect-pushee.rhcloud.com/ag-push/
< Transfer-Encoding: chunked
< Content-Type: text/plain
* Connection #0 to host redirect-pushee.rhcloud.com left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):

Note You need to log in before you can comment on or make changes to this bug.