Bug 997105 - Redirect from https to http
Summary: Redirect from https to http
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: OpenShift Online
Classification: Red Hat
Component: Containers
Version: 2.x
Hardware: Unspecified
OS: Linux
medium
medium
Target Milestone: ---
: ---
Assignee: Paul Morie
QA Contact: libra bugs
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-08-14 16:55 UTC by matzew
Modified: 2015-05-14 23:26 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-09-19 16:47:20 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 998068 0 medium CLOSED Set X-Forwarded-Port 2021-02-22 00:41:40 UTC

Internal Links: 998068

Description matzew 2013-08-14 16:55:15 UTC
Description of problem:

Getting a redirect from https to http

Version-Release number of selected component (if applicable):


How reproducible:

always

Steps to Reproduce:

Using a JBoss AS, on Openshift, and when accessing this URL:
https://secure-pushee.rhcloud.com/ag-push

So I end up http....


However, when I use a trailing slash:
https://secure-pushee.rhcloud.com/ag-push/

I stay on https, and I get no redirect (302)

Actual results:

withoyt the trailing slash, I get http

Expected results:

https was expected

Additional info:

Just a guess.... perhaps some mod_rewrite 'fu'is needed ? Or even something 'wrong' with the ROOT.war on JBoss AS

Comment 1 matzew 2013-08-15 08:57:13 UTC
Now, I added the following for HSTS:
https://www.openshift.com/kb/kb-e1044-how-to-redirect-traffic-to-https

Now I notice two redirects (302):

Form https -> http:
https://blah/ag-push ---->  http://blah/ag-push/

And due to the HSTS, it goes back to https:
http://blah/ag-push/ ===>  https://blah/ag-push/

Comment 2 Rob Millner 2013-08-16 23:44:17 UTC
After reviewing the discussion thread, I created a separate bug to pass X-Forwarded-Port through in order to construct self-referential URLs.


The application is making the redirect request.  Passing to one of our Jboss experts for further diagnosis.

Comment 3 matzew 2013-08-20 12:50:01 UTC
This is not related to the 'push server' - it;s more a general thing.

Take a look at this CURL command:
curl -3 -v https://todo-aerogear.rhcloud.com/todo-server
(http and no trailing '/')

From the 302 response:
Location: http://todo-aerogear.rhcloud.com/todo-server/

Comment 4 Paul Morie 2013-08-22 17:31:40 UTC
I was able to get the correct behavior on a new app in a devenv by following the instructions for this in the KB.  Checking on whether this was fixed by another bug.

Comment 5 matzew 2013-08-23 06:27:11 UTC
I tested with a new application, same behavior:

curl -3 -v https://redirect-pushee.rhcloud.com/ag-push

and the 302 no longer contains the https:


HTTP/1.1 302 Moved Temporarily
Date: Fri, 23 Aug 2013 06:25:16 GMT
Server: Apache-Coyote/1.1
Location: http://redirect-pushee.rhcloud.com/ag-push/

Comment 6 Paul Morie 2013-09-08 23:05:25 UTC
Should be fixed in online production now.

Comment 7 Meng Bo 2013-09-09 05:36:02 UTC
The issue should be fixed.

[root@ip-10-147-219-9 ~]# curl -3 -v https://redirect-pushee.rhcloud.com/ag-push

< HTTP/1.1 302 Found
< Date: Mon, 09 Sep 2013 05:34:04 GMT
< Server: Apache/2.2.15 (Red Hat)
< Vary: Host
< X-Powered-By: PHP/5.3.3
< Location: https://redirect-pushee.rhcloud.com/ag-push
< Connection: close
< Content-Length: 0
< Content-Type: text/html

Comment 8 matzew 2013-09-11 10:08:15 UTC
hrm,

I just tried it, but I am still getting the "old" result:

pluto:Mukke matzew$ curl -3 -v https://redirect-pushee.rhcloud.com/ag-push
* About to connect() to redirect-pushee.rhcloud.com port 443 (#0)
*   Trying 54.211.120.48...
* connected
* Connected to redirect-pushee.rhcloud.com (54.211.120.48) port 443 (#0)
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using DHE-RSA-AES256-SHA
* Server certificate:
* 	 subject: serialNumber=LnhzJHxcX0bIdlH2ITnDgaewey8ce5g3; C=US; ST=North Carolina; L=Raleigh; O=Red Hat Inc; OU=RHC Cloud Opoerations; CN=*.rhcloud.com
* 	 start date: 2013-02-02 19:15:37 GMT
* 	 expire date: 2015-05-08 01:49:13 GMT
* 	 subjectAltName: redirect-pushee.rhcloud.com matched
* 	 issuer: C=US; O=GeoTrust, Inc.; CN=GeoTrust SSL CA
* 	 SSL certificate verify ok.
> GET /ag-push HTTP/1.1
> User-Agent: curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8x zlib/1.2.5
> Host: redirect-pushee.rhcloud.com
> Accept: */*
> 
< HTTP/1.1 302 Moved Temporarily
< Date: Wed, 11 Sep 2013 10:07:48 GMT
< Server: Apache-Coyote/1.1
< Location: http://redirect-pushee.rhcloud.com/ag-push/
< Transfer-Encoding: chunked
< Content-Type: text/plain
< 
* Connection #0 to host redirect-pushee.rhcloud.com left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):


Note You need to log in before you can comment on or make changes to this bug.