Red Hat Bugzilla – Bug 997105
Redirect from https to http
Last modified: 2015-05-14 19:26:11 EDT
Description of problem: Getting a redirect from https to http Version-Release number of selected component (if applicable): How reproducible: always Steps to Reproduce: Using a JBoss AS, on Openshift, and when accessing this URL: https://secure-pushee.rhcloud.com/ag-push So I end up http.... However, when I use a trailing slash: https://secure-pushee.rhcloud.com/ag-push/ I stay on https, and I get no redirect (302) Actual results: withoyt the trailing slash, I get http Expected results: https was expected Additional info: Just a guess.... perhaps some mod_rewrite 'fu'is needed ? Or even something 'wrong' with the ROOT.war on JBoss AS
Now, I added the following for HSTS: https://www.openshift.com/kb/kb-e1044-how-to-redirect-traffic-to-https Now I notice two redirects (302): Form https -> http: https://blah/ag-push ----> http://blah/ag-push/ And due to the HSTS, it goes back to https: http://blah/ag-push/ ===> https://blah/ag-push/
After reviewing the discussion thread, I created a separate bug to pass X-Forwarded-Port through in order to construct self-referential URLs. The application is making the redirect request. Passing to one of our Jboss experts for further diagnosis.
This is not related to the 'push server' - it;s more a general thing. Take a look at this CURL command: curl -3 -v https://todo-aerogear.rhcloud.com/todo-server (http and no trailing '/') From the 302 response: Location: http://todo-aerogear.rhcloud.com/todo-server/
I was able to get the correct behavior on a new app in a devenv by following the instructions for this in the KB. Checking on whether this was fixed by another bug.
I tested with a new application, same behavior: curl -3 -v https://redirect-pushee.rhcloud.com/ag-push and the 302 no longer contains the https: HTTP/1.1 302 Moved Temporarily Date: Fri, 23 Aug 2013 06:25:16 GMT Server: Apache-Coyote/1.1 Location: http://redirect-pushee.rhcloud.com/ag-push/
Should be fixed in online production now.
The issue should be fixed. [root@ip-10-147-219-9 ~]# curl -3 -v https://redirect-pushee.rhcloud.com/ag-push < HTTP/1.1 302 Found < Date: Mon, 09 Sep 2013 05:34:04 GMT < Server: Apache/2.2.15 (Red Hat) < Vary: Host < X-Powered-By: PHP/5.3.3 < Location: https://redirect-pushee.rhcloud.com/ag-push < Connection: close < Content-Length: 0 < Content-Type: text/html
hrm, I just tried it, but I am still getting the "old" result: pluto:Mukke matzew$ curl -3 -v https://redirect-pushee.rhcloud.com/ag-push * About to connect() to redirect-pushee.rhcloud.com port 443 (#0) * Trying 54.211.120.48... * connected * Connected to redirect-pushee.rhcloud.com (54.211.120.48) port 443 (#0) * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Server key exchange (12): * SSLv3, TLS handshake, Server finished (14): * SSLv3, TLS handshake, Client key exchange (16): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSL connection using DHE-RSA-AES256-SHA * Server certificate: * subject: serialNumber=LnhzJHxcX0bIdlH2ITnDgaewey8ce5g3; C=US; ST=North Carolina; L=Raleigh; O=Red Hat Inc; OU=RHC Cloud Opoerations; CN=*.rhcloud.com * start date: 2013-02-02 19:15:37 GMT * expire date: 2015-05-08 01:49:13 GMT * subjectAltName: redirect-pushee.rhcloud.com matched * issuer: C=US; O=GeoTrust, Inc.; CN=GeoTrust SSL CA * SSL certificate verify ok. > GET /ag-push HTTP/1.1 > User-Agent: curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8x zlib/1.2.5 > Host: redirect-pushee.rhcloud.com > Accept: */* > < HTTP/1.1 302 Moved Temporarily < Date: Wed, 11 Sep 2013 10:07:48 GMT < Server: Apache-Coyote/1.1 < Location: http://redirect-pushee.rhcloud.com/ag-push/ < Transfer-Encoding: chunked < Content-Type: text/plain < * Connection #0 to host redirect-pushee.rhcloud.com left intact * Closing connection #0 * SSLv3, TLS alert, Client hello (1):