fedora-infrastructure

Clone
Source Code
GIT

#4211 Our 301 redirects give inaccurate messages
Closed: Fixed 6 years ago Opened 10 years ago by codeblock.

Closed: Fixed
Reopen Issue

= phenomenon =

{{{
$ http https://apps.fedoraproject.org/packages
HTTP/1.1 301 Moved Permanently
AppServer: packages02.phx2.fedoraproject.org
AppTime: D=1153
Content-Encoding: gzip
Content-Length: 251
Content-Type: text/html
Date: Sun, 02 Feb 2014 13:53:19 GMT
ProxyServer: proxy04.fedoraproject.org
ProxyTime: D=140910
Server: Apache/2.2.15 (Red Hat)
Vary: Accept-Encoding
location: https://apps.fedoraproject.org/packages/

<html>
<head><title>Moved Permanently</title></head>
<body>

Moved Permanently


The resource has been moved to http://localhost:10016/packages/">http://localhost:10016/packages/;
you should be redirected automatically.
The resource has moved to http://localhost:10016/packages/ - you should be redirected automatically.



WSGI Server

</body>
</html>
}}}

(Note the references to localhost).

= reason =

I assume this is caused by some weirdness in our proxy setup, and in most cases it goes unnoticed because the Location header is correct. It would only be noticed by things which don't handle Location automatically (like httpie, by default).

Nevertheless, it looks weird and we should probably fix it.

Hm, looking closer at what I pasted above, this is generated by the WSGI server, not the proxies.

I guess a fix could be to do this redirect at the proxy layer and not at the app layer, or somehow inform the app layer that it's really being accessed from apps.fp.o, not localhost.

Not sure what to do here... any further ideas?

This might be something fun for someone new to investigate... try and figure out where localhost is being set there and fix it.

Metadata Update from @kevin:
- Issue tagged with: easyfix
7 years ago

The localhost:10016 is because that's the varnish/haproxy urls.
I think that this should be fixed by a non-symmetrical ProxyPass vs ReverseProxyPass.
Edited 7 years ago by puiterwijk

The problem here is definitely the mod_wsgi on the app server, not the proxy.

There doesn't seem to be any way to change this in the Proxy*Pass directives.

The only way I have found to work around it is to:

  • Make Proxy*Pass always use trailing /s. This prevents the non trailing slash from being proxied to the app server.
    and
  • Add a RedirectMatch for the no trailing / case at the proxy level so it redirects it sanely.

ie, for packages:

RedirectMatch 301 /packages$ https://apps.fedoraproject.org/packages/

ProxyPass /packages/ http://localhost:10016/packages/
ProxyPassReverse /packages/ http://localhost:10016/packages/

But this is just avoiding the issue. If there was some way to tell mod_wsgi to do this redirect better that would be more ideal. ;)

Is this still something that needs fixing and if so what exactly is wrong?

@abkahrs the issue is still present.

TurboGears2 (really Pylons which TG2 is built on) generates the message in the HTML. https://github.com/Pylons/pyramid/blob/master/pyramid/httpexceptions.py#L461-L488

TG2 uses the Host HTTP header to generate the URL in the HTML output. Keep in mind that the reverse proxy logic in httpd is only going to rewrite HTTP headers and not response content (like the HTML body).

Some ideas on fixing:

  • You could set ProxyPreserveHost in httpd but, I'm not sure if the Host header is being dropped somewhere else between httpd and the TG2 code (I'm not really familiar with the whole architecture).
  • I'm sure there's also some setting in TG2 that allows you to enter a hostname in that is used for generating URL's, redirects, etc.
  • Finally, I wonder if the X-Forwarded-Host header could be used somehow?

This no longer seems to be happening. Closing.

:mailbox_closed:

Metadata Update from @kevin:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)
6 years ago

Login to comment on this ticket.

Metadata
None

easyfix

None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.