search

eclipse / hawkbit

Eclipse hawkBit™
https://projects.eclipse.org/projects/iot.hawkbit
Eclipse Public License 2.0
444 stars 186 forks source link

Hawkbit redirects to http, breaking SSL-Termination with Proxy #1724

Closed bauerstefan closed 2 months ago

bauerstefan commented 2 months ago

Hi, my setup is simple:

Client -> =https = > NGINX (hawkbit.domain) -> =http= http://192.168.0.1:8080

Now curling from client-side shows:

$ curl -v https://hawkbit.domain/
*   Trying 1.2.3.4:443...
* Connected to hawkbit.domain (1.2.3.4) port 443 (#0)
*  SSL certificate verify ok.

> GET / HTTP/2
> Host: hawkbit.domain
> user-agent: curl/7.81.0

< location: http://hawkbit.domain/swagger-ui/index.html;jsessionid=16B76......?

Howto force hawkbit to not send http redirects? Maybe this is also a job for nginx?

I tried 

    environment:
      SPRING_APPLICATION_JSON: '{
        "spring.datasource.url": "jdbc:mariadb://mysql-hawkbit:3306/hawkbit",
        "spring.rabbitmq.host": "rabbitmq",
        "spring.rabbitmq.username": "guest",
        "spring.rabbitmq.password": "guest",
        "spring.datasource.username": "root",
        "hawkbit.server.security.require-ssl": "true",
        "server.use-forward-headers": "true"
       }'

with no success.

Accessing https://hawkbit.local/swagger-ui/index.html directly works without redirects.

any help is greatly appreciated.

mwiesenbauer commented 2 months ago

try:

environment:
  SPRING_APPLICATION_JSON: '{
    "spring.datasource.url": "jdbc:mariadb://mysql-hawkbit:3306/hawkbit",
    "spring.rabbitmq.host": "rabbitmq",
    "spring.rabbitmq.username": "guest",
    "spring.rabbitmq.password": "guest",
    "spring.datasource.username": "root",
    "hawkbit.server.security.require-ssl": true,
    "server.forward-headers-strategy": "FRAMEWORK"
   }'

for details: https://github.com/eclipse/hawkbit/issues/1696#issuecomment-2075302680

bauerstefan commented 2 months ago

try:

environment:
  SPRING_APPLICATION_JSON: '{
    "spring.datasource.url": "jdbc:mariadb://mysql-hawkbit:3306/hawkbit",
    "spring.rabbitmq.host": "rabbitmq",
    "spring.rabbitmq.username": "guest",
    "spring.rabbitmq.password": "guest",
    "spring.datasource.username": "root",
    "hawkbit.server.security.require-ssl": true,
    "server.forward-headers-strategy": "FRAMEWORK"
   }'

for details: #1696 (comment)

Awesome, that did the trick. Thanks a lot!

Unfortunately the hawkbit-simple-ui on port 8088 still does http redirect. Is there another command for that? ;)

bauerstefan commented 2 months ago

Nevermind, works the same way as you described.

server.forward-headers-strategy": "FRAMEWORK" }