[BUG] HTTP method POST is not supported by this URL When behind loadbalancer/reverse-proxy

[vdmkenny]

Describe the bug I am running mirth as a container on EKS (k8s), behind nginx-ingress and an NLB loadbalancer on AWS. I can reach the Webpage without issues.

When I launch the Mirth connect launcher and try to connect, I get to the login applet. When trying to log in, the server returns a 405 error. (verified using postman to the endpoint in the nginx logs)

Expected behavior The server should let me log in

Actual behavior The server returns 405 HTTP method POST is not supported by this URL

Logs

...
<body>
    <h2>HTTP ERROR 405 HTTP method POST is not supported by this URL</h2>
    <table>
        <tr>
            <th>URI:</th>
            <td>/api/4.4.0/users/_login</td>
        </tr>
        <tr>
            <th>STATUS:</th>
            <td>405</td>
        </tr>
        <tr>
            <th>MESSAGE:</th>
            <td>HTTP method POST is not supported by this URL</td>
        </tr>
        <tr>
            <th>SERVLET:</th>
            <td>org.eclipse.jetty.servlet.ServletHandler$Default404Servlet-349c5302</td>
        </tr>
...

Environment (please complete the following information):

• Java Distribution/Version: included 17
• Connect Version 4.4.2

Additional context I have tried enabling the proxy protocol on the loadbalancer without changes.

[pacmano1]

What NLB ports are proxied/forwarded to what ports on the target here? Is this 8443->8443?

[vdmkenny]

@pacmano1 The NLB has listeners on port 80 and 443, 80 is being redirected to 443. We're terminating SSL on the NLB using an Amazon certificate. In kubernetes, we're using the ingress-nginx controller, and the ingress is handling port 443 -> 8080.

in mirth.properties, I've set the server.url to https://loadbalancer-url so that the login applet is correctly pre-filled.

I can succesfully visit the index webpage. When I start the mirth launcher and connect to the server, it does the jnlp song and dance correctly and launches the login applet.

[pacmano1]

The apis are only served over https on the server side. I mean, if you were to remove all the load balancers and attempt to connect to the nonsecure port with the mirth admin tool, it would not work.

So - an NLB that is forwarding to port 8443 (or whatever the secure port is on the mirth engine) should just work. However I do remember seeing a few issue here related to mirth behind a proxy - which in your case is nginx presumably. i.e. you have NLB->nginx->mirth

[vdmkenny]

Is there a configuration toggle to access the APIs over http? I checked, but could not find it. I'll give -> 8443 port a go and try it this way. Will report back.

[pacmano1]

I don't think so - they disabled non-tls a few releases ago. Kinda makes sense for the most part. It does confuse people when they can hit port 8080 and then the admin tool fails after starting. IMHO, they should default to tls only. mirth.properties has port 8080 still enabled by default but it can be commented out.

[vdmkenny]

That worked! If someone else has the same issue, don't forget to set the annotation on the ingress: nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" Else you will get errors about malformed http responses.

Thanks @pacmano1 !

[pacmano1]

Maybe next time start a discussion in Q and A til the bug is confrimed then create an issue. That's msotly because I don't think people search issues often enough when have a problem like you had.

[vdmkenny]

Will do. Tbh, searching in open and closed issues is the first thing I do when I encounter an issue like this.

[pacmano1]

LOL, that might leave you with no results forever! Not giving you a hard time, giving Nextgen a hard time.