Can't access application after configure SSL

[bergpb]

Hey folks, I'm working configuring Trino Gateway to use with our current Trino Cluster (running with HTTPS). After a lot of tries, and some team member help, we are able to make the application working without configuration issues, here the relevant part of the config file:

requestRouter:
  ssl: true
  port: 9080
  name: trinoRouter
  historySize: 1000
  keystorePath: <path>
  keystorePass: <password>

server:
  applicationConnectors:
    - type: https
      port: 9081
      keyStorePath: <path>
      keyStorePassword: <password>
      useForwardedHeaders: true
  adminConnectors:
    - type: https
      port: 9082
      keyStorePath: <path>
      keyStorePassword: <password>
      useForwardedHeaders: true

Most of these configurations are from the Dropwizard docs, since we don't have detailed docs on how to deploy Trino Gateway with HTTPS.

After applying these configurations, the application starts, and was able to run healthychecks with Trino clusters, but the Web UI is not available. Here an error log found:

INFO  [2024-02-08 21:03:44,350] io.trino.gateway.baseapp.BaseApp: op=register type=auth filter item=class io.dropwizard.auth.AuthFilter
ERROR [2024-02-08 21:03:44,373] io.trino.gateway.baseapp.BaseApp: Error loading managed app
! java.lang.IllegalStateException: null
! at java.base/java.util.OptionalInt.orElseThrow(OptionalInt.java:273)
! at io.trino.gateway.baseapp.AppModule.getApplicationPort(AppModule.java:37)
! at io.trino.gateway.ha.module.HaGatewayProviderModule.getProxyHandler(HaGatewayProviderModule.java:160)
! at io.trino.gateway.ha.module.HaGatewayProviderModule.provideGateway(HaGatewayProviderModule.java:206)
! at io.trino.gateway.ha.module.HaGatewayProviderModule$$FastClassByGuice$$48db3.GUICE$TRAMPOLINE(<generated>)
! at io.trino.gateway.ha.module.HaGatewayProviderModule$$FastClassByGuice$$48db3.apply(<generated>)
! at com.google.inject.internal.ProviderMethod$FastClassProviderMethod.doProvision(ProviderMethod.java:260)
! at com.google.inject.internal.ProviderMethod.doProvision(ProviderMethod.java:171)
! at com.google.inject.internal.InternalProviderInstanceBindingImpl$CyclicFactory.provision(InternalProviderInstanceBindingImpl.java:185)
! at com.google.inject.internal.InternalProviderInstanceBindingImpl$CyclicFactory.get(InternalProviderInstanceBindingImpl.java:162)
! at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40)
! at com.google.inject.internal.SingletonScope$1.get(SingletonScope.java:169)
! at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:45)
! at com.google.inject.internal.SingleFieldInjector.inject(SingleFieldInjector.java:50)
! at com.google.inject.internal.MembersInjectorImpl.injectMembers(MembersInjectorImpl.java:146)
! at com.google.inject.internal.ConstructorInjector.provision(ConstructorInjector.java:124)
! at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:91)
! at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:300)
! at com.google.inject.internal.InjectorImpl$1.get(InjectorImpl.java:1148)
! ... 13 common frames omitted
! Causing: com.google.inject.ProvisionException: Unable to provision, see the following errors:
!
! 1) [Guice/ErrorInCustomProvider]: IllegalStateException
!   at HaGatewayProviderModule.provideGateway(HaGatewayProviderModule.java:187)
!   at GatewayManagedApp.gateway(GatewayManagedApp.java:7)
!       \_ for field gateway
!   while locating GatewayManagedApp
!
! Learn more:
!   https://github.com/google/guice/wiki/ERROR_IN_CUSTOM_PROVIDER
!
! 1 error
!
! ======================
! Full classname legend:
! ======================
! GatewayManagedApp:       "io.trino.gateway.ha.GatewayManagedApp"
! HaGatewayProviderModule: "io.trino.gateway.ha.module.HaGatewayProviderModule"
! ========================
! End of classname legend:
! ========================
!
! at com.google.inject.internal.InternalProvisionException.toProvisionException(InternalProvisionException.java:251)
! at com.google.inject.internal.InjectorImpl$1.get(InjectorImpl.java:1151)
! at com.google.inject.internal.InjectorImpl.getInstance(InjectorImpl.java:1186)
! at io.trino.gateway.baseapp.BaseApp.lambda$addManagedApps$0(BaseApp.java:189)
! at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
! at io.trino.gateway.baseapp.BaseApp.addManagedApps(BaseApp.java:184)
! at io.trino.gateway.baseapp.BaseApp.registerWithInjector(BaseApp.java:135)
! at io.trino.gateway.baseapp.BaseApp.configureGuice(BaseApp.java:125)
! at io.trino.gateway.baseapp.BaseApp.run(BaseApp.java:102)
! at io.trino.gateway.baseapp.BaseApp.run(BaseApp.java:48)
! at io.dropwizard.core.cli.EnvironmentCommand.run(EnvironmentCommand.java:66)
! at io.dropwizard.core.cli.ConfiguredCommand.run(ConfiguredCommand.java:98)
! at io.dropwizard.core.cli.Cli.run(Cli.java:78)
! at io.dropwizard.core.Application.run(Application.java:94)
! at io.trino.gateway.ha.HaGatewayLauncher.main(HaGatewayLauncher.java:25)

We don't know if that is a configuration issue or a bug in the application, so any help on this will be appreciated.

[mosabua]

What version of Trino Gateway are you using... this codepath changed heavily..

[bergpb]

Hi @mosabua, I'm using version 5 downloaded from this URL: https://repo1.maven.org/maven2/io/trino/gateway/gateway-ha/5/gateway-ha-5-jar-with-dependencies.jar

Do I need to use another version?

[mosabua]

I believe this is heavily changed by now. I suggest you test this again when version 6 is released. We are working towards that to happen as soon as possible.

[prakhar10]

I tried switching the HttpConnectorFactory to HttpsConnectFactory and it seems to work - https://github.com/trinodb/trino-gateway/blob/230439e99979adb1b3b26a69b13fccc8e5839b4d/gateway-ha/src/main/java/io/trino/gateway/baseapp/AppModule.java#L49

You'll need to change on the subsequent lines as well. Can you give that a try @bergpb ?

[mosabua]

Can you send a PR that implements a switch based on protocol @prakhar10 or @bergpb

[prakhar10]

Sure, I can do that.

[Nexengineer]

Any updates on this fix, I have raised a issue as well. https://github.com/trinodb/trino-gateway/issues/383

[oneonestar]

382 should fix this. You could try to compile and run the PR or wait for the next release.