Dear,
I have installed Axelor-open-suite after building it from Open-suite-webapp on a Debian Bookworm container behind HAProxy reverse proxy on a dedicated server (Axelor Open Suite version 7.2.2)
When I access to the app from URL https://sub.domain.tld/
, I am redirected to https://sub.domain.tld:80/login.jsp
resulting in an SSL error in Firefox (labelled SSL_ERROR_RX_RECORD_TOO_LONG
). Everything is OK when I access the app from URL https://sub.domain.tld/login.jsp
explicitly (bypassing java/Tomcat’s redirection to /login.jsp
).
I understand that accessing to /
is followed by a code 302 redirection to /login.jsp
, but I cannot understand why :80
is added to the base URL which results in the mentioned error.
Tomcat logs shows:
# When accessing to https://sub.domain.tld/ I am redirected to https://sub.domain.tld:80/login.jsp resulting in this only Tomcat log:
10.0.0.1 - - [23/Nov/2023:01:22:52 +0000] "GET / HTTP/1.1" 302 -
# And HAProxy logs are (not the same time but whatever):
2023-11-23T10:38:44.396955+01:00 host haproxy[150758]: <source ip>:58702 [23/Nov/2023:10:38:44.393] main~ FRONTEND/BACKEND 0/0/0/2/2 302 344 - - ---- 24/5/0/0/0 0/0 "GET / HTTP/1.1"
2023-11-23T10:38:44.409176+01:00 host haproxy[150758]: <source ip>:58706 [23/Nov/2023:10:38:44.408] http http/<NOSRV> -1/-1/-1/-1/0 400 0 - - PR-- 25/1/0/0/0 0/0 "<BADREQ>"
#$ When explicitly reaching https://sub.domain.tld/login.jsp, things are OK, and Tomcat9 returns:
10.51.1.1 - - [23/Nov/2023:01:23:46 +0000] "GET /login.jsp HTTP/1.1" 200 3417
10.51.1.1 - - [23/Nov/2023:01:23:46 +0000] "GET /js/axelor.ns.js HTTP/1.1" 302 -
10.51.1.1 - - [23/Nov/2023:01:23:46 +0000] "GET /lib/jquery.ui/js/jquery.js HTTP/1.1" 302 -
10.51.1.1 - - [23/Nov/2023:01:23:46 +0000] "GET /lib/bootstrap/js/bootstrap.js HTTP/1.1" 302 -
10.51.1.1 - - [23/Nov/2023:01:23:46 +0000] "GET /img/axelor.png HTTP/1.1" 302 -
# HAProxy successfully returns:
2023-11-23T10:40:09.432472+01:00 host haproxy[150758]: <source ip>:58680 [23/Nov/2023:10:40:07.959] main~ FRONTEND/BACKEND 0/0/0/1473/1473 200 3516 - - ---- 25/6/0/0/0 0/0 "GET /login.jsp HTTP/1.1"
Also, wget shows:
$ wget https://sub.domain.tld --no-cache
--2023-11-23 10:38:42-- https://sub.domain.tld/
Resolving sub.domain.tld (sub.domain.tld)... <server ip>
Connecting to sub.domain.tld (sub.domain.tld)|<server ip>|:443... connected.
HTTP request sent, awaiting response... 302
Location: https://sub.domain.tld:80/login.jsp [following]
--2023-11-23 10:38:43-- https://sub.domain.tld:80/login.jsp
Connecting to sub.domain.tld (sub.domain.tld)|<server ip>|:80... connected.
GnuTLS: An unexpected TLS packet was received.
Unable to establish SSL connection.
$ wget https://sub.domain.tld/login.jsp --no-cache
--2023-11-23 10:40:06-- https://sub.domain.tld/login.jsp
Resolving sub.domain.tld (sub.domain.tld)... <server ip>
Connecting to sub.domain.tld (sub.domain.tld)|<server ip>|:443... connected.
HTTP request sent, awaiting response... 200
How can I configure java or Tomcat (I am no expert on both techs) so that no :80
is added to the base URL when the http code 302 redirection occurs?
I have set the option parameters application.home = https://sub.domain.tld
and application.base-url = https://sub.domain.tld
or left them empty on axelor-config.properties but the problem remains.
Am I missing something?
Thank you for your help.