Redirect code 302 adds port 80 to URL

jellium · Novembre 23, 2023, 9:47

Dear,
I have installed Axelor-open-suite after building it from Open-suite-webapp on a Debian Bookworm container behind HAProxy reverse proxy on a dedicated server (Axelor Open Suite version 7.2.2)
When I access to the app from URL https://sub.domain.tld/, I am redirected to https://sub.domain.tld:80/login.jsp resulting in an SSL error in Firefox (labelled SSL_ERROR_RX_RECORD_TOO_LONG). Everything is OK when I access the app from URL https://sub.domain.tld/login.jsp explicitly (bypassing java/Tomcat’s redirection to /login.jsp).
I understand that accessing to / is followed by a code 302 redirection to /login.jsp, but I cannot understand why :80 is added to the base URL which results in the mentioned error.

Tomcat logs shows:

# When accessing to https://sub.domain.tld/ I am redirected to https://sub.domain.tld:80/login.jsp resulting in this only Tomcat log:
10.0.0.1 - - [23/Nov/2023:01:22:52 +0000] "GET / HTTP/1.1" 302 -
# And HAProxy logs are (not the same time but whatever):
2023-11-23T10:38:44.396955+01:00 host haproxy[150758]: <source ip>:58702 [23/Nov/2023:10:38:44.393] main~ FRONTEND/BACKEND 0/0/0/2/2 302 344 - - ---- 24/5/0/0/0 0/0 "GET / HTTP/1.1"
2023-11-23T10:38:44.409176+01:00 host haproxy[150758]: <source ip>:58706 [23/Nov/2023:10:38:44.408] http http/<NOSRV> -1/-1/-1/-1/0 400 0 - - PR-- 25/1/0/0/0 0/0 "<BADREQ>"

#$ When explicitly reaching https://sub.domain.tld/login.jsp, things are OK, and Tomcat9 returns:
10.51.1.1 - - [23/Nov/2023:01:23:46 +0000] "GET /login.jsp HTTP/1.1" 200 3417
10.51.1.1 - - [23/Nov/2023:01:23:46 +0000] "GET /js/axelor.ns.js HTTP/1.1" 302 -
10.51.1.1 - - [23/Nov/2023:01:23:46 +0000] "GET /lib/jquery.ui/js/jquery.js HTTP/1.1" 302 -
10.51.1.1 - - [23/Nov/2023:01:23:46 +0000] "GET /lib/bootstrap/js/bootstrap.js HTTP/1.1" 302 -
10.51.1.1 - - [23/Nov/2023:01:23:46 +0000] "GET /img/axelor.png HTTP/1.1" 302 -
# HAProxy successfully returns:
2023-11-23T10:40:09.432472+01:00 host haproxy[150758]: <source ip>:58680 [23/Nov/2023:10:40:07.959] main~ FRONTEND/BACKEND 0/0/0/1473/1473 200 3516 - - ---- 25/6/0/0/0 0/0 "GET /login.jsp HTTP/1.1"

Also, wget shows:

 $ wget https://sub.domain.tld --no-cache
--2023-11-23 10:38:42--  https://sub.domain.tld/
Resolving sub.domain.tld (sub.domain.tld)... <server ip>
Connecting to sub.domain.tld (sub.domain.tld)|<server ip>|:443... connected.
HTTP request sent, awaiting response... 302
Location: https://sub.domain.tld:80/login.jsp [following]
--2023-11-23 10:38:43--  https://sub.domain.tld:80/login.jsp
Connecting to sub.domain.tld (sub.domain.tld)|<server ip>|:80... connected.
GnuTLS: An unexpected TLS packet was received.
Unable to establish SSL connection.

$ wget https://sub.domain.tld/login.jsp --no-cache
--2023-11-23 10:40:06--  https://sub.domain.tld/login.jsp
Resolving sub.domain.tld (sub.domain.tld)... <server ip>
Connecting to sub.domain.tld (sub.domain.tld)|<server ip>|:443... connected.
HTTP request sent, awaiting response... 200

How can I configure java or Tomcat (I am no expert on both techs) so that no :80 is added to the base URL when the http code 302 redirection occurs?

I have set the option parameters application.home = https://sub.domain.tld and application.base-url = https://sub.domain.tld or left them empty on axelor-config.properties but the problem remains.

Am I missing something?

Thank you for your help.

jellium · Décembre 28, 2023, 8:27

As mentioned in another forum post, the issue has been solved by finely tuning the reverse proxy in front of the Axelor instance (to make it short, I added http-request add-header X-Forwarded-Port %[dst_port] in the backend section of my HAProxy reverse proxy configuration for the Axelor instance).

Davide · Décembre 29, 2023, 5:44

Still missing a solution for nginx

system · Janvier 28, 2024, 5:45

Ce sujet a été automatiquement fermé après 30 jours. Aucune réponse n’est permise dorénavant.