You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@spark.apache.org by "Dongjoon Hyun (Jira)" <ji...@apache.org> on 2019/12/15 01:40:00 UTC

[jira] [Resolved] (SPARK-30240) Spark UI redirects do not always work behind (dumb) proxies

     [ https://issues.apache.org/jira/browse/SPARK-30240?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Dongjoon Hyun resolved SPARK-30240.
-----------------------------------
    Fix Version/s: 3.0.0
       Resolution: Fixed

Issue resolved by pull request 26873
[https://github.com/apache/spark/pull/26873]

> Spark UI redirects do not always work behind (dumb) proxies
> -----------------------------------------------------------
>
>                 Key: SPARK-30240
>                 URL: https://issues.apache.org/jira/browse/SPARK-30240
>             Project: Spark
>          Issue Type: Improvement
>          Components: Web UI
>    Affects Versions: 3.0.0
>            Reporter: Marcelo Masiero Vanzin
>            Assignee: Marcelo Masiero Vanzin
>            Priority: Minor
>             Fix For: 3.0.0
>
>
> Spark's support for proxy servers allows the code to prepend a prefix to URIs generated by Spark pages. But if Spark sends a redirect to the client, then Spark's own full URL is exposed. If the client cannot access that URL, or it's incorrect for whatever reason, then things do not work.
> For example, if you set up an stunnel HTTPS proxy on port 4443, and get the root of the Spark UI, you get this back (with all the TLS stuff stripped):
> {noformat}
> $ curl -v -k https://vanzin-t460p:4443/
> *   Trying 127.0.1.1...
> * Connected to vanzin-t460p (127.0.1.1) port 4443 (#0)
> > GET / HTTP/1.1
> > Host: vanzin-t460p:4443
> > User-Agent: curl/7.58.0
> > Accept: */*
> > 
> < HTTP/1.1 302 Found
> < Date: Thu, 12 Dec 2019 22:09:52 GMT
> < Cache-Control: no-cache, no-store, must-revalidate
> < X-Frame-Options: SAMEORIGIN
> < X-XSS-Protection: 1; mode=block
> < X-Content-Type-Options: nosniff
> < Location: http://vanzin-t460p:4443/jobs/
> < Content-Length: 0
> < Server: Jetty(9.4.18.v20190429)
> {noformat}
> So you can see that Jetty respects the "Host" header, but that has no information about the protocol, and Spark has no idea that the proxy is using HTTPS. So the returned URL does not work.
>  
> Some proxies are smart enough to rewrite responses, but it would be nice (and pretty easy) for Spark to support this simple use case.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@spark.apache.org
For additional commands, e-mail: issues-help@spark.apache.org