You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@archiva.apache.org by "Alix Lourme (JIRA)" <ji...@codehaus.org> on 2014/06/03 19:01:10 UTC

[jira] (MRM-1845) Virtual repository not accessible behind https reverse proxy

Alix Lourme created MRM-1845:
--------------------------------

             Summary: Virtual repository not accessible behind https reverse proxy
                 Key: MRM-1845
                 URL: https://jira.codehaus.org/browse/MRM-1845
             Project: Archiva
          Issue Type: Bug
          Components: repository interface
    Affects Versions: 2.0.1, 1.4-M4
         Environment: Archiva in intranet company, accessed from internet with a https reverse proxy
            Reporter: Alix Lourme


+Context+ : 
* Company with multiple repositories (internet/proxied ... snapshot/release) => a virtual repository is configured to provide central access. 
* No credentials configured to access to Archiva (except admin).
* This _virtual_ repository is used from internet (suppliers, personal dev, etc) in *https*, a IT reverse proxy bind https internet url to intranet Archiva url.

+Use case+ : 

|| Url || Result ||
| http://repository.company-intranet.com/repository/company-releases/groupId/artifactId | works |
| http://repository.company-intranet.com/repository/virtual/groupId/artifactId | works |
| https://repository.company-internet.com/repository/company-releases/groupId/artifactId | works (with proxy credentials ... browser or maven) |
| https://repository.company-internet.com/repository/virtual/groupId/artifactId | *don't works : HTTP 401* |

_Virtual_ respository from https wan't credentials, with domain : *Repository Archiva Managed virtual Repository* (Powered by _Jetty_).

After some tests and http call analysis, _virtual_ repository has inconvenience with the header : 
{code}
Authorization: Basic Zm9vOm5pY2VUcnkh
{code}

This header is filled by reverse proxy.

_virtual_ repository has no reason to have a different security strategy compared to _classic_ repository => whence this bug.

----
+Workaround+ : If an Apache is in front of Archiva, you could cancel this problem with this configuration rule in _VirtualHost_ context (prerequisite : _headers_module_): 

{code}
RequestHeader unset Authorization
{code}



--
This message was sent by Atlassian JIRA
(v6.1.6#6162)