You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@spark.apache.org by "paul mackles (JIRA)" <ji...@apache.org> on 2018/01/19 19:44:00 UTC
[jira] [Commented] (SPARK-11499) Spark History Server UI should
respect protocol when doing redirection
[ https://issues.apache.org/jira/browse/SPARK-11499?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16332811#comment-16332811 ]
paul mackles commented on SPARK-11499:
--------------------------------------
We ran into this issue running the spark-history server as a Marathon app on a Mesos cluster. As is typical for this kind of setup, there is a reverse-proxy that users go through to access the app. In our case, we are also offloading SSL to the reverse-proxy so communications between the reverse-proxy and spark-history are plain-old HTTP. I experimented with 2 different fixes:
# Making sure that the SparkUI and History components look at APPLICATION_WEB_PROXY_BASE when generating redirect URLs. In order for it to honor the protocol, APPLICATION_WEB_PROXY_BASE must include the desired protocol (i.e. APPLICATION_WEB_PROXY_BASE=https://example.com)
# Using Jetty's built-in ForwardRequestCustomizer class to process "X-Forwarded-*" headers defined in rfc7239.
Both changes worked in our environment and both changes are fairly simple. Looking for feedback on whether one solution is preferable to the other. For our environment, #2 is preferable because:
* The reverse proxy we use is already sending these headers.
* Allows for the spark-history server to see the actual client info as opposed to that of the proxy
If no strong feelings one way or another, I'll submit a PR for solution #2.
References:
* [https://tools.ietf.org/html/rfc7239]
* [http://download.eclipse.org/jetty/stable-9/apidocs/org/eclipse/jetty/server/ForwardedRequestCustomizer.html]
> Spark History Server UI should respect protocol when doing redirection
> ----------------------------------------------------------------------
>
> Key: SPARK-11499
> URL: https://issues.apache.org/jira/browse/SPARK-11499
> Project: Spark
> Issue Type: Bug
> Components: Web UI
> Reporter: Lukasz Jastrzebski
> Priority: Major
>
> Use case:
> Spark history server is behind load balancer secured with ssl certificate,
> unfortunately clicking on the application link redirects it to http protocol, which may be not expose by load balancer, example flow:
> * Trying 52.22.220.1...
> * Connected to xxx.yyy.com (52.22.220.1) port 8775 (#0)
> * WARNING: SSL: Certificate type not set, assuming PKCS#12 format.
> * Client certificate: user@yyy.com
> * TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
> * Server certificate: *.yyy.com
> * Server certificate: Entrust Certification Authority - L1K
> * Server certificate: Entrust Root Certification Authority - G2
> > GET /history/20151030-160604-3039174572-5951-22401-0004 HTTP/1.1
> > Host: xxx.yyy.com:8775
> > User-Agent: curl/7.43.0
> > Accept: */*
> >
> < HTTP/1.1 302 Found
> < Location: http://xxx.yyy.com:8775/history/20151030-160604-3039174572-5951-22401-0004
> < Connection: close
> < Server: Jetty(8.y.z-SNAPSHOT)
> <
> * Closing connection 0
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@spark.apache.org
For additional commands, e-mail: issues-help@spark.apache.org