In production my Grails app is running on Tomcat port 8080 and sits behind an Apache proxy; port 80. All functions work except for authentication. When a user tries logging into the app Spring Security appends :8080 to the target URL and the connection times out since the request can't be routed.
I have already set the following in config.groovy but no success:
grails.serverURL = "http://domain.tld/${appName}"
grails.plugins.springsecurity.portMapper.httpPort = "80"
grails.plugins.springsecurity.portMapper.httpsPort = "443"
The issue occurs when I try with either built-in authentication or OpenID. The app had been working well for over 6 months before my hosting provider made changes by plugged a hole and started blocking port 8080 from the outside.
I just need Spring Security to write the URL without :8080
Any help is appreciated, thanks!
UPDATE
In the end the issue was with the host I was using. Something to do with Apache ProxyPass. The same application works fine on the new production VPS. Thanks for the input guys.
Add the following to your Config.groovy file:
grails.server.port.http = 80
I would consider change tomcat to port 80 and forward all apache requests to port 80. Pay attention to use x-forward proto header tag by spring security.
Already answered in the question
mod_rewrite not working to secure grails application
The tomcat configuration change works like a charm.
Related
I have a rails application running on a private subnet, using port 8080, without SSL enabled.
I also have an Apache SSL server on a DMZ, which I use as a reverse proxy to the rails application I mention first.
The problem is, rails include some absolute url in the generated code, with adresses beginning with http://...
If i use config.force_ssl = true as I read here or there, there is a infinite redirection, because rails sees the requests coming as plain HTTP and issues a redirect to HTTPS, but as the client already is.
The solution was simple enough: put this line in the reverse proxy configuration file :
RequestHeader set X-Forwarded-Proto "https"
I have installed java and apache tomcat on my Google cloud instance and have started the tomcat but when I try to connect to my instance from my browser on port 8080 or 8443 I cannot connect it. I should see the apache tomcat's welcome page right? Can someone plz help me with this?
You need to configure firewall to allow those ports.
The best option for your use case would be to use Google Cloud Launcher.
https://console.cloud.google.com/launcher/details/click-to-deploy-images/tomcat.
It should give you an external IP with HTTP and HTTPS tomcat ports open 8080.
Just go to the details of your instance and click on edit.
Now in the firewalls section and check Allow HTTP traffic.
Screenshot
I have hosted my website http://www.example.com, and it works fine.
when I try to access it by https://www.example.com, my browser says it is unable to connect?
Is this normal? (Is it a DNS issue or a rails app)
This probably isn't a Rails issue, but it's hard to say without more information. The most likely explanation is that your server probably isn't configured to have port 443 open, which is the default port for https connections.
If you are on Amazon EC2, you'll need to manually open port 443 in the EC2 security group configuration.
I am developing a grails webapp and used SOAP to publish my web service using
Endpoint.publish("http://localhost:8080/XYZ", new XYZ());
When I am accessing this service from my local machine then it works fine but when I try to access it through different computer using my machine IP address instead of localhost, it does not show anything.
I have allowed the port through firewall as well but still no success.
Can anyone tell me the reason and how to solve this?
By default embedded tomcat server will listen on localhost. You will have to explicitely bind it to the ip address.
Try this, and see if works
$grails -Dserver.host=192.168.1.100 run-app
Or
$grails -Dserver.host=192.168.1.100 run-war
I have running my own website for security reasons at an unusual port: https on Port 11223 instead oh 443.
This website provides the feature to login with an google account, realized by using the google OAuth API.
At the last step of authentication (redirecting back from google OAuth to my system), an network timeout happens.
On the other hand: if my server is running https on default port 443 instead of 11223, everything works fine.
I have configured the google OAuth client settings (Redirect URIs, Home page URL, JavaScript origins) for using the special port 112233. But without success.
Maybe it's important to know, the Server is behind a firewall with NAT. This means, the firewall receives https connections to port 11223 to redirect this to the internal webserver running https only on port 11223. But I think, this is not the point.
What could be the reason, why port 443 works but port 11223 doesn't.
I guess google OAuth does not support webservers running on an unusual prot!?!
The port number is 16 bits and thus can not exceed 65535.
Could it be proxy configuration issues? I recommend you configure your firewall to return 404 on the port 11223 and see what happens.