MAAS

nginx redirects should not include host and port number

Bug #1990685 reported by Tobias McNulty on 2022-09-23

This bug report is a duplicate of: Bug #1993618: Web UI redirection policy can invalidate HAProxy and/or TLS setup. Edit Remove

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	MAAS	Triaged	Medium	Unassigned

Bug Description

Nginx will include the port number and host when redirecting if not told to do otherwise: https://serverfault.com/questions/806909/nginx-redirect-without-port

If MAAS were to set `absolute_redirect off;` in each location stanza with a `return 301 ...;`, redirects would work even behind haproxy. There should be no harm to setting this for local (non-proxied) setups, and it would allow redirects to work when haproxy is set up as described in the MAAS documentation.

Christian Grabowski (cgrabowski) on 2022-09-23

Changed in maas:
status:	New → Triaged
importance:	Undecided → Medium

Revision history for this message

Tobias McNulty (tobias-mcnulty) wrote on 2022-09-23:

1990685.diff Edit (668 bytes, text/plain)

Proposed fix

Revision history for this message

Tobias McNulty (tobias-mcnulty) wrote on 2022-09-23:

Before fix:

$ curl -I http://10.30.0.20
HTTP/1.1 301 Moved Permanently
server: nginx/1.18.0 (Ubuntu)
date: Fri, 23 Sep 2022 23:10:53 GMT
content-type: text/html
content-length: 178
location: http://10.30.0.20:5240/MAAS/r/
set-cookie: SERVERID=regionc-1; path=/

After fix:

$ curl -I http://10.30.0.20
HTTP/1.1 301 Moved Permanently
server: nginx/1.18.0 (Ubuntu)
date: Fri, 23 Sep 2022 23:10:54 GMT
content-type: text/html
content-length: 178
location: /MAAS/r/
set-cookie: SERVERID=regionc-0; path=/

Without fix

Tobias McNulty (tobias-mcnulty) on 2022-09-24

summary:

- nginx redirects should not include port number
+ nginx redirects should not include host and port number