Uploaded image for project: 'Archiva'
  1. Archiva
  2. MRM-1928

Bad redirect URL when using Archiva through HTTP reverse proxy

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 2.2.1
    • 2.2.3
    • WebDAV Interface
    • None
    • Linux, Java8

    Description

      I'm running Archiva behind a reverse proxy that only exposes archiva via HTTPS.

      Maven works fine with it, but karaf and its karaf-maven-plugin fail, and I think also jenkins,.

      After some investigation I found that the redirects from -SNAPSHOT requests towards timestamped snapshot artifacts are wrong. Archiva computes the Location header without using the Application URL setting from the GUI, which in my case wrongfully changes the URL from https:// to http://.

      Below is an anonymized sample from my maven build log, which demonstrates the problem.

      ....
[DEBUG] Using transporter WagonTransporter with priority -1.0 for https://archiva.example.org/repository/example-snapshots/
[DEBUG] Using connector BasicRepositoryConnector with priority 0.0 for https://archiva.example.org/repository/example-snapshots/ with username=..., password=...
[DEBUG] CookieSpec selected: compatibility
[DEBUG] Connection request: [route: {s}->https://archiva.example.org:443][total kept alive: 0; route allocated: 0 of 20; total allocated: 0 of 40]
[DEBUG] Connection leased: [id: 1][route: {s}->https://archiva.example.org:443][total kept alive: 0; route allocated: 1 of 20; total allocated: 1 of 40]
[DEBUG] Opening connection {s}->https://archiva.example.org:443
[DEBUG] Connecting to archiva.example.org/...:443
[DEBUG] Connection established 192.168.0.2:38974<->...:443
[DEBUG] Executing request GET /repository/example-snapshots/org/example/my-artifact/0.2.0-SNAPSHOT/my-artifact-0.2.0-SNAPSHOT.jar HTTP/1.1
.....
[DEBUG] http-outgoing-1 >> GET /repository/example-snapshots/org/example/my-artifact/0.2.0-SNAPSHOT/my-artifact-0.2.0-SNAPSHOT.jar HTTP/1.1
[DEBUG] http-outgoing-1 >> Cache-control: no-cache
[DEBUG] http-outgoing-1 >> Cache-store: no-store
[DEBUG] http-outgoing-1 >> Pragma: no-cache
[DEBUG] http-outgoing-1 >> Expires: 0
[DEBUG] http-outgoing-1 >> Accept-Encoding: gzip
[DEBUG] http-outgoing-1 >> User-Agent: Aether
[DEBUG] http-outgoing-1 >> User-Agent: Aether
[DEBUG] http-outgoing-1 >> Host: archiva.example.org
[DEBUG] http-outgoing-1 >> Connection: Keep-Alive
[DEBUG] http-outgoing-1 >> Authorization: Basic ...
....
[DEBUG] http-outgoing-1 << HTTP/1.1 302 Found
[DEBUG] http-outgoing-1 << Date: Mon, 03 Oct 2016 14:26:38 GMT
[DEBUG] http-outgoing-1 << Set-Cookie: JSESSIONID=...;Path=/
[DEBUG] http-outgoing-1 << Expires: Thu, 01 Jan 1970 00:00:00 GMT
[DEBUG] http-outgoing-1 << Location: http://archiva.example.org/repository/example-snapshots/org/example/my-artifact/0.2.0-SNAPSHOT/my-artifact-0.2.0-20161003.123319-4.jar
[DEBUG] http-outgoing-1 << Connection: close
[DEBUG] http-outgoing-1 << Server: Jetty(8.1.14.v20131031)
[DEBUG] Authentication succeeded
[DEBUG] Caching 'basic' auth scheme for https://archiva.example.org:443
[DEBUG] Cookie accepted [JSESSIONID="...", version:0, domain:archiva.example.org, path:/, expiry:null]
[DEBUG] Redirect requested to location 'http://archiva.example.org/repository/example-snapshots/org/example/my-artifact/0.2.0-SNAPSHOT/my-artifact-0.2.0-20161003.123319-4.jar'
[DEBUG] Resetting target auth state
[DEBUG] Redirecting to 'http://archiva.example.org/repository/example-snapshots/org/example/my-artifact/0.2.0-SNAPSHOT/my-artifact-0.2.0-20161003.123319-4.jar' via {}->http://archiva.example.org:80
[DEBUG] http-outgoing-1: Shutdown connection
[DEBUG] Connection discarded
[DEBUG] http-outgoing-1: Close connection
[DEBUG] Connection released: [id: 1][route: {s}->https://archiva.example.org:443][total kept alive: 0; route allocated: 0 of 20; total allocated: 0 of 40]
[DEBUG] CookieSpec selected: compatibility
[DEBUG] Cookie [version: 0][name: JSESSIONID][value: ...][domain: archiva.example.org][path: /][expiry: null] match [archiva.example.org:80/repository/example-snapshots/org/example/my-artifact/0.2.0-SNAPSHOT/my-artifact-0.2.0-20161003.123319-4.jar]
[DEBUG] Connection request: [route: {}->http://archiva.example.org:80][total kept alive: 0; route allocated: 0 of 20; total allocated: 0 of 40]
[DEBUG] Connection leased: [id: 2][route: {}->http://archiva.example.org:80][total kept alive: 0; route allocated: 1 of 20; total allocated: 1 of 40]
[DEBUG] Opening connection {}->http://archiva.example.org:80
[DEBUG] Connecting to archiva.example.org/213.239.215.151:80
[DEBUG] http-outgoing-2: Shutdown connection
[DEBUG] Connection discarded
[DEBUG] http-outgoing-2: Close connection
[DEBUG] Connection released: [id: 2][route: {}->http://archiva.example.org:80][total kept alive: 0; route allocated: 0 of 20; total allocated: 0 of 40]
[WARNING] Error resolving artifactorg.example:my-artifact:jar:0.2.0-SNAPSHOT:Could not transfer artifact org.example:my-artifact:jar:0.2.0-SNAPSHOT from/to example-snapshots (https://archiva.example.org/repository/example-snapshots/): Connect to archiva.example.org:80 [archiva.example.org/213.239.215.151] failed: Connection refused
shaded.org.eclipse.aether.resolution.ArtifactResolutionException: Could not transfer artifact org.example:my-artifact:jar:0.2.0-SNAPSHOT from/to example-snapshots (https://archiva.example.org/repository/example-snapshots/): Connect to archiva.example.org:80 [archiva.example.org/213.239.215.151] failed: Connection refused
        at shaded.org.eclipse.aether.internal.impl.DefaultArtifactResolver.resolve(DefaultArtifactResolver.java:444)
        at shaded.org.eclipse.aether.internal.impl.DefaultArtifactResolver.resolveArtifacts(DefaultArtifactResolver.java:246)
        at shaded.org.eclipse.aether.internal.impl.DefaultArtifactResolver.resolveArtifact(DefaultArtifactResolver.java:223)
        at shaded.org.eclipse.aether.internal.impl.DefaultRepositorySystem.resolveArtifact(DefaultRepositorySystem.java:294)
        at org.ops4j.pax.url.mvn.internal.AetherBasedResolver.resolve(AetherBasedResolver.java:615)
        at org.ops4j.pax.url.mvn.internal.AetherBasedResolver.resolve(AetherBasedResolver.java:570)
        at org.ops4j.pax.url.mvn.internal.AetherBasedResolver.resolve(AetherBasedResolver.java:548)
        at org.ops4j.pax.url.mvn.internal.AetherBasedResolver.resolve(AetherBasedResolver.java:523)
        at org.apache.karaf.features.internal.download.impl.MavenDownloadTask.download(MavenDownloadTask.java:34)
        at org.apache.karaf.features.internal.download.impl.AbstractRetryableDownloadTask.run(AbstractRetryableDownloadTask.java:58)
        at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
        at java.util.concurrent.FutureTask.run(FutureTask.java:266)
        at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180)
        at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at java.lang.Thread.run(Thread.java:745)
Caused by: shaded.org.eclipse.aether.transfer.ArtifactTransferException: Could not transfer artifact org.example:my-artifact:jar:0.2.0-SNAPSHOT from/to example-snapshots (https://archiva.example.org/repository/example-snapshots/): Connect to archiva.example.org:80 [archiva.example.org/213.239.215.151] failed: Connection refused
        at shaded.org.eclipse.aether.connector.basic.ArtifactTransportListener.transferFailed(ArtifactTransportListener.java:43)
        at shaded.org.eclipse.aether.connector.basic.BasicRepositoryConnector$TaskRunner.run(BasicRepositoryConnector.java:355)
        at shaded.org.eclipse.aether.util.concurrency.RunnableErrorForwarder$1.run(RunnableErrorForwarder.java:67)
        at shaded.org.eclipse.aether.connector.basic.BasicRepositoryConnector$DirectExecutor.execute(BasicRepositoryConnector.java:581)
        at shaded.org.eclipse.aether.connector.basic.BasicRepositoryConnector.get(BasicRepositoryConnector.java:249)
        at shaded.org.eclipse.aether.internal.impl.DefaultArtifactResolver.performDownloads(DefaultArtifactResolver.java:520)
        at shaded.org.eclipse.aether.internal.impl.DefaultArtifactResolver.resolve(DefaultArtifactResolver.java:421)
        ... 16 more
Caused by: shaded.org.apache.maven.wagon.TransferFailedException: Connect to archiva.example.org:80 [archiva.example.org/213.239.215.151] failed: Connection refused
        at shaded.org.apache.maven.wagon.providers.http.AbstractHttpClientWagon.fillInputData(AbstractHttpClientWagon.java:1085)
        at shaded.org.apache.maven.wagon.providers.http.AbstractHttpClientWagon.fillInputData(AbstractHttpClientWagon.java:977)
        at shaded.org.apache.maven.wagon.StreamWagon.getInputStream(StreamWagon.java:116)
        at shaded.org.apache.maven.wagon.StreamWagon.getIfNewer(StreamWagon.java:88)
        at shaded.org.apache.maven.wagon.StreamWagon.get(StreamWagon.java:61)
        at shaded.org.eclipse.aether.transport.wagon.WagonTransporter$GetTaskRunner.run(WagonTransporter.java:560)
        at shaded.org.eclipse.aether.transport.wagon.WagonTransporter.execute(WagonTransporter.java:427)
        at shaded.org.eclipse.aether.transport.wagon.WagonTransporter.get(WagonTransporter.java:404)
        at shaded.org.eclipse.aether.connector.basic.BasicRepositoryConnector$GetTaskRunner.runTask(BasicRepositoryConnector.java:447)
        at shaded.org.eclipse.aether.connector.basic.BasicRepositoryConnector$TaskRunner.run(BasicRepositoryConnector.java:350)
        ... 21 more
Caused by: shaded.org.apache.http.conn.HttpHostConnectException: Connect to archiva.example.org:80 [archiva.example.org/213.239.215.151] failed: Connection refused
        at shaded.org.apache.http.impl.conn.HttpClientConnectionOperator.connect(HttpClientConnectionOperator.java:140)
        at shaded.org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:318)
        at shaded.org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:363)
        at shaded.org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:219)
        at shaded.org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:195)
        at shaded.org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:86)
        at shaded.org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:108)
        at shaded.org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
        at shaded.org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
        at org.ops4j.pax.url.mvn.internal.wagon.ConfigurableHttpWagon.execute(ConfigurableHttpWagon.java:142)
        at shaded.org.apache.maven.wagon.providers.http.AbstractHttpClientWagon.fillInputData(AbstractHttpClientWagon.java:1000)
        ... 30 more
Caused by: java.net.ConnectException: Connection refused
        at java.net.PlainSocketImpl.socketConnect(Native Method)
        at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
        at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
        at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
        at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
        at java.net.Socket.connect(Socket.java:589)
        at shaded.org.apache.http.conn.socket.PlainConnectionSocketFactory.connectSocket(PlainConnectionSocketFactory.java:72)
        at shaded.org.apache.http.impl.conn.HttpClientConnectionOperator.connect(HttpClientConnectionOperator.java:123)
        ... 40 more
[INFO] --------------------------------------------------------------------
.....

      I think maven downloads maven-metadata.xml and uses it to compute the address of the latest timestamped artifact, avoiding the redirect completely.

      I'm preparing a PR with a possible fix to this, which will follow soon if it tests correctly.

      Attachments

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            olamy Olivier Lamy
            cipi Ciprian Ciubotariu
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment