Details
-
Bug
-
Status: Resolved (View Workflow)
-
Minor
-
Resolution: Fixed
-
29.0.5
-
Security Level: Default (Default Security Scheme)
-
NB
-
920
Description
When you run OpenNMS behind a reverse proxy that terminates the TLS connection you need to configure the
opennms.web.base-url=https://%x%c/
to set the correct HTTP scheme for the client. When you enter the web UI we see some redirects from Jetty happening to get you from the entrypoint / to /opennms/login.jsp. These redirects are served with HTTP scheme and it seems the base-url setting is ignored even when you enter the web app with HTTPS.
The same thing happens if you enter the password with the redirects to the index.jsp or in case you enter the wrong credentials with the j_spring_security_check which redirects via HTTP to the login.jsp?login_error=1.
In case your reverse proxy automatically redirects everything from HTTP to HTTPS the user won't notice. The problem appears if you don't have port 80 for HTTP available. The flow through these parts in the web UI got stuck cause these redirects can't be delivered.
Here are some screenshots from the network recording which shows this conversation from a browser's perspective: