New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Inter-node communication must use system http provider #4905

Closed
kroepke opened this Issue Jul 12, 2018 · 1 comment

Comments

Projects
None yet
3 participants
@kroepke
Member

kroepke commented Jul 12, 2018

When setting htty_proxy_uri in Graylog this setting is being used by node-to-node communication as well, because the wrong http provider is used.

https://github.com/Graylog2/graylog2-server/blob/master/graylog2-server/src/main/java/org/graylog2/rest/RemoteInterfaceProvider.java#L37 should be using the @Named("systemHttpClient") to make sure no http proxy is being used.

Alternatively we could introduce a second HTTP proxy uri setting that is being used for the inter-node communication, but we've never had any requests for this.

Duplicate in copied issue for threat intel: #4392

@kroepke kroepke added the bug label Jul 12, 2018

@kroepke kroepke added this to the 2.4.6 milestone Jul 12, 2018

@kroepke

This comment has been minimized.

Member

kroepke commented Jul 12, 2018

This applies to 3.0 as well.

@bernd bernd self-assigned this Jul 12, 2018

bernd added a commit that referenced this issue Jul 13, 2018

Add "http_non_proxy_hosts" configuration option
This can be used to bypass a configured proxy server for a list of
hostnames or IP addresses. It must be used if the inter-node
communication between graylog servers should not go through a configured
proxy server.

The matcher implementation for the "http_non_proxy_hosts" is similar to
the implementation that is used for the "http.nonProxyHosts" system
property. (only the delimiter is "," instead of "|" for consistency)
By using a similar implementation, it will be possible to also set the
system property in the future. (if needed - tbd)

Fixes #4905
Fixes #4392

@joschi joschi added the triaged label Jul 16, 2018

kroepke added a commit that referenced this issue Jul 16, 2018

Add "http_non_proxy_hosts" configuration option (#4908)
This can be used to bypass a configured proxy server for a list of
hostnames or IP addresses. It must be used if the inter-node
communication between graylog servers should not go through a configured
proxy server.

The matcher implementation for the "http_non_proxy_hosts" is similar to
the implementation that is used for the "http.nonProxyHosts" system
property. (only the delimiter is "," instead of "|" for consistency)
By using a similar implementation, it will be possible to also set the
system property in the future. (if needed - tbd)

Fixes #4905
Fixes #4392

(This needs to be cherry-picked into 2.4 once merged)

bernd added a commit that referenced this issue Jul 16, 2018

Add "http_non_proxy_hosts" configuration option
This can be used to bypass a configured proxy server for a list of
hostnames or IP addresses. It must be used if the inter-node
communication between graylog servers should not go through a configured
proxy server.

The matcher implementation for the "http_non_proxy_hosts" is similar to
the implementation that is used for the "http.nonProxyHosts" system
property. (only the delimiter is "," instead of "|" for consistency)
By using a similar implementation, it will be possible to also set the
system property in the future. (if needed - tbd)

Fixes #4905
Fixes #4392

(cherry picked from commit 979787e)

bernd added a commit that referenced this issue Jul 16, 2018

Add "http_non_proxy_hosts" configuration option (#4915)
This can be used to bypass a configured proxy server for a list of
hostnames or IP addresses. It must be used if the inter-node
communication between graylog servers should not go through a configured
proxy server.

The matcher implementation for the "http_non_proxy_hosts" is similar to
the implementation that is used for the "http.nonProxyHosts" system
property. (only the delimiter is "," instead of "|" for consistency)
By using a similar implementation, it will be possible to also set the
system property in the future. (if needed - tbd)

Fixes #4905
Fixes #4392

(cherry picked from commit 979787e)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment