Restore ability to run behind reverse proxy (Graylog2#4430)

* remove base tag from generated index.html to allow proxy servers to set appprefix separately

* baseUri is now appPrefix

this enables using custom application prefixes to host graylog one umbrella address,
but separating it via the path, e.g. http://mycorp.com/graylog

care needs to be taken to properly configure the proxy server, so that it strips the
path prefix when passing the request, but that isn't graylog-specific

* Small HTTP config comment tweaks for the example config

* Allow context path customization via "http_publish_uri"

It's now possible to serve the HTTP server under a different context
path than "/".

* Make sure we always build an external URI with a trailing /

* Adjust index.html template to avoid duplicate "/" in the generated URIs

* Change wording

graylog2-server/src/main/java/org/graylog2/rest/RestTools.java

@@ -27,7 +27,6 @@
 import javax.annotation.Nullable;
 import javax.validation.constraints.NotNull;
 import javax.ws.rs.container.ContainerRequestContext;
-import javax.ws.rs.core.HttpHeaders;
 import javax.ws.rs.core.MultivaluedMap;
 import javax.ws.rs.core.SecurityContext;
 import java.net.URI;
@@ -112,7 +111,13 @@ public static URI buildExternalUri(@NotNull MultivaluedMap<String, String> httpH
                     .findFirst();
         }
 
-        return externalUri.orElse(defaultUri);
+        final URI uri = externalUri.orElse(defaultUri);
+
+        // Make sure we return an URI object with a trailing slash
+        if (!uri.toString().endsWith("/")) {
+            return URI.create(uri.toString() + "/");
+        }
+        return uri;
     }
 
     public static String getPathFromResource(Resource resource) {

graylog2-server/src/main/java/org/graylog2/shared/initializers/JerseyService.java

@@ -84,6 +84,7 @@
 
 import static com.codahale.metrics.MetricRegistry.name;
 import static com.google.common.base.MoreObjects.firstNonNull;
+import static com.google.common.base.Strings.isNullOrEmpty;
 import static java.util.Objects.requireNonNull;
 
 public class JerseyService extends AbstractIdleService {
@@ -166,12 +167,13 @@ private void startUpApi() throws Exception {
                         configuration.getHttpTlsKeyPassword()) : null;
 
         final HostAndPort bindAddress = configuration.getHttpBindAddress();
+        final String contextPath = configuration.getHttpPublishUri().getPath();
         final URI listenUri = new URI(
                 configuration.getUriScheme(),
                 null,
                 bindAddress.getHost(),
                 bindAddress.getPort(),
-                "/",
+                isNullOrEmpty(contextPath) ? "/" : contextPath,
                 null,
                 null
         );

graylog2-server/src/main/java/org/graylog2/web/IndexHtmlGenerator.java

@@ -69,7 +69,7 @@ public String get(MultivaluedMap<String, String> headers) {
                 .put("title", "Graylog Web Interface")
                 .put("cssFiles", cssFiles)
                 .put("jsFiles", sortedJsFiles)
-                .put("baseUri", RestTools.buildExternalUri(headers, httpConfiguration.getHttpExternalUri()))
+                .put("appPrefix", RestTools.buildExternalUri(headers, httpConfiguration.getHttpExternalUri()))
                 .build();
         return templateEngine.transform(template, model);
     }

graylog2-server/src/main/resources/web-interface/index.html.template

@@ -5,16 +5,15 @@
     <meta name="robots" content="noindex, nofollow">
     <meta charset="UTF-8">
     <title>${title}</title>
-    <base href="${baseUri}">
-    <link rel="shortcut icon" href="assets/favicon.png">
+    <link rel="shortcut icon" href="${appPrefix}assets/favicon.png">
     ${foreach cssFiles cssFile}
-    <link href="assets/${cssfile}" rel="stylesheet">
+    <link href="${appPrefix}assets/${cssfile}" rel="stylesheet">
     ${end}
   </head>
   <body>
-    <script src="config.js"></script>
+    <script src="${appPrefix}config.js"></script>
     ${foreach jsFiles jsFile}
-    <script src="assets/${jsFile}"></script>
+    <script src="${appPrefix}assets/${jsFile}"></script>
     ${end}
   </body>
 </html>

graylog2-server/src/test/java/org/graylog2/rest/RestToolsTest.java

@@ -62,15 +62,15 @@ public void getRemoteAddrFromRequestReturnsClientAddressWithXForwardedForHeaderF
     @Test
     public void buildExternalUriReturnsDefaultUriIfHeaderIsMissing() throws Exception {
         final MultivaluedMap<String, String> httpHeaders = new MultivaluedHashMap<>();
-        final URI externalUri = URI.create("http://graylog.example.com");
+        final URI externalUri = URI.create("http://graylog.example.com/");
         assertThat(RestTools.buildExternalUri(httpHeaders, externalUri)).isEqualTo(externalUri);
     }
 
     @Test
     public void buildExternalUriReturnsDefaultUriIfHeaderIsEmpty() throws Exception {
         final MultivaluedMap<String, String> httpHeaders = new MultivaluedHashMap<>();
         httpHeaders.putSingle(HttpConfiguration.OVERRIDE_HEADER, "");
-        final URI externalUri = URI.create("http://graylog.example.com");
+        final URI externalUri = URI.create("http://graylog.example.com/");
         assertThat(RestTools.buildExternalUri(httpHeaders, externalUri)).isEqualTo(externalUri);
     }
 
@@ -79,15 +79,31 @@ public void buildExternalUriReturnsHeaderValueIfHeaderIsPresent() throws Excepti
         final MultivaluedMap<String, String> httpHeaders = new MultivaluedHashMap<>();
         httpHeaders.putSingle(HttpConfiguration.OVERRIDE_HEADER, "http://header.example.com");
         final URI externalUri = URI.create("http://graylog.example.com");
-        assertThat(RestTools.buildExternalUri(httpHeaders, externalUri)).isEqualTo(URI.create("http://header.example.com"));
+        assertThat(RestTools.buildExternalUri(httpHeaders, externalUri)).isEqualTo(URI.create("http://header.example.com/"));
     }
 
     @Test
     public void buildEndpointUriReturnsFirstHeaderValueIfMultipleHeadersArePresent() throws Exception {
         final MultivaluedMap<String, String> httpHeaders = new MultivaluedHashMap<>();
         httpHeaders.put(HttpConfiguration.OVERRIDE_HEADER, ImmutableList.of("http://header1.example.com", "http://header2.example.com"));
         final URI endpointUri = URI.create("http://graylog.example.com");
-        assertThat(RestTools.buildExternalUri(httpHeaders, endpointUri)).isEqualTo(URI.create("http://header1.example.com"));
+        assertThat(RestTools.buildExternalUri(httpHeaders, endpointUri)).isEqualTo(URI.create("http://header1.example.com/"));
+    }
+
+    @Test
+    public void buildEndpointUriEnsuresTrailingSlash() {
+        final MultivaluedMap<String, String> httpHeaders = new MultivaluedHashMap<>();
+        final URI endpointUri = URI.create("http://graylog.example.com");
+        final URI endpointUri2 = URI.create("http://graylog.example.com/");
+
+        assertThat(RestTools.buildExternalUri(httpHeaders, endpointUri)).isEqualTo(URI.create("http://graylog.example.com/"));
+        assertThat(RestTools.buildExternalUri(httpHeaders, endpointUri2)).isEqualTo(URI.create("http://graylog.example.com/"));
+
+        httpHeaders.putSingle(HttpConfiguration.OVERRIDE_HEADER, "http://header.example.com");
+        assertThat(RestTools.buildExternalUri(httpHeaders, endpointUri)).isEqualTo(URI.create("http://header.example.com/"));
+
+        httpHeaders.putSingle(HttpConfiguration.OVERRIDE_HEADER, "http://header.example.com/");
+        assertThat(RestTools.buildExternalUri(httpHeaders, endpointUri)).isEqualTo(URI.create("http://header.example.com/"));
     }
 
     @Test

misc/graylog.conf

@@ -142,6 +142,7 @@ plugin_dir = plugin
 # The size of the thread pool used exclusively for serving the HTTP interface.
 #http_thread_pool_size = 16
 
+################
 # HTTPS settings
 ################