Project

General

Custom queries

Profile

Actions
Copy link

Bug #12646

open

Isolated Reverse proxy exposes all of Katello/Foreman

Added by Travis Camechis over 9 years ago. Updated over 1 year ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Difficulty:
easy
Triaged:
Yes
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

After doing some investigation, The Client hits hits the reverse proxy on the capsule at 8443 and it gets proxied to the backend Katello instance. If from a browser I actually hit the url for instance ( https://capsule:8443/ ); It actually takes me directly to the foreman box and that looks to be how the reverse proxy is setup on an isolated capsule. That seems to be somewhat of a security hole since your exposing the full Katello instance to the outside. I modified to the reverse proxy to only proxy /rhsm urls and that seems to be a little better and subscription management still works. There are apis that are displayed in JSON format when I hit the URL now but at least its not the foreman application itself. I am not sure if there is a better solution to this? Would it be possible maybe to host a small RHSM client on the capsule that forwards the request back to Katello? Just thoughts

I have attached the proxy config I used.

Files

28-katello-reverse-proxy.conf 28-katello-reverse-proxy.conf 1.96 KB Travis Camechis, 12/01/2015 09:31 AM

Related issues 1 (0 open1 closed)

Related to Katello - Feature #17367: Capsule should listen for RHSM requests on port 443, like Satellite doesClosedActions
#1

Updated by Eric Helms over 9 years ago

  • Translation missing: en.field_release set to 86
  • Triaged changed from No to Yes
#2

Updated by Eric Helms almost 9 years ago

  • Translation missing: en.field_release changed from 86 to 143
#3

Updated by Justin Sherrill almost 9 years ago

  • Category set to Installer
  • Translation missing: en.field_release changed from 143 to 114
  • Difficulty set to easy
#4

Updated by Justin Sherrill about 7 years ago

  • Translation missing: en.field_release changed from 114 to 338
#5

Updated by Stephen Benjamin almost 7 years ago

  • Related to Feature #17367: Capsule should listen for RHSM requests on port 443, like Satellite does added
#7

Updated by Justin Sherrill almost 7 years ago

  • Target version changed from Katello 3.7.0 to Katello 3.8.0
  • Triaged set to No
#8

Updated by Eric Helms over 6 years ago

  • Target version deleted (Katello 3.8.0)
  • Triaged changed from Yes to No
#9

Updated by Andrew Kofink over 6 years ago

  • Target version set to Katello Backlog
  • Triaged changed from No to Yes
#12

Updated by Ewoud Kohl van Wijngaarden over 1 year ago

  • Project changed from Katello to Installer
  • Category deleted (Installer)
  • Target version deleted (Katello Backlog)
Actions
Copy link

Also available in: Atom PDF