apikit icon indicating copy to clipboard operation
apikit copied to clipboard
verified publisher icon mulesoft

Can't get APIkit console to work if accessed through a reverse proxy

Open rtolsson opened this issue 11 years ago • 11 comments

Setup:

Mule server version is 3.4. APIkit version is 1.2.

  1. Main flow contains an APIkit router having an HTTP inbound that listens on http://0.0.0.0:8081/api/v1
  2. APIkit config specifies console path "/console"
  3. RAML file specifies a baseURI "https://proxy.somedomain/dev/internal/api/{version}". Version is "v1".
  4. Application is built and deployed to the Mule server.

Console is then accessed via a reverse proxy (nginx installed on the Mule server) at https://proxy.somedomain/dev/internal/api/v1/console . The request is forwarded by nginx to http://localhost:8081/api/v1/console .

Console tries to load but after a short while this message is shown:

{"context":"while fetching http://localhost:8081/api/v1/","context_mark":null,"message":"cannot fetch http://localhost:8081/api/v1/ (while fetching http://localhost:8081/api/v1/\ncannot fetch http://localhost:8081/api/v1/ (NetworkError: A network error occurred.))","problem_mark":null}

Telling nginx to set the Host header to the host of the inbound URL doesn't help. The error message is still the same, the host just changes to "proxy.somedomain".

I thought the RAML baseUri (if specified) should be used as the console base URL, but apparently it isn't. Is there a way of configuring Mule/APIkit to make the console work behind a reverse proxy?

rtolsson avatar Apr 11 '14 13:04 rtolsson

Hi,

have in mind that APIkit does not know anything about additional layers that you put on top of it.

The BaseUri in the RAML is overwritten, based on the configuration you set to mule, when running APIkit, (you can see what is returning if you debug the console and inspect the raml returned in network traffic).

The right way to make this work is to configure "URL rewriting" in your proxy, that way, all the trafic that goes through it will be changed and the console will work.

Thanks, Fede

fedebongio avatar Apr 15 '14 19:04 fedebongio

I'm experiencing something similar. APIKIT-241 seems to have fixed this partially, but now the BaseUri is proxy.somedomain:8585/v1 rather than 0.0.0.0:8585/v1. It's still appending the port number to the BaseUri the RAML is retrieved from even though it's not in the request URI. I've tested and proxy.somedomain/v1 does return the RAML file as expected.

ethanchiddicks avatar Jun 17 '14 15:06 ethanchiddicks

can you check if this change c5e261b fixes your case?

svacas avatar Jul 07 '14 20:07 svacas

Why can't the API designer perform requests against the baseUri if it is specified? Otherwise you could go with it checking the Mule configuration.

My issue is similar. As OP said he has a proxy which exposes https. The communication between the proxy and the internal mule server is done with http. (reverse proxy has been added so the console loads up fine)

The issue is that when you want to try out a resource it will show the http address. That is the result of scanning the mule configuration and ignoring basicUri. We want to skip internal https to simplify the process.

jamesHau avatar Dec 15 '14 14:12 jamesHau

Similar issues, nginx reverse proxy with https and internal service with http. Tweaked some settings in reverse proxy config, and the console is working properly. The problem is console made requests via try it are sent to wrong address (the http one instead https). Has anyone working solution for this?

peetu77 avatar Feb 04 '15 08:02 peetu77

Has anyone found a solution? I'm having exactly the same problem. APIKit is making a hard to grasp assumption here, assuming the deployment server will always know the public facing host name. Maybe we can add some hardcoded config as a workaround?

samuelgrigolato avatar Feb 23 '15 03:02 samuelgrigolato

I think the best way to solve this is would be to add support for the X-Forwarded-* headers in the HTTP Connector and then allow for the APIKit to use these settings if they are present.

ullgren avatar Mar 06 '15 13:03 ullgren

Having the same issue here. Any updates on how to solve this problem, almost a year later after reported? We are planning to try to use mod_substitute but it would be nicer if API kit has some sort of flag to tell it to just use relative URLs.

hectoralicea avatar Mar 24 '16 14:03 hectoralicea

This is really annoying. No news?

jacobsvante avatar Jun 17 '16 18:06 jacobsvante

I got this working. Need to use rewrites RewriteCond %{HTTP_REFERER} /hla-esb/api/lenders/ RewriteCond %{REQUEST_URI} /hla-esb/api/$ RewriteRule .? http://localhost:8084%{REQUEST_URI} [P] along with the other ProxyPass and ProxyPassReverse statements

where localhost is the mule server hosing the api

hectoralicea avatar Jun 17 '16 18:06 hectoralicea

I would think just making the calls to retrieve the RAML files relative urls would be enough to fix this issue. In our environment we use HTTPS at the edge of the network. ApiKit console url is over HTTPS but the call to get the RAML file is HTTP because its an absolute url.

carbonrobot avatar Nov 09 '16 15:11 carbonrobot