Desktop Content Explorer doesn't work if using Apache (with SSL) to proxy Jetty

Dave_Hauver · March 23, 2017, 8:41pm

The version of Desktop Content Explorer included in the latest release (7.3.2, 732_20170308 patch) doesn’t work if Apache is used to proxy Jetty using SSL on port 443.

I have set up Apache to listen for SSL traffic on port 443 and to proxy Jetty. The Apache and Jetty configuration both match the instructions at http://help.percussion.com/rhythmyx/implementation/jetty/using-jetty-with-an-apache-proxy.html

I am able to log in through a web browser just fine, and am able to click on the link to launch Desktop Content Explorer.

After Desktop Content Explorer launches, the URL shown on the login screen is incorrect, and does not match the URL originally used to download the JNLP file. Specifically, port 80 is being appended to the end of the URL.

When I actually try to log in, I receive the following error:

In my configuration, Apache has an http listener on port 80, which is the cause of the above error message. It exists to redirect http traffic over to SSL.

<virtualhost><br>    ## Redirect all traffic to https. <br>    RewriteEngine On <br>    RewriteCond %{SERVER_PORT} 80<br>    RewriteRule ^(.*)$ <a href="https://%%7BSERVER_NAME%7D:443%241" rel="nofollow" target="_blank" title="Link https//SERVER_NAME44431">https://%{SERVER_NAME}:443$1</a> [R,NE,L]<br></virtualhost>

I believe that Desktop Content Explorer is making an assumption that if the server URL doesn’t specifically include a port, then port 80 should be used. However, this assumption is wrong when using SSL. If the URL’s protocol is set to https and a port isn’t specified, then port 443 should be used.

If I change Apache to use a non-standard SSL port instead, such as 6443, then I am able to successfully launch and use Desktop Content Explorer. The login screen correctly displays the server URL as https://SERVERNAME:6443/. I am able to log in and can successfully use Desktop Content Explorer.

The fact that the application works when I use a non-standard SSL port (6443) but does not work when using the standard port (443) is the main reason why I believe this is a bug within Desktop Content Explorer and not a problem within my configuration.

Stephen_Bolton · March 23, 2017, 10:03pm

Hi,

Thank you for posting this. This does look like an issue with how the default port is being picked up for https. We will look into resolving this but should have a way to get you working now.

The jnlp file is dynamically created with server information of the url used to request it. If you check the downloaded jnlp you will see that there is a codebase url specified twice in the file. Could you confirm whether this url includes the :80 port or not so see whether the problem is with the server/proxy configuration or the client.

By forcing the port to :443 in the jnlp file it should resolve the issue for you. You can do this by modifying the jnlp file on the server for jetty and jboss. A change in the downloaded file may have no effect because the updated information is always retrieved from the server.

{server install dir}/AppServer/server/rx/deploy/rxapp.ear/rxapp.war/dce/dce.jnlp
{server install dir}/jetty/base/Rhythmyx/dce/dce.jnlp

In these files replace $$codebase which appears twice with you server url including the :443 e.g. https://server:443/Rhythmyx/dce/

By doing this whatever url the jnlp file is requested on it will try and connect using the specified details including the 443 port.

You may need to force the re-download of dce on the client. You can do this by typing the following command. A gui will pop up and you can delete the Percussion application(s). They will then be re-downloaded . With this UI you can also install a desktop shortcut to start the application.

javaws -viewer

Just to add on this you can also start DCE without downloading the jnlp file using the javaws command

javaws https://server:port/Rhythmyx/dce/dce…

I hope this helps you resolve this issue.

Dave_Hauver · March 24, 2017, 1:22pm

Hi Stephen,

I confirmed that the codebase url in the downoaded dce.jnlp file did not contain :80. However, your suggestion of editing {server install dir}/jetty/base/webapps/Rhythmyx/dce/dce.jnlp on the server and replacing all occurrences of $$codebase with https://server:443/Rhythmyx/dce/ did the trick. I am now able to use port 443 for SSL.

Thanks for the quick reply and workaround!