Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Nodejs Regression #44062

Closed
harvii opened this issue Aug 27, 2019 · 4 comments
Closed

Nodejs Regression #44062

harvii opened this issue Aug 27, 2019 · 4 comments
Labels
Team:Core Core services & architecture: plugins, logging, config, saved objects, http, ES client, i18n, etc

Comments

@harvii
Copy link

harvii commented Aug 27, 2019

Kibana version:
7.3.0
Elasticsearch version:
7.3.0
Server OS version:
Windows Server 2012 R2
Browser version:
Chrome 76.0.3809.100
Browser OS version:
Windows 10
Original install method (e.g. download page, yum, from source, etc.):
Download page
Description of the problem including expected versus actual behavior:
Kibana is running behind an Apache reverse proxy that is doing NTLM authentication, and X-Pack Security handling authorization (using 'Run As privileges' feature); most of the time this works without issues and authentication is invisible to the user, but occasionally the browser pops up a login window requesting credentials and even when valid credentials are provided Kibana still redirects the user to the homepage as if its a new login, cancelling whatever the user was doing.

After some digging, I noticed that when this issue happens, Kibana (or Nodejs to be specific) sends a TCP RST to Apache invalidating the active session, this behavior led me to this issue:
nodejs/node#24980

I added server.listener.headersTimeout = 121e3; to http_tools.ts and this seems to have solved the issue as the login popups are gone.

Steps to reproduce:

  1. Setup an Apache reverse proxy doing NTLM authentication.
  2. Setup User impersonation in Kibana as described here
  3. Login to Kibana.
  4. Wait 120 seconds.
  5. Try to access anything in Kibana

Expected behavior:
Authentication should be invisible to the users.

Actual behavior:
A login prompt pops up requesting credentials.
@wylieconlon wylieconlon added the Team:Core Core services & architecture: plugins, logging, config, saved objects, http, ES client, i18n, etc label Aug 28, 2019
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-platform

@isostatic
Copy link

isostatic commented Aug 21, 2020
edited

Had the same issue with 7.9.0 on Ubuntu 1604 from apt from
https://artifacts.elastic.co/packages/7.x/apt stable/main amd64 Packages

Disabling keepalive in apache with "SetEnv proxy-nokeepalive 1" fixed it, but for a better fix I added

server.listener.headersTimeout = listenerOptions.keepaliveTimeout + 1000;

to ./src/core/server/http/http_tools.js which seems to have worked.

@mshustov
Copy link
Contributor

nodejs/node#24980 has been fixed by incresing headersTimeout value to 60s. Released Node v12.17.0 in nodejs/node#33197

@BBQigniter BBQigniter mentioned this issue Aug 26, 2020
Closed
@mshustov
Copy link
Contributor

closed in favour of #73849

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Team:Core Core services & architecture: plugins, logging, config, saved objects, http, ES client, i18n, etc
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@wylieconlon @mshustov @harvii @elasticmachine @isostatic