Tamas Gal (Jul 05 2024 at 07:41): Tamas Gal (Jul 05 2024 at 07:41):I am now running Dataverse in a Docker Swarm and it works nicely. I'd like to make the Payara admin interface available on a different URL, so let's say that Dataverse is running under https://dataverse.ourinstitute.org, the admin interface should have https://manage.dataverse.ourinstitute.org. I do this quite often since I can manage and restrict the access via the load balancer without having additional ports open. Payara exposes port 4848 but when I configure the loadbalancer HAProxy to redirect to that port, I get an infinite loop of redirections. Maybe Payara uses the Site URL to and is confused by the admin interface URL?
The message in the browser is (depending on which I use, but the error is the same): Load cannot follow more than 20 redirections. In Chrome it's "redirected you too many times".
I am still investigating, maybe the misconfiguration is on the load balancer side but I thought I'll ask too.
Oliver Bertuch (Jul 05 2024 at 16:17):IIRC this is a restriction of the Payara Admin App (which knows nothing about Dataverse configuration) and their auto forwarding to the application URL.
Oliver Bertuch (Jul 05 2024 at 16:17):Try hitting that directly and it should work
Tamas Gal (Jul 08 2024 at 07:55):What do you mean exactly? I have no success yet ;) Clearly it's an issue with Payara, the HAProxy configuration is fine. S which URL should I "hit directly"?
Philip Durbin 🚀 (Jul 08 2024 at 13:32):I don't have much to add. Yes, this should have nothing to do with Dataverse. You could try asking on their forum: https://forum.payara.fish
Oliver Bertuch (Jul 08 2024 at 13:35):I'Ve been using it this morning with our Caddy config (/conf/proxy) and it worked without any quirks. Took me where I wanted, no redirects going awry
Tamas Gal (Jul 10 2024 at 05:43):Hm this is very weird. I just spent another hour on debugging but cannot make it work. I also assume it's a Payara thing, so I'll try there.
Screenshot-2024-07-10-at-07.41.56.png
Tamas Gal (Jul 10 2024 at 05:44):I have no redirects whatsoever in my config of HAProxy. It's really just: use 8080 if "dataverse.institute.org" or 4848 if "admin.dataverse.institute.org", just like I do with tons of other services
Tamas Gal (Jul 10 2024 at 07:59):The problem is that also HAProxy shows an HTTP 302 for the Payara service on port 4848
Tamas Gal (Jul 10 2024 at 07:59):Screenshot-2024-07-10-at-09.59.30.png
Tamas Gal (Jul 10 2024 at 08:00):The service in the first row is the HTTP on port 8080, which works fine and the one below is Payara on port 4848 which does the 302 thing
So maybe my docker configuration is not correct?
Tamas Gal (Jul 10 2024 at 08:03):That's in my docker config:
environment:
_CT_DATAVERSE_SITEURL: "https://dataverse.institute.org
DATAVERSE_DB_HOST: postgres
DATAVERSE_DB_PASSWORD: secret
DATAVERSE_DB_USER: dataverse
DATAVERSE_FEATURE_API_BEARER_AUTH: "1"
DATAVERSE_MAIL_SYSTEM_EMAIL: “mail…”
DATAVERSE_MAIL_MTA_HOST: "smtp"
JVM_ARGS: -Ddataverse.files.storage-driver-id=file1
-Ddataverse.files.file1.type=file
-Ddataverse.files.file1.label=Filesystem
-Ddataverse.files.file1.directory=/store
-Ddataverse.pid.providers=fake
-Ddataverse.pid.default-provider=fake
-Ddataverse.pid.fake.type=FAKE
-Ddataverse.pid.fake.label=FakeDOIProvider
-Ddataverse.pid.fake.authority=10.5072
-Ddataverse.pid.fake.shoulder=FK2/
The _CT_ thing is old news with the recent upgrade to Payara 6.2024.6. If you're using recent images, you can omit these prefixes
Tamas Gal (Jul 10 2024 at 08:13):ok i'll take that out!
Oliver Bertuch (Jul 10 2024 at 08:14):Aside from that - these configuration options are not in any way related to the Payara Admin Console.
Tamas Gal (Jul 10 2024 at 08:14):yes that's what i also understood
Oliver Bertuch (Jul 10 2024 at 08:14):That is an entirely separate application that comes with the appserver
Oliver Bertuch (Jul 10 2024 at 08:15):So there is nothing we can configure, at least I'm not aware of any config options
Tamas Gal (Jul 10 2024 at 08:15):i am really clueless
Oliver Bertuch (Jul 10 2024 at 08:15):If you want to cross-check with a different image, you can use the Payara upstream images. There's no Dataverse inside, but that doesn't matter for getting these reverse proxies to work
Oliver Bertuch (Jul 10 2024 at 08:16):I'd say go create a log of all the HTTP communication and let's take a look at that
Tamas Gal (Jul 10 2024 at 08:18):it must be some tiny mistake which i overlook ;)
Oliver Bertuch (Jul 10 2024 at 08:18):Or: just ignore this for now. Typically you will not interact with the Payara Console at all, so you might as well skip this part and turn to more interesting stuff in setting up Dataverse
Tamas Gal (Jul 10 2024 at 08:36):the open data management wants access to that, so unfortunately I need a solution :laughing: I don't see any output from the dataverse container when I try to connect to the admin interface and nor do I see any logs in the load balancer, so I start to think that the provider is messing up something with the DNS of the subdomain
Tamas Gal (Jul 10 2024 at 08:36):i'll report back once this mystery is solved
Tamas Gal (Jul 10 2024 at 08:59):it has to be something with Payara (sorry for the noise here)... if I only change the port from 4848 to 8080 in the admin backend of my load balancer, i get the usual dataverse instance, so everything is working on that backend
I now also put the log level to debug and i can see 302 redirects
Oliver Bertuch (Jul 10 2024 at 08:59):Please note that the default password for the admin user of the Payara Console is "admin". I have a PR in the works that will allow easy changes of this password at boot time of the container.
Tamas Gal (Jul 10 2024 at 09:00):Yep, that's why i am worried :laughing:
Tamas Gal (Jul 10 2024 at 09:01):I will now try to figure out how the gdcc/dataverse:alpha image is built to understand why Payara might not work
Tamas Gal (Jul 10 2024 at 09:04):i mean, it's definitely suspicious that port 8080 works flawlessly and 4848 does an HTTP 302 redirect loop (and both on the very same container)
Tamas Gal (Jul 10 2024 at 09:13):Hmm, so I might have a clue. Maybe Payara "guesses" the URL by taking the given domain from the HTTP request and then makes an "HTTP" call behind the scene, which again triggers my HTTPS "redirect" from the load balancer
Tamas Gal (Jul 10 2024 at 09:14):@Oliver Bertuch are you using SSL termination outside of the container world or do you offer the certificate directly?
Tamas Gal (Jul 10 2024 at 09:28):I opened a thread here: https://forum.payara.fish/t/payara-behind-haproxy-with-ssl-termination-endless-redirect-302-loop/877
Oliver Bertuch (Jul 10 2024 at 10:18):My SSL termination happens in my K8s Ingress Controller (NGINX based)
Oliver Bertuch (Jul 10 2024 at 10:18):So not outside the container world, but also not doing SSL termination at the Payara end
Oliver Bertuch (Jul 10 2024 at 10:19):Yes, this guesswork is something I do remember - it somehow sends you some strange redirect. If you take a look at the redirection destination it sends you to, you can manipulate that URL to fit your needs and hit it directly
Oliver Bertuch (Jul 10 2024 at 10:19):That should start working then
Oliver Bertuch (Jul 10 2024 at 10:20):In your reverse proxy you could add a rewrite rule to catch the empty path and send people to the right endpoint on your own
Oliver Bertuch (Jul 10 2024 at 10:21):Tamas Gal said:
Yep, that's why i am worried :laughing:
Here's the PR to watch: https://github.com/IQSS/dataverse/pull/10672
Tamas Gal (Jul 10 2024 at 11:26):OK thanks for that. I'm already investigating but apparently the URL is imply /
Philip Durbin 🚀 (Jul 10 2024 at 13:41):@Tamas Gal thanks for posting on the Payara forum. And please don't worry about a little noise here. :grinning:
Last updated: Oct 30 2025 at 05:14 UTC