API developer portal cannot startup with "Invalid HostHeader" error
Article ID: 388413
Updated On:
Products
Issue/Introduction
Trying to upgrade the API developer portal by parallelly setting up a new infrastructure, but after migrate the portal data over to the new machine, the portal doesn't start up
Cause
The portal doesn't start up and gets stuck at tenant-provisioner.
The portal-data log shows that the portal-data service is healthy, but the tenant-provisioner keep sending request which cannot pass the host validation, the error message is like,
[system-portal.log] [2025-02-12 06:27:20,483] [ERROR] [c.l.p.u.s.HostHeaderFilter] [http-nio-8080-exec-2] [67ac3f48cefba51e47f39f6bf7a781ab|5ede82560c8d2b23] [|||] Invalid HostHeader: apim.<new domain>, time spent processing this filter 15 ms
This is because the portal domain on new environment is not matching the portal domain in old environment.
Resolution
Work around:
Put the invalid hostnames in the white list by running following command on the portal server,
export HOSTNAME_WHITELIST="apim.<new domain>,<other hostnames seperate by comma>"
After the portal starts up, you may need to remove the old tenant data with old domain, because, as per the document below,
"You can only define one Portal domain on Portal. You can call your tenant differently but cannot change the domain name."
Hence, the portal does not really support moving tenant from one domain to another.
So, for parallel upgrade, we should use same portal domain, and after test the new server, the old server should be removed.
Additional Information
If want to keep the old tenant data but migrate to new domain, may need to manually change the data in portal database.
The following table may contain data related to hostname/email/url with refer to old domain,
API
APPLICATION
APPLICATION_API_KEY
TENANT_GATEWAY
TENANT_INFO
USER_INFO
VPC_SETTINGS
Note that the list might not be complete, manually change them in database is not certified, and might cause unknown side effect.
1. dump the portal database
mysqldump portal > portal.sql
2. replace old domain with new domain,
for example, assume old domain is "apj.local", new domain is "uat.local",
sed -i 's/apj.local/uat.local/g' portal.sql
3. import the new sql file to the portal database
mysql < portal.sql
After that, need to re-enrol the gateway.
i.e.
1. Remove the proxy on portal UI
2. Clean up the gateway as per document below("To clean up the API Gateway" section),
3. Enrol the gateway as per the same document above ("Enroll a Gateway" section)
Feedback
