API developer portal cannot startup with "Invalid HostHeader" error
search cancel

API developer portal cannot startup with "Invalid HostHeader" error

book

Article ID: 388413

calendar_today

Updated On:

Products

CA API Developer Portal

Issue/Introduction

Trying to upgrade the API developer portal by parallelly setting up a new infrastructure, but after migrate the portal data over to the new machine, the portal doesn't start up

Cause

The portal doesn't start up and gets stuck at tenant-provisioner.

The portal-data log shows that the portal-data service is healthy, but the tenant-provisioner keep sending request which cannot pass the host validation, the error message is like,

[system-portal.log] [2025-02-12 06:27:20,483] [ERROR] [c.l.p.u.s.HostHeaderFilter] [http-nio-8080-exec-2] [67ac3f48cefba51e47f39f6bf7a781ab|5ede82560c8d2b23] [|||] Invalid HostHeader: apim.<new domain>, time spent processing this filter 15 ms

 

This is because the portal domain on new environment is not matching the portal domain in old environment.

Resolution

Work around:

Put the invalid hostnames in the white list by running following command on the portal server,

export HOSTNAME_WHITELIST="apim.<new domain>,<other hostnames seperate by comma>"

 

After the portal starts up, you may need to remove the old tenant data with old domain, because, as per the document below,

Portal Multi-Tenancy

"You can only define one Portal domain on Portal. You can call your tenant differently but cannot change the domain name."

 

Hence, the portal does not really support moving tenant from one domain to another. 

So, for parallel upgrade, we should use same portal domain, and after test the new server, the old server should be removed. 

 

Additional Information

If want to keep the old tenant data but migrate to new domain, may need to manually change the data in portal database. 

The following table may contain data related to hostname/email/url with refer to old domain,

API

APPLICATION

APPLICATION_API_KEY

TENANT_GATEWAY

TENANT_INFO

USER_INFO

VPC_SETTINGS

 

Note that the list might not be complete, manually change them in database is not certified, and might cause unknown side effect.

1. dump the portal database
mysqldump portal > portal.sql
2. replace old domain with new domain, 
for example, assume old domain is "apj.local", new domain is "uat.local",
sed -i 's/apj.local/uat.local/g' portal.sql
3. import the new sql file to the portal database
mysql < portal.sql

 

After that, need to re-enrol the gateway. 

i.e.

1. Remove the proxy on portal UI

2. Clean up the gateway as per document below("To clean up the API Gateway" section),

Enroll a Layer7 API Gateway

3. Enrol the gateway as per the same document above ("Enroll a Gateway" section)