-
Notifications
You must be signed in to change notification settings - Fork 8.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Proxy protocol support for X-Forwarded-Port #4951
Comments
@djboris9 this should be using the same approach you see here
(pass_server_port variable should be set in a map with server_port or proxy_protocol_server_port if proxy protocol is enabled) |
Thanks for your fast response @aledbf Do you mean something like this:
or maybe a more direct way like this:
Currently, I don't see a reason for a map but I'm also not used to write Nginx configurations. So I can update my fork, test it and create a PR. |
Yes, that is a trivial change. Please open a PR with such a change. |
NGINX Ingress controller version: 0.27.1 and master
Kubernetes version: 1.17.1
Environment:
What happened:
The port is inconsistent in the provided http headers (443 vs 8443):
What you expected to happen:
The
X-Forwareded-Host
andX-Forwareded-Port
should have the same port, which should be the frontend port on the loadbalancer, which is also passed by the proxy protocol:How to reproduce it:
nginx-configuration
ConfigMap:real-ip-header: proxy_protocol
,use-proxy-protocol: "true"
nc -l -p 8080
running, kuard or in our case kubenurseX-Forwarded-Host
andX-Forwarded-Port
headersAnything else we need to know:
If we edit the
nginx.tmpl
value ofingress-nginx/rootfs/etc/nginx/template/nginx.tmpl
Line 1155 in 12aa726
$proxy_protocol_server_port
, the correct port (according to proxy protocol) is used.And if we disable the proxy protocol, the value of
X-Forwarded-Port
will be the server port.I created a fork and patched it, but I'm not sure about
$pass_server_port
and$pass_port
, which are used by thelua_ingress.lua
script:ingress-nginx/rootfs/etc/nginx/template/nginx.tmpl
Lines 1035 to 1037 in 12aa726
Maybe this mechanism of using the proxy protocol port should be implemented in the lua script, so I'm asking about your opinion which way to go and what exactly is the purpose of this port rewriting in the script.
/kind bug
The text was updated successfully, but these errors were encountered: