Setting X-Forwarded-Proto header using Request Transformer Plugin
1,462 views
Skip to first unread message
data...@gmail.com
Sep 29, 2016, 9:56:43 AM9/29/16
to Kong
Hi,
I've been trying to figure this out, but need some help.
Kong by default sends an "X-Forwarded-Proto $scheme" header.
Currently I'm overwriting this header to force https (HAProxy does the SSL offloading and forwards in HTTP to Kong) by setting it to:
proxy_set_header X-Forwarded-Proto https;
Now I'd prefer to remove this custom line from the custom_nginx.template and use the Request Transformer Plugin.
I've set up a proxy to httpbin to check the incoming headers:
$ curl https://url/test/get?show_env=1
{
"args": {
"show_env": "1"
},
"headers": {
"Accept": "*/*",
"Host": "url",
"Runscope-Service": "httpbin",
"User-Agent": "curl/7.47.0",
"X-Forwarded-For": "xxx.xxx.xxx.xxx, xxx.xxx.xxx.xxx, xxx.xxx.xxx.xxx",
"X-Forwarded-Prefix": "/test",
"X-Forwarded-Proto": "http",
"X-Forwarded-Test": "test",
"X-Real-Ip": "xxx.xxx.xxx.xxx"
},
"origin": "xxx.xxx.xxx.xxx, xxx.xxx.xxx.xxx, xxx.xxx.xxx.xxx",
"url": "https://url/get?show_env=1"
}
When I do any of the add / append / replace / delete methods I don't see any changes.
Does anyone know what I'm missing?
Thanks,
Stephan
I've been trying to figure this out, but need some help.
Kong by default sends an "X-Forwarded-Proto $scheme" header.
Currently I'm overwriting this header to force https (HAProxy does the SSL offloading and forwards in HTTP to Kong) by setting it to:
proxy_set_header X-Forwarded-Proto https;
Now I'd prefer to remove this custom line from the custom_nginx.template and use the Request Transformer Plugin.
I've set up a proxy to httpbin to check the incoming headers:
$ curl https://url/test/get?show_env=1
{
"args": {
"show_env": "1"
},
"headers": {
"Accept": "*/*",
"Host": "url",
"Runscope-Service": "httpbin",
"User-Agent": "curl/7.47.0",
"X-Forwarded-For": "xxx.xxx.xxx.xxx, xxx.xxx.xxx.xxx, xxx.xxx.xxx.xxx",
"X-Forwarded-Prefix": "/test",
"X-Forwarded-Proto": "http",
"X-Forwarded-Test": "test",
"X-Real-Ip": "xxx.xxx.xxx.xxx"
},
"origin": "xxx.xxx.xxx.xxx, xxx.xxx.xxx.xxx, xxx.xxx.xxx.xxx",
"url": "https://url/get?show_env=1"
}
When I do any of the add / append / replace / delete methods I don't see any changes.
Does anyone know what I'm missing?
Thanks,
Stephan
Thibault Charbonnier
Sep 29, 2016, 10:16:08 AM9/29/16
to kong...@googlegroups.com
Most probably (almost certain) ngx_http_proxy_module's
'proxy_set_header' gets executed after the request-transformer
plugin - which is implemented to run in the 'access' phase. As such,
if you leave the 'proxy_set_header X-Forwarded-Proto $scheme;'
directive, I believe it will simply set that value back to 'http'
indeed.
A solution could be to do this from the Lua land in the 'access' phase: 'ngx.var.scheme = "https"' (not tested but worth a try).
Although not supported by the request-transformer plugin.
-- Thibault
A solution could be to do this from the Lua land in the 'access' phase: 'ngx.var.scheme = "https"' (not tested but worth a try).
Although not supported by the request-transformer plugin.
-- Thibault
--
You received this message because you are subscribed to the Google Groups "Kong" group.
To unsubscribe from this group and stop receiving emails from it, send an email to konglayer+...@googlegroups.com.
To post to this group, send email to kong...@googlegroups.com.
Visit this group at https://groups.google.com/group/konglayer.
To view this discussion on the web visit https://groups.google.com/d/msgid/konglayer/eaf1bf50-22d0-4303-b325-1a7ecc73745d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Martin Danielsson
Nov 15, 2016, 3:29:34 AM11/15/16
to Kong
This also just bites me. Is there a chance to get "https" into that header, or make Kong NOT change it, in case it's already present (which is the case if you have SSL-terminated in front of Kong)? Is this exposed via env vars in Kong 0.9.x?
Best regards,
Martin
Reply all
Reply to author
Forward
0 new messages