How do we get X-Forwarded-Port to either not be set or use the client requested port?

We are using Kong on GKE behind a GCP Load Balancer. Kong is currently setting X-Forwarded-For to 8443, which causes issues with some of our applications that forward based on this port. We would expect this port to be the original requested port of 443.

Is the GCP Load balancer injecting a header? If so, Kong will respect that and not add it’s own.

It’s a L4 load balancer, not L7, so it’s not adding any of these. Kong is adding the header, and setting it to port 8443.

In that case, the only way to solve it is to run Kong with some privileges and make it listen on port 443.

Why isn’t this the default way to handle this in the helm chart? I tried to make it work, but realized we would also need a custom docker image as setcap needs to be run from what I can tell.

I’m not sure why kong would not function properly out of the box. Lots of other people have this issue as well.

You could try giving the permission to the pod and that might work:

We are going to add a kong.conf option to override X-Forwarded-Port.