Unable to override X-forwarded-Port header

Hi,
I am running rancher in kubernetes with ingress-controller.
I have an application (rancher2) that refuses to work without X-forwarded-port header set to 443. Cloudflare doesn’t set the header so Kong sets it to it’s containerPort: 8443.

I could not find a way to override this in rancher 2 options. Will ask there too if there is a way to override it.

I tried using the request-transformer plugin to set these headers without luck.

apiVersion: configuration.konghq.com/v1
config:
  remove:
    headers:
    - X-Forwarded-Port
  add:
    headers:
    - 'X-Forwarded-Port: 443'
kind: KongPlugin
metadata:
  name: xf-port-443
  namespace: rancher
plugin: request-transformer

or

apiVersion: configuration.konghq.com/v1
config:
  replace:
    headers:
    - 'X-Forwarded-Port: 443'
kind: KongPlugin
metadata:
  name: xf-port-443
  namespace: rancher
plugin: request-transformer

I still see the header set to 8443.

Shouldn’t this work? Thanks

Just to ensure the obvious, are you associating the plugin with an Ingress or Service resource?

The issue is that the header is being set by nginx after Kong’s logic finishes running. If you look at Kong’s nginx template (this is the test one I think, but the point stands) you see that the X-Forwarded-* headers are set at the nginx route later. If you supply a custom nginx template to Kong, you can comment out that line, after which the transformer plugin should work.

Hi,
thanks for your answers.

@hbagdi
I associated it with the Ingress yes.

@tyree731
That is bad cause I cannot apply that with my helm. Shouldn’t be there a way to do that?

Is this a bug or expected behavior?

I’m not familiar with setting up Kong through Kubernetes, as I’ve mostly used it in a bare metal setting, so someone with experience will have to comment on how to workaround that when used in that environment.

Shooting in the dark here, but assuming you’re using community edition, if you look inside the Kong dockerfile (linked the RHEL one, but the others are similar), you could build the docker image for use within Kubernetes, copy in a custom nginx template, then supply it to kong prepare (following there instructions) in order to generate the nginx.conf sans the X-Forwarded-* headers being set for you. I haven’t tested this since I don’t use Docker with Kong, but it seems like it should work.

Thanks. For now I keep the nginx instance i hacked between kong and rancher to override the header.


© 2019 Kong Inc.    Terms  •  Privacy  •  FAQ