X-Forwarded-Port and load-balancing

In our setup, a load-balancer distributes traffic to kong containers. That’s an OSI layer 4 load-balancer, so the clients connect to the load-balancer IP on port 443, and the traffic is NATed to each kong instance on a different IP and port (8400, 8401, 8402, …).

Since kong 0.11, the X-Forwarded-Port header has been added, and it uses kong’s port. In our case 8400, 8401 and so on. We actually didn’t know that until a new API was exposed through kong that uses the X-Forwarded-Port to build the data it sends back to the client (the SpringFoxSwagger library from SpringBoot that builds the swagger data for you). The result is that the client (Swagger UI) tries to connect to kong on port 8400… which is not reachable as all connections should go through the load-balancer.

We could use the trusted_ip setting, but that is not what we want: the X-Forwarded-* headers should be set. I think what we need is a way to force X-Forwarded-Port to 443 instead of using the docker’s port.

Any thought on that one? If a setting to force the X-Forwarded-Port is the solution, we can code that and contribute it.

As part of Match route 'host' inclusive of port by james-callahan · Pull Request #3461 · Kong/kong · GitHub I’ve left the open question of if “X-Forwarded-Port” should be removed entirely. I wonder what scenarios there are where people rely on it.

Back from holydays… hence the late answer.

I guess people use this feature in order to emulate AWS loadbalancing with Kong, but I havn’t used it myself, only quickly read about it while troubleshooting this issue. The “official” doc on this header from AWS is rather thin (or I didn’t find it).

A colleague of mine wrote a patch to force the X-Forwarded-Port value from the conf… it can be cleaned up and contriubted if that’s of any interest.

Is there any progress on this issue? I have same issue when use kong with docker. And my usecase is swagger(springfox), the webpage needs to send http request to the original port instead of kong listening port. Thanks