Bug 1248439 - Routing SPI for Nginx doesn't preserve host in http request's headers
Summary: Routing SPI for Nginx doesn't preserve host in http request's headers
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Networking
Version: 2.2.0
Hardware: Unspecified
OS: Unspecified
medium
high
Target Milestone: ---
: ---
Assignee: Timothy Williams
QA Contact: Johnny Liu
URL:
Whiteboard:
Depends On:
Blocks: 1273542
TreeView+ depends on / blocked
 
Reported: 2015-07-30 09:59 UTC by Jaspreet Kaur
Modified: 2022-08-04 22:20 UTC (History)
7 users (show)

Fixed In Version: rubygem-openshift-origin-routing-daemon-0.26.4.1-1.el6op
Doc Type: Bug Fix
Doc Text:
The Nginx load balancer previously passed on the host name configured when balancing requests. This configured host name is the name of the pool in the configuration, which does not resolve to anything in DNS. Anything that uses the host header on the request may fail to resolve the proper host. This bug fix ensures that Nginx passes the gear's correct host name in the host header, and as a result any application that utilizes the value of the host header in a request can now resolve the application host name properly.
Clone Of:
Environment:
Last Closed: 2015-12-17 17:10:31 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:2666 0 normal SHIPPED_LIVE Important: Red Hat OpenShift Enterprise 2.2.8 security, bug fix, and enhancement update 2015-12-17 22:07:54 UTC

Comment 3 Timothy Williams 2015-10-14 15:52:14 UTC 
Should be resolved with https://github.com/openshift/origin-server/pull/6267
Comment 5 openshift-github-bot 2015-10-14 16:55:34 UTC 
Commit pushed to master at https://github.com/openshift/origin-server

https://github.com/openshift/origin-server/commit/f3ffa5dc9483a8faf9177f2c1a16aa0207fd56c8
Set the Host header appropriately in Nginx alias configuration

Bug 1248439
https://bugzilla.redhat.com/show_bug.cgi?id=1248439

When using nginx as a routing-daemon, the host header should be set to the host provided by the request to the nginx load balancer. Otherwise, the pool_xxx host may be passed as the host header.
Comment 11 Anping Li 2015-11-24 11:28:29 UTC 
The host can be preserve after added the line 'proxy_set_header Host $host'. 
It is better to add it in the ssl server too.

server {
  listen 80;
  server_name www.sjboss.com.cn;
  location / {
    proxy_pass http://pool_ose_sjboss_anlidom_80;
    proxy_set_header Host $host;

  }
}

server {
  listen 443 ssl;
  #ssl_certificate_template
  #ssl_certificate_key_template
  server_name www.sjboss.com.cn;
  location / {
    proxy_pass http://pool_ose_sjboss_anlidom_80;

  }
}
Comment 12 openshift-github-bot 2015-11-24 16:24:42 UTC 
Commit pushed to master at https://github.com/openshift/origin-server

https://github.com/openshift/origin-server/commit/5929867612b46dcc21be843df7407b2fe0e5df55
Set the Host header appropriately in Nginx alias SSL configuration

Bug 1248439
https://bugzilla.redhat.com/show_bug.cgi?id=1248439

The nginx host header was added to the regular alias configuration for nginx, but should also be added to the ssl alias configuration
Comment 15 Anping Li 2015-11-26 01:52:06 UTC 
The fix works well, so move bug to Verified

server {
  listen 80;
  server_name www.sjboss1.com.cn.cc;
  location / {
    proxy_pass http://pool_ose_sjboss1_anlidom_80;
    proxy_set_header Host $host;
    
  }
}

server {
  listen 443 ssl;
  #ssl_certificate_template
  #ssl_certificate_key_template
  server_name www.sjboss1.com.cn.cc;
  location / {
    proxy_pass http://pool_ose_sjboss1_anlidom_80;
    proxy_set_header Host $host;
    
  }
}
Comment 18 errata-xmlrpc 2015-12-17 17:10:31 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-2666.html
Note You need to log in before you can comment on or make changes to this bug.