Description of problem: Router doesn't add X-Forwarded-For header to reencrypt route. Plain http and edge route has it and "options forwardfor" in haproxy.config. Version-Release number of selected component (if applicable): 3.5.5.8 How reproducible: Always Steps to Reproduce: 1. Create http, edge, reencrypt routes 2. Test it, or check haproxy.config 3. Actual results: X-Forwarded-For is missing when route is reencrypt Expected results: X-Forwarded-For is added Additional info:
Origin PR: https://github.com/openshift/origin/pull/14142
Commit pushed to master at https://github.com/openshift/origin https://github.com/openshift/origin/commit/5011cb4e72c34f264bc7099e072849220e5b325c adding X-Forwarded-For header to reencrypt route add X-Forwarded-For header for reencrypt routes, just as it is for edge routes Bug 1449022
verified this bug # oc get route reen2 NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD reen2 reen2-default.0531-9ye.qe.rhcloud.com header-test-secure http reencrypt None [root@host-8-175-82 ~]# curl https://reen2-default.0531-9ye.qe.rhcloud.com -k <pre> user-agent: curl/7.29.0 host: reen2-default.0531-9ye.qe.rhcloud.com accept: */* x-forwarded-host: reen2-default.0531-9ye.qe.rhcloud.com x-forwarded-port: 443 x-forwarded-proto: https forwarded: for=10.8.175.82;host=reen2-default.0531-9ye.qe.rhcloud.com;proto=https x-forwarded-for: 10.8.175.82 </pre>
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2017:1716