Emissary 404's request with host:port in Host Header

[jmeza-xyz]

Describe the bug
Prometheus scrape GET request uses host with port to grab metrics from an endpoint (example-server.com:443/metrics). Emissary does not match the host/authority with port to Mapping with host set to (example-server.com). Same issue as #2276

To Reproduce
Steps to reproduce the behavior:

1. Install Emissary v2.0.0ea with helm
2. Deploy AmbassadorListener, AmbassadorHost, AmbassadorMapping, TLSContext
3. Enable scrape in Prometheus config to host behind Emissary like prometheus-internal.example.com
4. Curl with Host curl https://prometheus-internal.example.com -H'host:prometheus-internal.example.com:443'
5. Emissary responds with 404

> GET / HTTP/1.1
> Host:prometheus-internal.example.com:443
> User-Agent: curl/7.77.0
> Accept: */*
< HTTP/1.1 404 Not Found
< date: Wed, 21 Jul 2021 18:40:55 GMT
< server: envoy

6. Emissary logs confirm

Example scrape from Prometheus:
ACCESS [2021-07-21T18:21:43.936Z] "GET / HTTP/1.1" 404 NR 0 0 0 - "10.11.10.18" "Prometheus/2.25.2" "5d11d9bc-2242-427d-9b57-a032a8beda16" "prometheus-internal.example.com:443" "-"
Example curl:
ACCESS [2021-07-21T19:14:05.737Z] "GET / HTTP/1.1" 404 NR 0 0 0 - "10.11.91.181" "curl/7.77.0" "b94a32ee-d5bd-4940-8e4a-cb3476acd3f5" "prometheus-internal.example.com:443" "-"

Expected behavior
Emissary to route correctly by handling host:port in host/authority header

Versions (please complete the following information):

• Ambassador: v2.0ea
• Kubernetes environment: k3s (1.20.7) , EKS (1.19)
• Version: 2.0.0-dev.383+g00c1c766b

Additional context
Attempted work around mentioned in #2276, none worked except for the Lua script mentioned here. This is fine for testing, but not a solution for multi-cluster deployment.

[sumit-salunke]

Is there any update on it ?

[OmegaVVeapon]

We're stuck on this as well.
As mentioned in the description, the only thing that has worked is the Lua script.
Running emissary:2.3.2.

I'm running Ambassador on debug and the strip_matching_host_port config documented in https://www.getambassador.io/docs/edge-stack/latest/howtos/grpc#mappings-with-hosts doesn't seem to do absolutely anything.

I see the :authority header has the 443 port regardless of whether the config is true or false in the conn_manager_impl request headers.

I imagine that it has to do with the part that says:

This only applies if the port matches the underlying Envoy listener port.

but it's extremely unclear to what this is referring to.

Do you have an example of how to configure that so that the port is actually stripped from the request?

Update: Been checking inside the Ambassador container and I see that this line is most likely referring related to the Listener CRD but can't make it bind on 443 so I'm suspecting that that's the reason the strip_matching_host_port setting isn't doing anything for us...