Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support default client proxy headers to be overwritten in VirtualServer #2735

Merged
merged 2 commits into from
Nov 4, 2022
Merged

Support default client proxy headers to be overwritten in VirtualServer #2735

merged 2 commits into from
Nov 4, 2022
+69 −5

Conversation

centromere
Copy link
Contributor

Proposed changes

When using the VirtualServer CRD, it is not possible to override the default values of the following headers:

  • X-Real-IP
  • X-Forwarded-For
  • X-Forwarded-Host
  • X-Forwarded-Port
  • X-Forwarded-Proto

For example:

  - action:
      proxy:
        requestHeaders:
          set:
            - name: X-Forwarded-For
              value: ${http_cf_connecting_ip}
            - name: X-Forwarded-Proto
              value: ${scheme}-foo

Will result in the following:

        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Port $server_port;
        proxy_set_header X-Forwarded-Proto $scheme;

        proxy_set_header X-Forwarded-For "${http_cf_connecting_ip}";

        proxy_set_header X-Forwarded-Proto "${scheme}-foo";

This causes the headers to be sent upstream twice: once with the default value and once with the overwritten value. This change prevents this behavior from happening.

Checklist

Before creating a PR, run through this checklist and mark each as complete.

  • I have read the CONTRIBUTING doc
  • I have added tests that prove my fix is effective or that my feature works
  • I have checked that all unit tests pass after adding my changes
  • I have updated necessary documentation
  • I have rebased my branch onto main
  • I will ensure my PR is targeting the main branch and pulling from my branch from my own fork

@codecov-commenter
Copy link

codecov-commenter commented Jun 30, 2022
edited
Loading

Codecov Report

Merging #2735 (d593c2a) into main (f70cf54) will increase coverage by 0.04%.
The diff coverage is 72.72%.

@@            Coverage Diff             @@
##             main    #2735      +/-   ##
==========================================
+ Coverage   52.52%   52.57%   +0.04%     
==========================================
  Files          58       59       +1     
  Lines       16070    16080      +10     
==========================================
+ Hits         8441     8454      +13     
+ Misses       7351     7349       -2     
+ Partials      278      277       -1
Impacted Files Coverage Δ
internal/configs/version2/template_helper.go 70.00% <70.00%> (ø)
internal/configs/version2/template_executor.go 60.46% <100.00%> (ø)
internal/k8s/configuration.go 95.76% <0.00%> (+0.36%) ⬆️
...ternal/k8s/appprotect/app_protect_configuration.go 86.74% <0.00%> (+0.57%) ⬆️

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

@centromere centromere force-pushed the set-header-overrides branch 2 times, most recently from 82e7749 to 824b027 Compare August 8, 2022 16:43
@centromere
Copy link
Contributor Author

Is someone available to review this PR?

@lucacome lucacome requested review from a team and jjngx August 30, 2022 21:30
@lucacome lucacome added the enhancement Pull requests for new features/feature enhancements label Aug 30, 2022
@github-actions github-actions bot removed the enhancement Pull requests for new features/feature enhancements label Nov 3, 2022
@brianehlert brianehlert changed the title Allow default gRPC/proxy headers to be overwritten in VirtualServer Support default client proxy headers to be overwritten in VirtualServer Nov 3, 2022
@brianehlert brianehlert linked an issue Nov 3, 2022 that may be closed by this pull request
Support over-ride of default client proxy headers #3219
Closed
@github-actions github-actions bot added documentation Pull requests/issues for documentation tests Pull requests that update tests labels Nov 3, 2022
@github-actions github-actions bot removed documentation Pull requests/issues for documentation tests Pull requests that update tests labels Nov 3, 2022
@shaun-nx shaun-nx merged commit 8ba2134 into nginxinc:main Nov 4, 2022
@tomasohaodha
Copy link
Contributor

@centromere Many thanks for your PR on this one. Approved and merged.

coolbry95 pushed a commit to coolbry95/kubernetes-ingress that referenced this pull request Nov 18, 2022
@centromere @shaun-nx @coolbry95
Support default client proxy headers to be overwritten in VirtualServ…
ff8081f 
…er (nginxinc#2735)

Allow default gRPC/proxy headers to be overwritten in VirtualServer

Co-authored-by: Alex Wied <centromere@users.noreply.github.com>
Co-authored-by: Shaun <s.odonovan@f5.com>
@lucacome lucacome added the enhancement Pull requests for new features/feature enhancements label Jan 11, 2023
@centromere centromere deleted the set-header-overrides branch January 12, 2023 20:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vepatel vepatel vepatel approved these changes

@shaun-nx shaun-nx shaun-nx approved these changes

@lucacome lucacome Awaiting requested review from lucacome

@ciarams87 ciarams87 Awaiting requested review from ciarams87

@jjngx jjngx Awaiting requested review from jjngx jjngx is a code owner automatically assigned from nginxinc/kic

Assignees

@shaun-nx shaun-nx

Labels
enhancement Pull requests for new features/feature enhancements
Projects
NGINX Ingress Controller
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Support over-ride of default client proxy headers
6 participants
@centromere @codecov-commenter @tomasohaodha @vepatel @shaun-nx @lucacome