apisix-helm-chart icon indicating copy to clipboard operation
apisix-helm-chart copied to clipboard

Published 20 hours ago verified publisher icon apache

$listenPort breaks when containerPort != servicePort

Open acuteaura opened this issue 1 year ago • 0 comments

Some functionality in APISIX relies heavily on the listen apisix.node_listen / $listen_port being the actual serving port.

  • X-Forwarded-Port is set wrong, leading to some applications generating bad redirect URLs.
  • redirect with http_to_https generates redirects with the wrong port.

Currently, the following values are required to get this functionality:

apisix:
  podSecurityContext:
    sysctls:
    - name: net.ipv4.ip_unprivileged_port_start
      value: "80"
  readinessProbe:
    failureThreshold: 6
    initialDelaySeconds: 10
    periodSeconds: 10
    successThreshold: 1
    tcpSocket:
      port: 80
    timeoutSeconds: 1
gateway:
  http:
    containerPort: 80
  tls:
    containerPort: 443

This is a huge caveat to APISIX working as intended, it should either be visibly documented or the defaults should be changed.

acuteaura avatar Nov 16 '23 11:11 acuteaura