Use apisix， must use the domain name followed by the path to access, otherwise you will lose the port

[283713406]

Issue description

apisixroute配置如下：

apisix-gateway服务使用nodeport类型

问题： 使用https://krmp-manage.kylincloud.com:30234访问会直接变成https://krmp-manage.kylincloud.com/users/login。端口丢失 当使用https://krmp-manage.kylincloud.com:30234/users/login这种方式访问时却可以

请问这是什么原因造成的？

Environment

Environment your apisix-ingress-controller version (output of apisix-ingress-controller version --long): apisix-ingress-controller version 1.4.0-b7dd90a-go1.16

your Kubernetes cluster version (output of kubectl version): Client Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.1", GitCommit:"206bcadf021e76c27513500ca24182692aabd17e", GitTreeState:"clean", BuildDate:"2020-09-09T11:26:42Z", GoVersion:"go1.15", Compiler:"gc", Platform:"linux/arm64"} Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.1", GitCommit:"206bcadf021e76c27513500ca24182692aabd17e", GitTreeState:"clean", BuildDate:"2020-09-09T11:18:22Z", GoVersion:"go1.15", Compiler:"gc", Platform:"linux/arm64"}

if you run apisix-ingress-controller in Bare-metal environment, also show your OS version (uname -a):

Linux master1 4.19.90-17.ky10.aarch64 misc: some basic goals https://github.com/apache/apisix-ingress-controller/issues/1 SMP Sun Jun 28 14:27:40 CST 2020 aarch64 aarch64 aarch64 GNU/Linux

[283713406]

@tao12345666333

[tao12345666333]

I'm guessing your web app checks the current login status and redirects, right?

[tokers]

@283713406 Hi, could you send a request to the first URL via cURL and paste the response headers and body here?

[283713406]

@tao12345666333 Yes, will it make any difference? How to solve it? thank you

[283713406]

@tokers curl -k -v https://krmp-manage.kylincloud.com:30234/

*   Trying 172.20.144.234:30234...
* TCP_NODELAY set
* Connected to krmp-manage.kylincloud.com (172.20.144.234) port 30234 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: O=kylinsoft; CN=kylinos.cn
*  start date: Jun 13 21:21:39 2022 GMT
*  expire date: Jun  5 21:21:39 2052 GMT
*  issuer: CN=kylinos.cn
*  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0xaaabc785a4d0)
> GET / HTTP/2
> Host: krmp-manage.kylincloud.com:30234
> User-Agent: curl/7.66.0
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
< HTTP/2 302
< content-type: text/html; charset=utf-8
< location: https://krmp-manage.kylincloud.com/users/login
< cache-control: no-cache
* Added cookie _session_id="9291b342e781a4a7eeefaddeaa0b0475" for domain krmp-manage.kylincloud.com, path /, expire 0
< set-cookie: _session_id=9291b342e781a4a7eeefaddeaa0b0475; path=/; HttpOnly; secure; SameSite=Lax
< x-request-id: 486170f1-17c6-4cc3-96d1-fdd37b362175
< x-runtime: 0.084065
< strict-transport-security: max-age=0; includeSubdomains
< x-frame-options: sameorigin
< x-content-type-options: nosniff
< x-xss-protection: 1; mode=block
< x-download-options: noopen
< x-permitted-cross-domain-policies: none
< content-security-policy: default-src 'self'; child-src 'self'; connect-src 'self' ws: wss:; img-src 'self' data:; script-src 'unsafe-eval' 'unsafe-inline' 'self'; style-src 'unsafe-inline' 'self'
< vary: Origin
< server: APISIX/2.10.4
<
* Connection #0 to host krmp-manage.kylincloud.com left intact
<html><body>You are being <a href="https://krmp-manage.kylincloud.com/users/login">redirected</a>.</body></html>

curl -k -v https://krmp-manage.kylincloud.com:30234/users/login

* Trying 172.20.144.234:30234...

TCP_NODELAY set
Connected to krmp-manage.kylincloud.com (172.20.144.234) port 30234 (#0)
ALPN, offering h2
ALPN, offering http/1.1
successfully set certificate verify locations:
CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
TLSv1.3 (OUT), TLS handshake, Client hello (1):
TLSv1.3 (IN), TLS handshake, Server hello (2):
TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
TLSv1.3 (IN), TLS handshake, Certificate (11):
TLSv1.3 (IN), TLS handshake, CERT verify (15):
TLSv1.3 (IN), TLS handshake, Finished (20):
TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
TLSv1.3 (OUT), TLS handshake, Finished (20):
SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
ALPN, server accepted to use h2
Server certificate:
subject: O=kylinsoft; CN=kylinos.cn
start date: Jun 13 21:21:39 2022 GMT
expire date: Jun 5 21:21:39 2052 GMT
issuer: CN=kylinos.cn
SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
Using HTTP2, server supports multi-use
Connection state changed (HTTP/2 confirmed)
Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
Using Stream ID: 1 (easy handle 0xaaaca645a4d0)
GET /users/login HTTP/2
Host: krmp-manage.kylincloud.com:30234
User-Agent: curl/7.66.0
Accept: /

TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):

TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):

old SSL session ID is stale, removing

Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
< HTTP/2 200
< content-type: text/html; charset=utf-8
< etag: W/"5fe0121cde83b811a5b2570235626094"
< cache-control: max-age=0, private, must-revalidate

Added cookie _session_id="bda8176911d0a14e8708143f4915e15b" for domain krmp-manage.kylincloud.com, path /, expire 0
< set-cookie: _session_id=bda8176911d0a14e8708143f4915e15b; path=/; HttpOnly; secure; SameSite=Lax
< x-request-id: d33a7c6d-dc0c-4765-8430-4669406e0a88
< x-runtime: 0.083146
< strict-transport-security: max-age=0; includeSubdomains
< x-frame-options: sameorigin
< x-content-type-options: nosniff
< x-xss-protection: 1; mode=block
< x-download-options: noopen
< x-permitted-cross-domain-policies: none
< content-security-policy: default-src 'self'; child-src 'self'; connect-src 'self' ws: wss:; img-src 'self' data:; script-src 'unsafe-eval' 'unsafe-inline' 'self'; style-src 'unsafe-inline' 'self'
< vary: Origin
< server: APISIX/2.10.4
<

Connection #0 to host krmp-manage.kylincloud.com left intact

[tokers]

If you just use NodePort to expose APISIX, I think there is no X-Forwarded-Port header (carry the node port) when the request reach APISIX so Apache APISIX cannot pass this header to the backend and hence your backend cannot use the correct port.

[283713406]

@tokers Can I use plugins to solve this problem？

[github-actions[bot]]

This issue has been marked as stale due to 90 days of inactivity. It will be closed in 30 days if no further activity occurs. If this issue is still relevant, please simply write any comment. Even if closed, you can still revive the issue at any time or discuss it on the [email protected] list. Thank you for your contributions.

[github-actions[bot]]

This issue has been closed due to lack of activity. If you think that is incorrect, or the issue requires additional review, you can revive the issue at any time.