rust-rpxy icon indicating copy to clipboard operation
rust-rpxy copied to clipboard

Published 20 hours ago verified publisher icon junkurihara

[Feature] Rewrite Host header

Open axelkar opened this issue 1 year ago • 3 comments

This is useful when reverse proxying another vhosted reverse proxy. Also example.com doesn't work with Host: localhost:8080

axelkar avatar Aug 10 '24 11:08 axelkar

Hi @axelkar

As you mentioned, rpxy does not overwrite HOST value with upstream hostname (like 192.168.xx.x seen from rpxy) by default. (This can be explicitly specified by keep_original_host).

But by setting set_upstream_host, rpxy overwrites HOST value with upstream hostname (like www.yahoo.com specified in location directive). Doesn't this meet the requirement in your environment?

Note: keep_original_host is prior to set_upstream_host if both are specified.

junkurihara avatar Aug 10 '24 11:08 junkurihara

I didn't notice the set_upstream_host option! It fixes the problem for now, but I still think setting a custom Host header will be useful.

axelkar avatar Aug 10 '24 19:08 axelkar

To make it easier to understand how it would work together with TLS upstreams, would it be better to adopt curl's approach to this (manpage quoted below) and have a connect_to setting on the upstream? Then it would hopefully be clearer that the location setting would always control both the SNI and the Host header, while the connect_to could be used to give a hostname/ip address (and possibly port) to actually connect to. WDYT?

(below, host1[:port1] would be taken from location and host2[:port2] from connect_to)

  --connect-to <HOST1:PORT1:HOST2:PORT2>

         For a request to the given HOST1:PORT1 pair, connect to HOST2:PORT2 instead.  This option  is  suitable
         to  direct requests at a specific server, e.g. at a specific cluster node in a cluster of servers. This
         option is only used to establish the network connection. It does NOT affect the hostname/port  that  is
         used  for  TLS/SSL  (e.g.  SNI, certificate verification) or for the application protocols. "HOST1" and
         "PORT1" may be the empty string, meaning "any host/port". "HOST2" and "PORT2" may  also  be  the  empty
         string, meaning "use the request's original host/port".

         A  "host"  specified  to this option is compared as a string, so it needs to match the name used in re‐
         quest URL. It can be either numerical such as "127.0.0.1" or the full host name such as "example.org".

         This option can be used many times to add many connect rules.

         See also --resolve and -H, --header. Added in 7.49.0.

xkr47 avatar Oct 27 '24 13:10 xkr47