warpgate icon indicating copy to clipboard operation
warpgate copied to clipboard
verified publisher icon warp-tech

HTTP target behind Ingress Nginx

Open sanjesss opened this issue 1 year ago • 1 comments

Hello again) I want to add HTTP targeting which is behind the nginx ingress. When adding such a target, I get a 400 error and a response from nginx: 2024/10/01 11:02:27 [info] 9604#9604: *638495 client sent duplicate host header: "host: kafka-ui.local:443", previous value: "host: kafka-ui.local" while reading client request headers, client: 10.0.0.0.7, server: kafka-ui.local, host: "kafka-ui.local", referrer: "https://warpgate.local:9090/@warpgate"

Why is warpgate duplicating headers? That said, if the target does NOT have nginx in front of it, everything works fine.

изображение

Log Warpgate: 11:15:22 DEBUG HTTP:: URI: https://kafka-ui.sbg.eu.homatic/?warpgate-target=kafkaui session=a105a93f-7b38-4104-b6df-2386f823807f session_username=test client_ip=10.0.5.2 target=kafkaui 11:15:22 WARN HTTP:: Request failed method=GET url=https://warpgate.eu.homatic:9090/?warpgate-target=kafkaui status=400 Bad Request client_ip=10.0.5.2 session=a105a93f-7b38-4104-b6df-2386f823807f session_username=test client_ip=10.0.5.2 target=kafkaui

Log Nginx: {"time": "2024-10-01T11:15:34+00:00", "remote_addr": "", "x_forwarded_for": "10.0.5.2, 10.0.0.7", "request_id": "9d92e34ac2e33e54d7dfbedd7d702a5a", "remote_user": "", "bytes_sent": 207, "request_time": 0.000, "status": 400, "vhost": "kafka-ui.local", "request_proto": "HTTP/2.0", "path": "/", "request_query": "warpgate-target=kafkaui", "request_length": 399, "duration": 0.000,"method": "GET", "http_referrer": "", "http_user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0" } │ 2024/10/01 11:15:34 [info] 11190#11190: *790276 client sent duplicate host header: "host: kafka-ui.local", previous value: "host: kafkaui.local" while reading client request headers, client: 10.0.0.7, server: kafka-ui.local, host: "kafka-ui.local"

Warpgate COnf: sso_providers: [] recordings: enable: true path: /var/lib/warpgate/recordings external_host: warpgate.eu.homatic database_url: "sqlite:/var/lib/warpgate/db" ssh: enable: false listen: "0.0.0.0:2222" external_port: ~ keys: /var/lib/warpgate/ssh-keys host_key_verification: prompt inactivity_timeout: 5m http: enable: true listen: "0.0.0.0:9090" external_port: ~ certificate: /etc/warpgate/tls.crt.pem key: /etc/warpgate/tls.key.pem trust_x_forwarded_headers: true session_max_age: 30m cookie_max_age: 1day mysql: enable: false listen: "0.0.0.0:33306" external_port: ~ certificate: /var/lib/warpgate/tls.certificate.pem key: /var/lib/warpgate/tls.key.pem log: retention: 7days send_to: ~ config_provider: database

sanjesss avatar Oct 01 '24 11:10 sanjesss

Hello,

I am probably too late on this but have you tried turning the setting trust_x_forwarded_headers to false ? It might fix the double headers issue.

mjarms avatar Nov 09 '24 10:11 mjarms