-
Notifications
You must be signed in to change notification settings - Fork 4.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
when proxying gRPC, Kong does not set the HTTP2 :authority header #6236
Comments
@gszr do you remember why we added:
This will then not add |
I do not recall, unfortunately. I started looking into this yesterday, but did not finish. By removing the |
Sure. Just as a note Nginx ingress just removed the host: |
Dig deeper into the above commit from @bungle reveals kubernetes/ingress-nginx#3706 (comment). I think it was done intentionally when we developed the gRPC proxy feature as well. Maybe we can add a comment in the template file so to avoid further confusion on this. |
What is the current status of this issue? |
Hi @mflendrich, @dndx and I have looked at it and due to how Nginx handles pseudo-headers, it is not currently possible to modify it from Kong using the APIs we have available. An Nginx patch will be required. We have a task planned to work on this. For the moment being, there are no workarounds. |
Fixed by #6603 |
Summary
When proxying gRPC requests, Kong sets the
Host
header of an outgoing request but not the:authority
header.To me, this is incorrect behavior, because:
per RFC 7540 section 8.1.2.3:
and gRPC requests can be considered "directly generated HTTP/2 requests";
at least some upstream gRPC applications that rely on the
:authority
header to perform host-based request routing fail to route such requests (for example Istio 1.7.0-rc.1 where routing is performed by Envoy)Expected behavior: Kong setting
:authority
on gRPC requests to the upstream servers. Possibly this should extend to all HTTP/2 requests.Steps To Reproduce
Run an nginx with debug logging as a dummy upstream gRPC server:
sudo docker run --rm -it --name nginx -v $PWD/nginx.conf:/etc/nginx/nginx.conf:ro nginx:1.19.2 nginx-debug
nginx.conf:
Run kong 2.1.2 with the following config:
kong.conf
kong.yml
Make a gRPC request to Kong:
Observe in nginx logs (grep for
http2 header:
) that there is no:authority
header but there ishost
):got:
expected but did not get:
Additional Details & Logs
$ kong version
): 2.1.2$ kong start --vv
) n/a<KONG_PREFIX>/logs/error.log
) n/ahttps://docs.konghq.com/latest/admin-api/#retrieve-node-information) n/a
The text was updated successfully, but these errors were encountered: