You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2022/05/09 09:59:21 UTC

[GitHub] [apisix] crazyMonkey1995 opened a new issue, #7011: bug: redirect http to https but port not change

crazyMonkey1995 opened a new issue, #7011:
URL: https://github.com/apache/apisix/issues/7011

   ### Current Behavior
   
   Recently, I upgraded apisix with the latest code, and found that there was an error in converting http to https. When redirecting, I always bring a port 80. It should be caused by this change：https://github.com/apache/apisix/pull/6686/files#r867816800
   
   Maybe `set $var_x_forwarded_port $server_port;` in ngx_tpl.lua conflicts with `local ret_port = tonumber(ctx.var["var_x_forwarded_port"])` in redirect.lua
   
   ### Expected Behavior
   
   port changed from 80 to 443
   
   ### Error Logs
   
   _No response_
   
   ### Steps to Reproduce
   
   add redirect and set http_to_https to true
   
   ### Environment
   
   - APISIX version (run `apisix version`): master
   - Operating system (run `uname -a`): 
   - OpenResty / Nginx version (run `openresty -V` or `nginx -V`):
   - etcd version, if relevant (run `curl http://127.0.0.1:9090/v1/server_info`):
   - APISIX Dashboard version, if relevant:
   - Plugin runner version, for issues related to plugin runners:
   - LuaRocks version, for installation issues (run `luarocks --version`):
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] tokers commented on issue #7011: bug: redirect http to https but port not change

Posted by GitBox <gi...@apache.org>.

tokers commented on issue #7011:
URL: https://github.com/apache/apisix/issues/7011#issuecomment-1121764631

   > as: https://github.com/apache/apisix/pull/6686/files#r868034475
   > 
   > Can we set a default value for this case? If there is no X-Forwarded-Port in clinet reuqest headers, then the redirect plugin use 443 as the default https port?
   
   @tzssangglass What if the client doesn't carry `X-Forwarded-For` header and APISIX listening on non-443 ports for HTTPS (say `9443`)?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] kwanhur commented on issue #7011: bug: redirect http to https but port not change

Posted by GitBox <gi...@apache.org>.

kwanhur commented on issue #7011:
URL: https://github.com/apache/apisix/issues/7011#issuecomment-1122231765

   > That's not so generic. APISIX should have a generic solution. Such as using the HTTPS port (we can know it from `config.yaml` even if XFF header missing.
   
   It means place one initial variable in `config.yaml` and then fetch the custom value from XFF?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] tokers commented on issue #7011: bug: redirect http to https but port not change

Posted by GitBox <gi...@apache.org>.

tokers commented on issue #7011:
URL: https://github.com/apache/apisix/issues/7011#issuecomment-1122133157

   That's not so generic. APISIX should have a generic solution. Such as we can prepare the HTTPS port through the `config.yaml`.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] kwanhur commented on issue #7011: bug: redirect http to https but port not change

Posted by GitBox <gi...@apache.org>.

kwanhur commented on issue #7011:
URL: https://github.com/apache/apisix/issues/7011#issuecomment-1121039128

   Yep, it's a big problem :-(


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] tzssangglass commented on issue #7011: bug: redirect http to https but port not change

Posted by GitBox <gi...@apache.org>.

tzssangglass commented on issue #7011:
URL: https://github.com/apache/apisix/issues/7011#issuecomment-1121796608

   > What if the client doesn't carry `X-Forwarded-For` header and APISIX listening on non-443 ports for HTTPS (say `9443`)?
   
   In this case the user needs to make the request headers carry `X-Forwarded-Port`, which is also in line with the docs that describes:
   
   When enabling `http_to_https`, the port in the redirect URL will be the value of header `X-Forwarded-Port` or the port of the server.
   
   Just an idea.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] kwanhur commented on issue #7011: bug: redirect http to https but port not change

Posted by GitBox <gi...@apache.org>.

kwanhur commented on issue #7011:
URL: https://github.com/apache/apisix/issues/7011#issuecomment-1123204968

   If the https redirect port from config.yaml, seems update it has to restart apisix manually? like changing 443 to 8443.
   
   Why not from plugin's attribute? It can be updated automatically.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] tzssangglass commented on issue #7011: bug: redirect http to https but port not change

Posted by GitBox <gi...@apache.org>.

tzssangglass commented on issue #7011:
URL: https://github.com/apache/apisix/issues/7011#issuecomment-1122160849

   > we can know it from `config.yaml` even if XFF header missin
   
   I agree with this way


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] tokers commented on issue #7011: bug: redirect http to https but port not change

Posted by GitBox <gi...@apache.org>.

tokers commented on issue #7011:
URL: https://github.com/apache/apisix/issues/7011#issuecomment-1123064644

   > > That's not so generic. APISIX should have a generic solution. Such as using the HTTPS port (we can know it from `config.yaml` even if XFF header missing.
   > 
   > It means place one initial variable in `config.yaml` and then fetch the custom value from XFF?
   
   Yes. But we can have a custom logic that just get the HTTPS port from the `config.yaml`.
   
   ```
   if X-Forwarded-Port exists then
       using X-Forwarded-Port
   else
       using HTTPS port from config.yaml
   end
   ```


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] jwrookie commented on issue #7011: bug: redirect http to https but port not change

Posted by GitBox <gi...@apache.org>.

jwrookie commented on issue #7011:
URL: https://github.com/apache/apisix/issues/7011#issuecomment-1129527674

   After discussion, we adopted the following solution
   
   When enabling `http_to_https`, the ports in the redirect URL will pick a value in the following order (in descending order of priority)
     * Read `plugin_attr.redirect.https_port` from the configuration file (`conf/config.yaml`).
     * If `apisix.ssl` is enabled, read `apisix.ssl.listen_port` first, and if it does not exist, read `apisix.ssl.listen` and select a port randomly from it.
     * Use 443 as the default https port.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] tzssangglass commented on issue #7011: bug: redirect http to https but port not change

Posted by GitBox <gi...@apache.org>.

tzssangglass commented on issue #7011:
URL: https://github.com/apache/apisix/issues/7011#issuecomment-1121128593

   as: https://github.com/apache/apisix/pull/6686/files#r868034475
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] spacewander closed issue #7011: bug: redirect http to https but port not change

Posted by GitBox <gi...@apache.org>.

spacewander closed issue #7011: bug: redirect http to https but port not change
URL: https://github.com/apache/apisix/issues/7011


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org