Welcome! Log In Create A New Profile

Re: Intended behavior for Host header in Proxy scenario

Forum List Message List New Topic Print View

Jack Henschel

November 23, 2018 10:34AM

On 11/23/18 3:11 PM, Maxim Dounin wrote:
> Hello!
>
> On Fri, Nov 23, 2018 at 09:23:01AM +0100, Jack Henschel wrote:
>
>> Hi Maxim,
>>
>> thanks for the quick confirmation!
>>
>>> The Host header is set to what you wrote in the "proxy_pass"
>>> by default. That is, it will be "backend" with the above
>>> configuration.
>>
>> Wouldn't it make more sense to use the hostname from the
>> particular upstream server?
>> I see two scenarios where this is required:
>>
>> 1. TLS secured upstream servers. TLS verification requires the
>> correct Host header to be set (i.e. "a.example.com" instead of
>> "backend"). Though I know there is the possibility of doing this
>> (additionally) with TLS client certificates.
>>
>> 2. Upstream vhosts. Consider the scenario where multiple domains
>> point to the same IP address, where the requests are split apart
>> based on the Host header (I.e. virtual hosts)
>>
>> What do you think?
>
> All servers listed in an upstream block are expected to be equal,
> and expected to be able to process identical requests. You can
> think of it as multiple A records in DNS, with slightly more
> control on nginx side.
>
Alright, makes sense.

> Moreover, nginx doesn't even know which particular server it will
> use when it creates a request. And the same request can be sent
> to multiple servers, as per proxy_next_upstream.
>
> This does not preclude you from neither using TLS, nor vhosts on
> upstream servers. But you shouldn't expect that names as written
> within server directives in upstream blocks means anything and
> will be used for anything but resolving these names to IP addresses.

Thanks for the clarification!
Would you mind adding this implicit (reasonable) behavior of Nginx to
the documentation?
In particular clarify that when using an upstream block for the
proxy_pass argument, the $proxy_host variable will contain the name of
the host specified on the proxy_pass line and NOT the hostnames of the
servers specified in the upstream block.

The behavior may be totally obvious to you, but it surely wasn't for me. :-)

BTW: Is there a "public" method for contributing to the docs? (Git, etc.)

Regards
Jack
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Reply Quote

RSS

Subject	Author	Posted
Intended behavior for Host header in Proxy scenario	Jack Henschel	November 22, 2018 03:12PM
Re: Intended behavior for Host header in Proxy scenario	Maxim Dounin	November 22, 2018 04:14PM
Re: Intended behavior for Host header in Proxy scenario	Jack Henschel	November 23, 2018 03:24AM
Re: Intended behavior for Host header in Proxy scenario	Maxim Dounin	November 23, 2018 09:12AM
Re: Intended behavior for Host header in Proxy scenario	Jack Henschel	November 23, 2018 10:34AM
Re: Intended behavior for Host header in Proxy scenario	Maxim Dounin	November 23, 2018 12:20PM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 191

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018