request help: why the location in response header that returned by APISIX has the 9443 port?

[shuoshadow]

Issue description

apisix前使用slb 443端口转发到apisix的9443端口 apisix 代理https请求后 携带了9443端口导致无法重定向

是因为header的原因吗？我配置了apisixroute的proxy-rewrite插件也不行

    - name: proxy-rewrite
      enable: true
      config:
        headers:
          "Host": $host

Environment

• your apisix-ingress-controller version (output of apisix-ingress-controller version --long);
• your Kubernetes cluster version (output of kubectl version);
• if you run apisix-ingress-controller in Bare-metal environment, also show your OS version (uname -a).

[tokers]

@shuoshadow Which action results in this redirect? Is this a behavior of APISIX itself or its backend?

[tao12345666333]

Can you provide more detailed information?

[wangyp0701]

I have encountered a similar situation kubernetes svc Access normal

apisixroute

[tokers]

This is an already known problem, see https://github.com/apache/apisix/pull/6686.

[wangyp0701]

https://github.com/apache/apisix/issues/6286#issuecomment-1040016759 This is not the best way

[Horus-K]

https://github.com/apache/apisix/issues/6945 proxy-rewrite cannot modify X-Forwarded-Port same problem as mine

[Horus-K]

@shuoshadow Temporary workaround: Change the apisix port to 80 443

[tokers]

Or should apache apisix handle the port in redirect url by using the X-Forwarded-Port?

[tzssangglass]

Or should apache apisix handle the port in redirect url by using the X-Forwarded-Port?

+1.

ref: #6945

[snksos]

https://apisix.apache.org/docs/apisix/plugins/redirect#example-usage

set apisix config.yaml

... ssl: enable: true enable_http2: true listen_port: 443 ...

will redirect 443 port

[vvavepacket]

Was this fixed on recent releases? Whats the recommended way going forward for this issue?

[tokers]

Was this fixed on recent releases? Whats the recommended way going forward for this issue?

What's your version? Recent releases will check the X-Forwarded-Port header, so the redirect will be correct.

[fbossiere]

I am using the last available version of the apisix helm chart with default option. When i try to access the keycloak admin console, APISIX redirects me as follows: https://keycloak.mydomain.com:9443/admin/

Can you please give us the way to fix this please ?

[tokers]

@fbossiere Without a context, I didn't know if this is an issue or a normal scene.

[fbossiere]

The context is very simple.

1- You deploy apisix ingress controller on any 1.2x k8s cluster using the official documentation with default values yaml, then 2- you helm install keycloak with default values.yaml, together with 3- a standard apisix route + certificate

Then you notice that this weird redirection occurs when you try to access the admin console of keycloak.

Something is clearly going wrong with the X-forwarded-port but nothing in apisix-ingress-controller documentation tells us how to fix.

This problem doesn't occur with nginx ingress controller, nor traefik. It basically has been preventing our company to use apisix until now.

Le lun. 6 févr. 2023, 03:19, Alex Zhang @.***> a écrit :

@fbossiere https://github.com/fbossiere Without a context, I didn't know if this is an issue or a normal scene.

— Reply to this email directly, view it on GitHub https://github.com/apache/apisix/issues/6954#issuecomment-1418400843, or unsubscribe https://github.com/notifications/unsubscribe-auth/AEG6MNEZPOHP7OX2DHN6CSTWWBNRRANCNFSM5UQ3JGZA . You are receiving this because you were mentioned.Message ID: @.***>

[tokers]

a quick fix for this is setting the HTTPS port to 443 via the field: https://github.com/apache/apisix-helm-chart/blob/master/charts/apisix/values.yaml#L192.

[tokers]

@fbossiere If this is OK for you, would you like to submit a PR to mention it in the docs?

[github-actions[bot]]

Due to lack of the reporter's response this issue has been labeled with "no response". It will be close in 3 days if no further activity occurs. If this issue is still relevant, please simply write any comment. Even if closed, you can still revive the issue at any time or discuss it on the dev@apisix.apache.org list. Thank you for your contributions.

[github-actions[bot]]

This issue has been closed due to lack of activity. If you think that is incorrect, or the issue requires additional review, you can revive the issue at any time.