sisve
commented
2 years ago This sounds like you're missing the call to UseForwardedHeaders in your Startup file. Your nginx ingress is forwarding information about the original requests using the X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Proto header, but you need to tell .NET to trust those.
Note that the KnownNetworks and KnownProxies are supposed to contain trusted sources. If you add untrusted sources to these list, then those untrusted sources can send any X-Forwarded-* headers and .NET will trust those.
My example below is for .NET Core 3.1.
var forwardedHeadersOptions = new ForwardedHeadersOptions {
ForwardedHeaders = ForwardedHeaders.All,
};
forwardedHeadersOptions.KnownNetworks.Clear(); // Add your trusted networks here.
forwardedHeadersOptions.KnownProxies.Clear(); // Add your trusted proxies here.
app.UseForwardedHeaders(forwardedHeadersOptions);
FTeik
martincostello
github-actions[bot]
With the following setup we are getting a wrong scheme. Our C# WebApi with swagger API documantation is running in a pod behind a NGINX ingress controller. Nginx is doing the https handling using LetsEncrypt and passes the API calls to the WebApi. We also using kubernetes namespaces for the different environments like staging or prod. What we observe is that the generated swagger doc shows the server base url as http (also every rest function call using "try". But the UI is correwectly shown as https. But Nginx forwardes the rest call to the WebApi using htpp. The funny thing is the same setup in staging environment is working correctly. The docker image for the WebApi is the same in staging and prod, Nginx is the same for all environments, the used inresses are differ only in namespace and names. Any idea what can cause this issue? How is Nginx passing the http/https scheme info to the API in case Nginx is using http to communicate with the WebApi?
Hope you can help as we kinda stuck for now :-(
Best regards