Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How should you forward the value of HTTP port when proxying?

Tags:

nginx

proxy

So, I have an nginx doing reverse proxying to a rails server. The rails server has an oauth login, and the lib that does it builds the callback URL using 'X-Forwarded-Host'. The issue is that when nginx is listening on a port other than 80 the callback URL is not being properly formatted. Looking at the configuration I realized this is because it builds the URL from 'X-Forwarded-Host', and the config I used did not include the port in it. I have modified my configuration to the following to make this work:

server {
  listen 8081;
  server_name app;

  location / {
    proxy_pass http://app;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-Host $host:8081;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_redirect off;
  }
}

My question is, what is 'X-Forwarded-Host' actually defined as? Nginx treats 'Http-Host' as the host + port, but I've found around the net that sometimes X-Forwarded-Host is treated as the host only, and there seems to be a variable called 'X-Forwarded-Port' that is sometimes used but I couldn't find anything in the nginx docs about it except that there is a variable available to print in the logs called 'proxy-port', but this is the port being forwarded to, rather than the port it accepted the connection on (which for me is nothing, because I'm using a unix socket). What's the proper solution? Nginx does not allow me to a X-Forwarded-Port header manually, and I'm not even sure that I should. Looking around the net, it appears that other http servers treat this variably differently, for example:

  • https://github.com/nodejitsu/node-http-proxy/issues/341
  • http://mattrobenolt.com/handle-x-forwarded-port-header-in-django/

Some related links:

  • Someone asserts the definition of Http-Host:
    http://ask.wireshark.org/questions/22988/http-host-header-with-and-without-port-number

  • Someone saying there's no standards for these headers:
    What is a full specification of X-Forwarded-Proto HTTP header?

  • An unanswered, related stack overflow:
    https://serverfault.com/questions/536576/nginx-how-do-i-forward-a-http-request-to-another-port

like image 840
Erich Avatar asked Jan 17 '14 20:01

Erich


2 Answers

My question is, what is 'X-Forwarded-Host' actually defined as?

It's not defined, which is why things are so inconsistent. I've seen the port specified separately and as part of the host. For what it's worth, specifying it with the host seems common.

like image 154
Daniel Flower Avatar answered Jan 02 '23 10:01

Daniel Flower


I just had a similar question. I think a common way is to specify the port in X-Forwarded-Host header as Daniel Fowler suggested in his answer.

I also saw that sometimes "unofficial" X-Forwarded-Port header is used.

I created a similar question where I summarize how I think the servers should behave - all possible combinations (also with X-Forwarded-Proto which I think can also have impact).

like image 36
zdenda.online Avatar answered Jan 02 '23 10:01

zdenda.online