kj415j45 commented on issue #10673:
URL: https://github.com/apache/apisix/issues/10673#issuecomment-1920632495
> > With this config, I can still get the correct response from Codespace.
>
> this e because the host header is being passed here.
@shreemaan-abhishek
No, the `proxy_set_header` doesn't even affect the result of plain NGINX. I
added this command to simulate the APISIX's `pass_host: node`. NGINX would
automatically use the `proxy_pass`'s Host if I don't explicitly specify it in
`proxy_set_header Host <Host>`.
I also tried to set `upstream_host`, with the configure:
```json
{
"nodes": [
{
"host": "fuzzy-garbanzo-7vjw5wj7x77f7pw-8080.app.github.dev",
"port": 443,
"weight": 1
}
],
"timeout": {
"connect": 6,
"send": 6,
"read": 6
},
"type": "roundrobin",
"scheme": "https",
"pass_host": "rewrite",
"upstream_host": "fuzzy-garbanzo-7vjw5wj7x77f7pw-8080.app.github.dev",
"name": "test chatbot",
"keepalive_pool": {
"idle_timeout": 60,
"requests": 1000,
"size": 320
}
}
```
```log
$ curl -vvv https://[REDACTED]/codespace/test/README.md
* Trying 61.170.79.234:443...
* TCP_NODELAY set
* Connected to [REDACTED] (61.170.79.234) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: CN=[REDACTED]
* start date: Jan 30 00:39:41 2024 GMT
* expire date: Apr 29 00:39:40 2024 GMT
* subjectAltName: host "[REDACTED]" matched cert's "[REDACTED]"
* issuer: C=US; O=Let's Encrypt; CN=R3
* SSL certificate verify ok.
> GET /codespace/test/README.md HTTP/1.1
> Host: [REDACTED]
> User-Agent: curl/7.68.0
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Mark bundle as not supporting multiuse
< HTTP/1.1 308 Permanent Redirect
< Server: Tengine
< Content-Type: text/html; charset=utf-8
< Content-Length: 164
< Connection: keep-alive
< Date: Thu, 01 Feb 2024 06:48:51 GMT
< Location: https://[REDACTED]/README.md
< Strict-Transport-Security: max-age=31536000; includeSubDomains
< X-Request-Id: 69ba96b3-db95-4cf2-baff-8c96f8704c97
< X-Served-By: tunnels-prod-rel-asse-v3-cluster
< Via: cache18.l2st4-5[678,0], ens-cache26.cn6011[716,0]
< Timing-Allow-Origin: *
< EagleId: 3daa4f2e17067701304081027e
<
<html>
<head><title>308 Permanent Redirect</title></head>
<body>
<center><h1>308 Permanent Redirect</h1></center>
<hr><center>nginx</center>
</body>
</html>
* Connection #0 to host [REDACTED] left intact
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
