-
Notifications
You must be signed in to change notification settings - Fork 4.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Documentation for Ingress Gateways #8045
Comments
In addition to the above, if you add the port to Hosts it causes problems when TLS is enabled as the port is added to the DNS SAN for the TLS cert..
This would cause TLS certificate validation failures as TLS is only looking at the hostname not the hostname port combination. A work around for this it to add the hostname with and without the port to the L7 config, this enables Envoy routing to function and the TLS certificate validation.
|
Closed by #8062 |
The documentation for Ingress Gateways states that you can specify Host header matching for services using the
Hosts
parameter for a service.https://github.com/hashicorp/consul/blob/master/website/pages/docs/agent/config-entries/ingress-gateway.mdx
However a port is required in this setting if anything other than port 80 is used.
Reproduction Steps
Given the following example:
This would generate the following dynamic route config:
When calling the public listener with curl the following headers would be sent
NOTE
Host
has a value ofweb.ingress.container.shipyard.run:8080
the envoy route filter is rejecting this as it is matching on a value ofweb.ingress.container.shipyard.run
without the port.A quick fix for this is to add the listener port to the Hosts array as shown in the example below.
The text was updated successfully, but these errors were encountered: