Do not use port from host header (#1926)

kubernetes · Jan 18, 2018 · 52794ae · 52794ae
1 parent 5a16a7a
commit 52794ae
Showing 1 changed file with 4 additions and 15 deletions.
diff --git a/rootfs/etc/nginx/template/nginx.tmpl b/rootfs/etc/nginx/template/nginx.tmpl
@@ -213,11 +213,6 @@ http {
         ''                $server_port;
     }
 
-    map $http_x_forwarded_host $best_http_host {
-        default          $http_x_forwarded_host;
-        ''               $this_host;
-    }
-
     {{ if $all.IsSSLPassthroughEnabled }}
     # map port {{ $all.ListenPorts.SSLProxy }} to 443 for header X-Forwarded-Port
     map $pass_server_port $pass_port {
@@ -231,12 +226,6 @@ http {
     }
     {{ end }}
 
-    # Obtain best http host
-    map $http_host $this_host {
-        default          $http_host;
-        ''               $host;
-    }
-
     {{ if $cfg.ComputeFullForwardedFor }}
     # We can't use $proxy_add_x_forwarded_for because the realip module
     # replaces the remote_addr too soon
@@ -709,11 +698,11 @@ stream {
                 {{ if $location.UsePortInRedirects }}
                 # using custom ports require a different rewrite directive
                 {{ $redirect_port := (printf ":%v" $all.ListenPorts.HTTPS) }} 
-                error_page 497 ={{ $all.Cfg.HTTPRedirectCode }} https://$best_http_host{{ $redirect_port }}$request_uri;
+                error_page 497 ={{ $all.Cfg.HTTPRedirectCode }} https://$host{{ $redirect_port }}$request_uri;
 
                 return 497;
                 {{ else }}
-                return {{ $all.Cfg.HTTPRedirectCode }} https://$best_http_host$request_uri;
+                return {{ $all.Cfg.HTTPRedirectCode }} https://$host$request_uri;
                 {{ end }}
             }
             {{ end }}
@@ -783,7 +772,7 @@ stream {
             {{ if not (empty $location.UpstreamVhost) }}
             proxy_set_header Host                   "{{ $location.UpstreamVhost }}";
             {{ else }}
-            proxy_set_header Host                   $best_http_host;
+            proxy_set_header Host                   $host;
             {{ end }}
 
 
@@ -812,7 +801,7 @@ stream {
             {{ else }}
             proxy_set_header X-Forwarded-For        $the_real_ip;
             {{ end }}
-            proxy_set_header X-Forwarded-Host       $best_http_host;
+            proxy_set_header X-Forwarded-Host       $host;
             proxy_set_header X-Forwarded-Port       $pass_port;
             proxy_set_header X-Forwarded-Proto      $pass_access_scheme;
             proxy_set_header X-Original-URI         $request_uri;