Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

TLS redirect_cleartext_from doesn't preserve path

See original GitHub issue

Describe the bug url path is not preserved with redirect_cleartext_from set

To Reproduce

Follow TLS Termination documentation to create cert and store as kubernetes secret
Deploy ambassador with helm chart 2.2.1 with values:

service:
  annotations:
    getambassador.io/config: |
      ---
      apiVersion: ambassador/v1
      kind: Module
      name: tls
      config:
        server:
          enabled: True
          secret: ambassador-certs
          redirect_cleartext_from: 8080

Deploy httpbin service to test redirect

---
apiVersion: v1
kind: Service
metadata:
  name: httpbin
  annotations:
    getambassador.io/config: |
      ---
      apiVersion: ambassador/v1
      kind:  Mapping
      name:  httpbin_mapping
      prefix: /httpbin/
      service: httpbin.org:80
      host_rewrite: httpbin.org
spec:
  ports:
  - name: httpbin
    port: 80

curl the endpoint using http

curl -Li http://hostname/httpbin/

Result: path is not preserved on redirect

HTTP/1.1 301 Moved Permanently
location: https://hostname/
date: Wed, 24 Apr 2019 20:12:19 GMT
server: envoy
content-length: 0

HTTP/2 404 
date: Wed, 24 Apr 2019 20:12:19 GMT
server: envoy

Expected behavior Path should be preserved and redirect to https://hostname/httpbin/

Versions (please complete the following information):

Ambassador: [0.60.0] (using Helm chart 2.2.1)
Kubernetes environment: [AKS]
Version [1.12.7]

Additional context

Issue Analytics

State:
Created 4 years ago
Reactions:2
Comments:27 (12 by maintainers)

Top GitHub Comments

2reactions

gsagulacommented, May 28, 2019

The problem is that we shouldn’t be setting "path_redirect": "/" if the intention is to preserve the path in the request. There is a logic in Envoy for that:

if (!path_redirect_.empty()) {
    final_path = path_redirect_.c_str();
  } else {
    ASSERT(headers.Path());
    final_path = headers.Path()->value().getStringView();
    if (strip_query_) {
      size_t path_end = final_path.find("?");
      if (path_end != absl::string_view::npos) {
        final_path = final_path.substr(0, path_end);
      }
    }
  }

I will open a PR shortly with the fix. Thanks!

2reactions

gsagulacommented, May 23, 2019

@bpehling @christianhuening Thanks for the info. I will need to debug Envoy.