New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
remotewrite: Use TLS ServerName as Host in all requests #5802
Conversation
This change modifies HTTP requests made via remote-write to set the `Host` field to the TLS config's `ServerName`, when a TLS config is present. Otherwise, the empty default is maintained, and the Go stdlib will fall back to using the host component of the URL. This is useful to work around a somewhat-unfortunate setup we are currently dealing with, involving: * a client machine that has limited ability to resolve DNS queries (so we must point to our reverse-proxy instance via IP) * a reverse proxy that proxies based on the request's target host We can almost get this to work by passing both `-remoteWrite.url` and `-remoteWrite.tlsServerName`; however, the host will still be the host specified in the former and not the latter, which our reverse proxy mappings will not be able to handle. --- This PR as-is is likely not production-worthy: * this may not be the best place/way to get the TLS config and set the Host field * more similar instances may need to be modified across the codebase for consistency With this PR, I'm looking to get feedback on: * which behavior is the most correct/useful (Host field comes from URL vs Host field comes from TLS ServerName) * if this change is desired, then particulars on how would be appreciated!
d454c49
to
e7adee9
Compare
Codecov ReportAttention:
Additional details and impacted files@@ Coverage Diff @@
## master #5802 +/- ##
==========================================
- Coverage 60.37% 56.48% -3.89%
==========================================
Files 411 521 +110
Lines 76609 71325 -5284
==========================================
- Hits 46253 40291 -5962
- Misses 27794 28188 +394
- Partials 2562 2846 +284 ☔ View full report in Codecov by Sentry. |
If tlsServerName isn't empty, then it is likely the https request is sent to IP instead of hostname. In this case the request will fail, since Go automatically sets the Host header to the IP instead of the desired hostname at tlsServerName. So set the Host header to tlsServerName if itsn't empty. Updates #5802
If tlsServerName isn't empty, then it is likely the https request is sent to IP instead of hostname. In this case the request will fail, since Go automatically sets the Host header to the IP instead of the desired hostname at tlsServerName. So set the Host header to tlsServerName if itsn't empty. Updates #5802
@minor-fixes , thanks for the initial pull request! I implemented it properly at the commit cb25911 . Could you build |
If tlsServerName isn't empty, then it is likely the https request is sent to IP instead of hostname. In this case the request will fail, since Go automatically sets the Host header to the IP instead of the desired hostname at tlsServerName. So set the Host header to tlsServerName if itsn't empty. Updates VictoriaMetrics#5802
Closing this pull request as obsolete after cb25911 |
If tlsServerName isn't empty, then it is likely the https request is sent to IP instead of hostname. In this case the request will fail, since Go automatically sets the Host header to the IP instead of the desired hostname at tlsServerName. So set the Host header to tlsServerName if itsn't empty. Updates VictoriaMetrics#5802
If tlsServerName isn't empty, then it is likely the https request is sent to IP instead of hostname. In this case the request will fail, since Go automatically sets the Host header to the IP instead of the desired hostname at tlsServerName. So set the Host header to tlsServerName if itsn't empty. Updates VictoriaMetrics#5802
This change modifies HTTP requests made via remote-write to set the
Host
field to the TLS config'sServerName
, when a TLS config is present. Otherwise, the empty default is maintained, and the Go stdlib will fall back to using the host component of the URL.This is useful to work around a somewhat-unfortunate setup we are currently dealing with, involving:
We can almost get this to work by passing both
-remoteWrite.url
and-remoteWrite.tlsServerName
; however, the host will still be the host specified in the former and not the latter, which our reverse proxy mappings will not be able to handle.With this tweak, we are able to successfully ingest metrics.
This PR as-is is likely not production-worthy:
With this PR, I'm looking to get feedback on: