request help: Use plugin redirect for http_to_https,the browser access unlimited 301.

[sandy420]

Issue description

Use plugin redirect for http_to_https,the browser access unlimited 301.

my apisix's config,e.g.:
{ "create_time": 1641884664, "desc": "", "upstream_id": "00000000000001329854", "enable_websocket": false, "plugin_config_id": "1688", "plugins": { "redirect": { "ret_code": 301, "http_to_https": true, "encode_uri": false, "append_query_string": false }, "proxy-rewrite": { "headers": { "primeval_host": "$host" }, "disable": false } }, "priority": 0, "update_time": 1641893364, "id": "00000000000000285664", "name": "mydashboard", "uris": [ "/mydashboard/*" ], "status": 1, "methods": [ "GET", "HEAD", "POST", "PUT", "DELETE", "OPTIONS", "PATCH" ], "hosts": [ "ttt3.mydashboard.com" ] }

Environment

• apisix version (cmd: apisix version): apisix2.10.1
• OS (cmd: uname -a): centos 7.3
• OpenResty / Nginx version (cmd: nginx -V or openresty -V):
• etcd version, if have (cmd: run curl http://127.0.0.1:9090/v1/server_info to get the info from server-info API):
• apisix-dashboard version, if have:
• the plugin runner version, if the issue is about a plugin runner (cmd: depended on the kind of runner):
• luarocks version, if the issue is about installation (cmd: luarocks --version):

[tokers]

@sandy420

What did you mean by saying "the browser access unlimited 301", could you provide more details about the scenario and consequence.

[kaktos]

Maybe I encountered the same problem. The reason I found is that our APISIX behind a proxy that responsed for decrypted the TLS and proxied always HTTP scheme to APISIX. let's see the redirect plugin code:

if conf.http_to_https and ctx.var.scheme == "http" then
-- ignore
end

It will makes the redirect loop apparently.

the resolution is patching this plugin just like:

local proxy_proto = core.request.header(ctx, "x-forwarded-proto")
local _scheme = proxy_proto and proxy_proto or ctx.var.scheme
if conf.http_to_https and _scheme == "http" then
-- ignore
end

[leslie-tsang]

Maybe I encountered the same problem. The reason I found is that our APISIX behind a proxy that responsed for decrypted the TLS and proxied always HTTP scheme to APISIX. let's see the redirect plugin code:

if conf.http_to_https and ctx.var.scheme == "http" then
-- ignore
end

It will makes the redirect loop apparently.

the resolution is patching this plugin just like:

local proxy_proto = core.request.header(ctx, "x-forwarded-proto")
local _scheme = proxy_proto and proxy_proto or ctx.var.scheme
if conf.http_to_https and _scheme == "http" then
-- ignore
end

Hello there, @ke4qqq Would you like to submit a PR to fix it ? Thanks.

[HelloBug0]

If parameter http_to_https is true, the response status is 301 or 308. When we configure uri or regex_uri, I think the parameter ret_code may be not meaningful. And because of the difference of method, get or post, we can get two different response status, 301 or 308 as for one uri. Also, If we configure parameter ret_code 200, the brower won't redirect it anyway.