Enhance HTTPS redirect middleware for multi-hostname scenarios #21291
Comments
rynowak
added
enhancement
|
Can you clarify why each host has a different port? Hosts can share ports using host headers and SNI. |
|
@Tratcher well, if they're different ASP.NET Core apps, we still have the port sharing problem right? Regardless of feasibility, only one process can bind to the port. |
|
Nevermind, I just read the linked issue and it's a very different scenario. The app only has one local port. The app accepts requests directly and through a proxy. The host name is the same in both cases, but the public and internal ports are different. In this example it needs to be able to redirect myhost:80 -> 443 and myhost:4567 -> 4568. |
|
Why isn't the front end enforcing its own https? |
|
As in, have the proxy responsible for the redirect? The proxy in this case is docker I think, not a dedicated proxy server. |
|
Is there a proposed new behavior here? |
|
The middleware needs to be capable of doing a host+port lookup from IServerAddresses and/or a static list to get the matching https port. A collection of Note today it throws if trying to auto-configure and it finds more than one https endpoint in IServerAddresses. |
BrennanConroy
added
the
Needs: Design
|
@jkotalik Does Tye have an API proposal for this? Also, how important is this API to Tye? |
|
I don't think this critical for Tye, we wouldn't be able to utilize an API change here as we are primarily targeting 3.1. |
|
We've moved this issue to the Backlog milestone. This means that it is not going to be worked on for the coming release. We will reassess the backlog following the current release and consider this item at that time. To learn more about our issue management process and to have better expectation regarding different types of issues you can read our Triage Process. |
Tratcher
added
affected-few
amcasey
added
area-networking
See: dotnet/tye#354
The HTTPS redirect middleware allows you to configure (via config) a single port to use for HTTPS redirects. There are cases where this isn't sophisticated enough because each hostname you're listening on has a different HTTPS port value.
The text was updated successfully, but these errors were encountered: