Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can't use HTTP health check in front proxy to vhosted server #2450

Closed
pingles opened this issue Jan 25, 2018 · 8 comments
Closed

Can't use HTTP health check in front proxy to vhosted server #2450

pingles opened this issue Jan 25, 2018 · 8 comments
Labels
beginner Good starter issues! enhancement Feature requests. Not bugs or questions. help wanted Needs help!

Comments

@pingles
Copy link

pingles commented Jan 25, 2018

Title: Upstream health checks fail when the upstream doesn't recognise the host cluster_name.

Description:
Currently envoy allows HTTP health checks to be performed against upstreams configured for the cluster. We're trying to use envoy as a load-balancing proxy which is connecting to some nginx processes that sit behind different ELBs. These nginx processes are configured with multiple virtual hosts that don't match the service name (but instead match the address we use).

Config
For example,

  clusters:
  - name: some_service
    type: STRICT_DNS
    health_checks:
      timeout: 5s
      interval: 30s
      unhealthy_threshold: 3
      healthy_threshold: 1
      http_health_check:
        path: "/"
    hosts: 
    - socket_address: { address: "app.elb1.domain", port_value: 443 }
    - socket_address: { address: "app.elb2.domain", port_value: 443 }
    - socket_address: { address: "app.elb3.domain", port_value: 443 }

In this situation I was expecting the health check to be performed having set Host to be the address used (app.elb1.domain).

It's difficult to know whether this is just a total misuse of envoy (sorry if so ;), or whether its a topology that should/could be supported. If so, I'd imagine the health check would need some kind of host_rewrite option so that it'd use the address of one of the configured hosts, or perhaps something like this:

http_health_check:
  path: /
  host: ADDRESS

As I said, not really sure whether this is really an issue or just misplaced expectation :) Let me know if I can help more.
@mattklein123 mattklein123 added the enhancement Feature requests. Not bugs or questions. label Jan 25, 2018
@mattklein123
Copy link
Member

In the current implementation Envoy sets the host header for HTTP/1.1 health checks to the name of the cluster, since health checking is distinct from service discovery. We could easily add an override for what to set host to. This is a feature request so I will mark it help wanted (it's also easy so will mark it beginner if you are interested).

@mattklein123 mattklein123 added help wanted Needs help! beginner Good starter issues! labels Jan 25, 2018
@pingles
Copy link
Author

pingles commented Jan 25, 2018

I’ve been looking for an excuse to try and get into a bit of modern C++ ;) Never done any professionally but will give it a try- envoy seems like a great place to start!!

Any thoughts/preferences on how to express the override?

@mattklein123
Copy link
Member

Hah. I was about to tell you to make a data-plane-api change, but it's already there, just not implemented: https://github.com/envoyproxy/data-plane-api/blob/master/envoy/api/v2/health_check.proto#L60.

You just need to implement this field which is already in the proto. The host is set here:
https://github.com/envoyproxy/envoy/blob/master/source/common/upstream/health_checker_impl.cc#L336

So it's basically just reading that field from the config, if not empty, using it (and adding a test here https://github.com/envoyproxy/envoy/blob/master/test/common/upstream/health_checker_impl_test.cc)

@pingles
Copy link
Author

pingles commented Jan 26, 2018 via email

@dio
Copy link
Member

dio commented Feb 10, 2018

@pingles I have it working in my local using this commit, it was required for a use-case in my org. But since I found that making an additional test to health_checker_impl_test.cc is not trivial for me (guess we need to have a facility to inspect the request header [to check if the sent Host value from the HC agent is correct as defined inside the config] via a decoder a test filter, but yeah I haven't found a way to do so).

@pingles
Copy link
Author

pingles commented Feb 10, 2018 via email

@dio dio mentioned this issue Feb 12, 2018
Merged
@dio
Copy link
Member

dio commented Feb 12, 2018

@pingles as communicated, allow me to do the PR 🙇

@pingles
Copy link
Author

pingles commented Feb 13, 2018

@dio please do!

htuch pushed a commit that referenced this issue Feb 13, 2018
@dio @htuch
healthcheck: Allow setting host header value of HTTP health checker (#…
6f8a368 
…2591)

This patch enables setting host header value as mentioned in HttpHealthCheck.host.

Risk Level: Low

Testing:
unit and manual testing

Docs Changes: envoyproxy/data-plane-api#493

Release Notes:
Enable setting host header value for HTTP HC

Fixes: #2450

API Changes:
envoyproxy/data-plane-api#493

Signed-off-by: Dhi Aurrahman <dio@rockybars.com>
Shikugawa pushed a commit to Shikugawa/envoy that referenced this issue Mar 28, 2020
@yxue @istio-testing
add alpn http filter (envoyproxy#2450)
def0974 
* add alpn filter

* update date

* address comment

Signed-off-by: crazyxy <yxyan@google.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
beginner Good starter issues! enhancement Feature requests. Not bugs or questions. help wanted Needs help!
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@pingles @dio @mattklein123