NOTE This repository is highly experimental, caveat emptor!
Suppose you're writing a reverse proxy within an Istio-enabled Kubernetes cluster. One issue you'll run into is that, if you set the Host
header to the originally requested host, the Envoy proxy will try to connect to that host, causing things to break. The simplest solution to this problem is to strip off the Host
header for outgoing reverse proxy requests.
This works fine, until you run into a tool that needs to know the originating host header. In that case, there's no way to tell Envoy to please pass along the original header.
That's where this tool comes into play. It works as a simple reverse proxy inside the destination pod. Instead of sending requests directly from Envoy to the real application, smuggle-host
sits in between and rewrites some HTTP header to Host
, thereby smuggling it past Envoy.
For example, if your application is running inside the pod on port 5000, and your external reverse proxy is rewriting Host
headers to Smuggled-Host
and connecting to port 4000, you can run smuggle-host
with:
$ smuggle-host --bind 0.0.0.0:4000 --desthost 127.0.0.1 --destport 5000 --smuggle-header X-Smuggled-Host
# Using default values
$ smuggle-host --bind 0.0.0.0:4000 --destport 5000