K
Q

Istio envoy is dropping requests with Host header

11/7/2018

I having an issue trying to get Istio working on my cluster. My infrastructure looks like this:

I have a Magento Store with a varnish as front cache. It was working before istio installation. I have already enabled envoy injection. Varnish is deployed in a pod and has its own service redirects uncached to magento service.

The problem comes when I try to curl from varnish to magento.

If I curl magento service from varnish I get a redirect to magento URL (which is the expected behavior)

root@varnish-6468d5958d-dvxhx:/# curl -v store-es    
* Rebuilt URL to: store-es/
*   Trying 10.32.97.229...
* TCP_NODELAY set
* Connected to store-es (10.32.97.229) port 80 (#0)
> GET / HTTP/1.1
> Host: store-es
> User-Agent: curl/7.52.1
> Accept: */*
> 
< HTTP/1.1 301 Moved Permanently
< server: envoy
< date: Wed, 07 Nov 2018 11:08:47 GMT
< content-type: text/html
< content-length: 185
< location: https://store-sta.xxxxx.yyy/
< myheader: store-es-6484d46d66-952xj
< x-envoy-upstream-service-time: 4
< 
<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.13.8</center>
</body>
</html>
* Curl_http_done: called premature == 0
* Connection #0 to host store-es left intact

But when I try the same but using a Host header to skip magento redirection I got a 404:

root@varnish-6468d5958d-dvxhx:/# curl -v -H "Host: store-sta.xxxxx.yyy" store-es    
* Rebuilt URL to: store-es/
*   Trying 10.32.97.229...
* TCP_NODELAY set
* Connected to store-es (10.32.97.229) port 80 (#0)
> GET / HTTP/1.1
> Host: store-sta.xxxxx.yyy
> User-Agent: curl/7.52.1
> Accept: */*
> 
< HTTP/1.1 404 Not Found
< date: Wed, 07 Nov 2018 11:11:59 GMT
< server: envoy
< content-length: 0
< 
* Curl_http_done: called premature == 0
* Connection #0 to host store-es left intact

I have checked logs and requests whit Host header are never arriving to magento service (store-es in my example). And when I check varnish envoy's log is the one which is returning a 404:

[2018-11-07T11:11:50.548Z] "GET /HTTP/1.1" 404 NR 0 0 0 - "-" "curl/7.52.1" "e754b17f-ae2e-4734-beb4-f7a2d6e412da" "store-sta.xxxxx.yyy" "-" - - 10.32.97.229:80 10.32.67.5:45540

Do you know why is this happening? Why host header is returning a 404 without requesting magento service?

I also want to mention that magento is working without varnish and it's able to connect to redis (in the same cluster) and mysql (outside cluster) so I have discarded a magento's trouble.

-- AndresJ
curl
envoyproxy
kubernetes
virtualhost

Similar Questions

Azure AKS master node architecture
containers on Google cloud platform
How to add a docker-registry secret for Google Cloud Platform on Windows (that is, in PowerShell, not Bash)?
Re-use PersistentVolume after re-installing a helm deployment

1 Answer

12/5/2018

I have a similar issue where the Host header hitting envoy is an external domain which does not match the internal service entry name (it never would). As it does not match it gets a 404, I think there must be a way to configure this with VirtualService but not sure how yet.

-- Chris K
Source: StackOverflow