-
Notifications
You must be signed in to change notification settings - Fork 689
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Request to path returning 404 for trailing dot domain #6334
Comments
Hey @saley89! Thanks for opening your first issue. We appreciate your contribution and welcome you to our community! We are glad to have you here and to have your input on Contour. You can also join us on our mailing list and in our channel in the Kubernetes Slack Workspace |
Hi @saley89, I haven't formed an opinion yet, but found that Daniel Stenberg (of curl fame) has recorded some details about trailing dot vs HTTP here https://daniel.haxx.se/blog/2022/05/12/a-tale-of-a-trailing-dot/. Interesting read! :) |
@tsaarni sure but just to be clear |
Sure 👍 I also did not mean it was related to curl, just that there were surprising complications. It wonder if those have been reason why Envoy defaults to distinguishing between the two. |
The Contour project currently lacks enough contributors to adequately respond to all Issues. This bot triages Issues according to the following rules:
You can:
Please send feedback to the #contour channel in the Kubernetes Slack |
The Contour project currently lacks enough contributors to adequately respond to all Issues. This bot triages Issues according to the following rules:
You can:
Please send feedback to the #contour channel in the Kubernetes Slack |
Is there any scope for reopening this issue please? In some integration testing within our company the lack of support for dot domains is causing issues meaning they are having to call the host with out it. As per the original description, envoy itself supports what is required. We simply need a mechanism to be able to set Is it possible to set an envoy configuration value like this today or does explicit support need building into Contour? |
Support in Contour is required. The field is part of |
That's right @tsaarni I think we just want to have a single configuration within Contour that if set to Given the specification I linked to in the description, I'm unclear why the default from Envoy is even set to false? |
I did not find reasoning why false is set by default but I understood it could cause problems. If possible, you could try if it works for you with this minimal change to Contour code: diff --git a/internal/envoy/v3/listener.go b/internal/envoy/v3/listener.go
index 213a71af..e9677a02 100644
--- a/internal/envoy/v3/listener.go
+++ b/internal/envoy/v3/listener.go
@@ -519,6 +519,7 @@ func (b *httpConnectionManagerBuilder) Get() *envoy_config_listener_v3.Filter {
StreamIdleTimeout: envoy.Timeout(b.streamIdleTimeout),
DrainTimeout: envoy.Timeout(b.connectionShutdownGracePeriod),
DelayedCloseTimeout: envoy.Timeout(b.delayedCloseTimeout),
+ StripTrailingHostDot: true,
}
// Max connection duration is infinite/disabled by default in Envoy, so if the timeout setting and then run |
@tsaarni we conducted a quick test just now. Prior to the change we sent a request to a test domain with the trailing dot via contour and we saw 404. Deploying a version of Contour with your suggestion we now see a successful result. If it could be possible to get a Contour release with a configuration flag for setting StripTrailingHostDot to |
@saley89 Glad to hear it works! I'll add "help wanted" label to your issue, but unfortunately I don't have the capacity to work on this feature myself. |
Fixes projectcontour#6334 Signed-off-by: David Sale <[email protected]>
@tsaarni no problem. We have attempted a PR for this which is now attached to this ticket. |
Fixes projectcontour#6334 Signed-off-by: David Sale <[email protected]>
What steps did you take and what happened:
Configured an HttpProxy resource for a domain with a path. This was registered correctly and DNS working as expected for both
my-example-domain.com
andmy-example-domain.com.
.When issuing a
curl
request to a path on my domain it returns successfully, however when using the trailing dot domain it returns a 404 as presumably it is including it as part the route/path lookup.Working:
Broken:
What did you expect to happen:
In other ingress controllers we have used this worked successfully in both scenarios.
We believe you should be able to make requests against a trailing dot domain such as this to use and resolve the domain without recursive lookups.
Anything else you would like to add:
RFC documentation on the subject:
Envoy mentions this configuration in it's documentation:
However I can see no way to set this configuration up in our Contour/Envoy deployment via the helm charts.
Environment:
contour:1.27.1
&envoy:1.27.3
kubectl version
):/etc/os-release
): DebianThe text was updated successfully, but these errors were encountered: