On Tue, 2025-02-25 at 11:31 -0600, Andrew Trieger wrote:
> In httpcore 5.2 and in 5.3, if I follow the example and create a
> simple server on say port 8000 like this:
>
> SocketConfig socketConfig = SocketConfig.custom()
> .setSoTimeout(15, TimeUnit.SECONDS)
> .setTcpNoDelay(true)
> .build();
> server = ServerBootstrap.bootstrap()
> //.setExceptionListener(new
> MyExceptionListener()) // nope doesnt intercept err 421
> .setListenerPort(port)
> .setSocketConfig(socketConfig)
>
> //.setCanonicalHostName(InetAddress.getLocalHost().getHostAddress())
> //.setSslContext(null)
> .register("*", handler)
> .create();
>
>
> It will start and listed on 8000 on all interfaces *.*.
> The default behavior if one doesn’t setCanonicalHostName is that it
> does exactly what my commented out line above does, which on a laptop
> or an EC2 instance finds the main ethernet interface and sets the IP
> address as the canonical hostname.
>
> The behavior I want is for the incoming request header Host: to be
> ignored, regardless of what my http client (curl, another program, a
> loadbalancer) thinkgs this machine is called, if the network routing
> got the request to this machine I want it to serve it.
>
> What actually happens however is that a curl to the IP works (because
> it matches the default canonical hostname the code set).
> But a curl to the DNS entry like this:
> curl -v http://ip-192-168-17-74.us-west-2.compute.internal:8250/asdf/
>
> results in a 421 Misdirected Request error which I cannot figure out
> how to register any kind of error handler to ignore.
> This is because the curl request set’s Host: ip-192-168-17-74.us-
> west-2.compute.internal
>
> Where this truly falls down is putting this code on an ec2 box and
> fronting it with an ALB and TargetGroup.
>
> The target group created just by IP address sends health checks,
> these have Host: 10.1.2.3 set, for whatever the internal private vpc
> IP address is for this host, and that works.
> The load balancer however has it’s own DNS entry like internal-
> Consumers-1234567.us-west-2.elb.amazonaws.com
>
> and if one uses curl on that:
> curl -v
> http://internal-Consumers-1234567.us-west-2.elb.amazonaws.com:8250/asdf
>
> Then the Host: request header is set to internal-Consumers-
> 1234567.us-west-2.elb.amazonaws.com
> <http://internal-consumers-1234567.us-west-2.elb.amazonaws.com/>,
> and the ALB passes the Host: header along,
> and the httpcore5 server rejects it with 421.
>
>
> If I were to code that ALB dns name as the canonicalHostName, then
> the health checks would fail.
>
> I know it’s not that secure but that’s fine for this use-case, I’m
> trying to get org.apache.hc.core5.http.impl.bootstrap.HttpServer
>
> to just start a basic http server that responds regardless of what
> the incoming Host: request header is.
>
> Or, at least figure out how anyone else using this would deploy it to
> amazon on ec2 and have both healthchecks and normal traffic actually
> work?
>
>
> Thanks alot fo anyone’s time.
>
>
Hi Andrew
One can use a custom RequestRouter in order to have a full control over
the process of routing request to request handlers.
In this example all requests will get routed to the local authority
(localhost) no matter the authority specified by the requester.
```
HttpServer server = ServerBootstrap.bootstrap()
.setListenerPort(port)
.setSocketConfig(socketConfig)
.setSslContext(sslContext)
.setRequestRouter(RequestRouter.<HttpRequestHandler>builder()
.resolveAuthority(RequestRouter.LOCAL_AUTHORITY_RESOLVER)
.addRoute(RequestRouter.LOCAL_AUTHORITY, "*", (request,
response, context) -> {
})
.build())
```
Hope this helps
Oleg
PS: Please subscribe to the list before posting
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
For additional commands, e-mail: httpclient-users-h...@hc.apache.org
