Skip to content

Request to path returning 404 for trailing dot domain #6334

New issue
New issue
Closed
#6792
Closed
Request to path returning 404 for trailing dot domain#6334
#6792
Labels
help wantedDenotes an issue that needs help from a contributor. Must meet "help wanted" guidelines.kind/featureCategorizes issue or PR as related to a new feature.
Milestone
1.31.0
@saley89

Description

@saley89
saley89
opened on Apr 10, 2024

What steps did you take and what happened:

Configured an HttpProxy resource for a domain with a path. This was registered correctly and DNS working as expected for both my-example-domain.com and my-example-domain.com..

When issuing a curl request to a path on my domain it returns successfully, however when using the trailing dot domain it returns a 404 as presumably it is including it as part the route/path lookup.

Working:

curl https://my-example-domain.com/some-path
...
< HTTP/2 200
< server: envoy

Broken:

curl https://my-example-domain.com./some-path
...
< HTTP/2 404
< vary: Accept-Encoding
< date: Wed, 10 Apr 2024 13:56:12 GMT
< server: envoy

What did you expect to happen:

In other ingress controllers we have used this worked successfully in both scenarios.

We believe you should be able to make requests against a trailing dot domain such as this to use and resolve the domain without recursive lookups.

Anything else you would like to add:

RFC documentation on the subject:

Such a name consists of a sequence of domain labels separated by ".",
   each domain label starting and ending with an alphanumeric character
   and possibly also containing "-" characters.  The rightmost domain
   label of a fully qualified domain name in DNS may be followed by a
   single "." and should be if it is necessary to distinguish between
   the complete domain name and some local domain.

Envoy mentions this configuration in it's documentation:

strip_trailing_host_dot
(bool) Determines if trailing dot of the host should be removed from host/authority header before any processing of request by HTTP filters or routing. This affects the upstream host header. Without setting this option, incoming requests with host example.com. will not match against route with domains match set to example.com. Defaults to false. When the incoming request contains a host/authority header that includes a port number, setting this option will strip a trailing dot, if present, from the host section, leaving the port as is (e.g. host value example.com.:443 will be updated to example.com:443).

However I can see no way to set this configuration up in our Contour/Envoy deployment via the helm charts.

Environment:

  • Contour version: contour:1.27.1 & envoy:1.27.3
  • Kubernetes version: (use kubectl version):
Client Version: version.Info{Major:"1", Minor:"25", GitVersion:"v1.25.4", 
Server Version: version.Info{Major:"1", Minor:"24", GitVersion:"v1.24.17",
  • Cloud provider or hardware configuration: AWS
  • OS (e.g. from /etc/os-release): Debian

Metadata

Metadata

Assignees

No one assigned

    Labels

    help wantedDenotes an issue that needs help from a contributor. Must meet "help wanted" guidelines.kind/featureCategorizes issue or PR as related to a new feature.

    Type

    No type

    Projects

    Contour

    Status

    Done

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions