Rewrite Host Header by default in ReverseProxy (#580)

## Description The default implementation of ReverseProxy provided by `NewSingleHostReverseProxy` does not rewrite the host header of the outbound request. Instantiate ReverseProxy with an implementation that rewrites the host header of the outbound request by default. ## Why is this needed When the host header is not being rewritten, it would still have the host value that the incoming request had which in this case would be the smee host IP itself. If the upstream URL is hosted on a public service such as S3 which does some validations on the request header, the current implementation would fail as S3 would deny any such request where it's not able to validate the host header. Fixes: # Tested this change with isoURL in the smee deployment set to an S3 link and was able to boot up a Hardware properly. ## How Has This Been Tested? ## How are existing users impacted? What migration steps/scripts do we need? ## Checklist: I have: - [ ] updated the documentation and/or roadmap (if required) - [ ] added unit or e2e tests - [ ] provided instructions on how to upgrade
tinkerbell · Jan 11, 2025 · 15033c0 · 15033c0
2 parents 5f59d3e + d369677
commit 15033c0
Showing 1 changed file with 7 additions and 2 deletions.
diff --git a/internal/iso/iso.go b/internal/iso/iso.go
@@ -65,7 +65,11 @@ func (h *Handler) HandlerFunc() (http.HandlerFunc, error) {
 	}
 	h.parsedURL = target
 
-	proxy := internal.NewSingleHostReverseProxy(target)
+	proxy := &internal.ReverseProxy{
+		Rewrite: func(r *internal.ProxyRequest) {
+			r.SetURL(target)
+		},
+	}
 
 	proxy.Transport = h
 	proxy.FlushInterval = -1
@@ -124,7 +128,7 @@ func (h *Handler) Copy(ctx context.Context, dst io.Writer, src io.Reader, buf []
 // This method is called by the internal.NewSingleHostReverseProxy to handle the incoming request.
 // The method is responsible for validating the incoming request and getting the source ISO.
 func (h *Handler) RoundTrip(req *http.Request) (*http.Response, error) {
-	log := h.Logger.WithValues("method", req.Method, "urlPath", req.URL.Path, "remoteAddr", req.RemoteAddr)
+	log := h.Logger.WithValues("method", req.Method, "inboundURI", req.RequestURI, "remoteAddr", req.RemoteAddr)
 	log.V(1).Info("starting the ISO patching HTTP handler")
 
 	if filepath.Ext(req.URL.Path) != ".iso" {
@@ -189,6 +193,7 @@ func (h *Handler) RoundTrip(req *http.Request) (*http.Response, error) {
 	// This function is more than a pass through proxy. The MAC address in the url path is required to do hardware lookups using the backend reader
 	// and is not used when making http calls to the target (h.SourceISO). All valid requests are passed through to the target.
 	req.URL.Path = h.parsedURL.Path
+	log = log.WithValues("outboundURL", req.URL.String())
 
 	// RoundTripper needs a Transport to execute a HTTP transaction
 	// For our use case the default transport will suffice.