Reputation: 3445
How to relay outbound request from docker container to modify headers?
I have an application that is running in Docker configured with an NGINX reverse proxy. The application is a binary, I don't have source code and there's no way to modify the header of an HTTP request from the app itself. My goal is to append a header field before the request is dispatched out of the host machine:
/// @dev some http proxy or similar
listener(PORT, function(request) {
// 1) modifies header
request.setHeader('FOO', 'bar')
// 2) passes through to original or intended destination
request.continue()
})
The key is to modify the request's header within the host machine where the Docker app is running.
I looked at MITM proxies and to reroute the Docker outbound traffic with iptables or socat.
Is there anything you would suggest for this operation?
Upvotes: 2
Views: 1947
Answers (2)
Reputation: 20196
To add a header to an outgoing response, simply use add_header directive:
location /foo/ {
add_header name "value";
proxy_pass http://my-legacy-app;
}
To add a header to an outgoing request you can try a forward proxy:
server {
listen 127.0.0.121:80;
location / {
proxy_add_header name "value";
proxy_pass http://$http_host$request;
}
}
This will work if you can make your application to send all outgoing requests to 127.0.0.121:80 (the forward proxy) instead of actual targets. For example you can make the legacy app container to use a dedicated DNS server, which will say that every host is on 127.0.0.121 (or any other value).
Upvotes: 1
Reputation: 7539
You could use Traefik reverse proxy v2.4+ with Traefik Pilot enabled and a plugin like Header transformation.
You run Traefik as a container which routes the traffic to the other containers. You can then link your instance to Traefik Pilot using a token, which enables plugins. If you use labels in a docker-compose.yml file:
services:
traefik:
# ...
labels:
- "--pilot.token=XXXXXXXX"
# ...
To add the plugin you can also add labels to the Traefik service and to your app too:
services:
traefik:
# ...
labels:
# ...
- "--entrypoints.web.address=:80"
- "--pilot.token=XXXXXXXX"
- "--experimental.plugins.htransformation.modulename=github.com/tommoulard/htransformation"
- "--experimental.plugins.htransformation.version=v0.2.3"
your_service:
# ...
labels:
- "traefik.enable=true"
- "traefik.http.routers.your_service.rule=Host(`some.host`)"
- "traefik.http.routers.your_service.entrypoints=web"
- "traefik.http.routers.your_service.middlewares=add_header"
- "traefik.http.middlewares.add_header.plugin.htransformation.Rules[0].Name=set_foo"
- "traefik.http.middlewares.add_header.plugin.htransformation.Rules[0].Header=FOO"
- "traefik.http.middlewares.add_header.plugin.htransformation.Rules[0].Value=bar"
- "traefik.http.middlewares.add_header.plugin.htransformation.Rules[0].Type=Set"
You can also use other configuration files in YAML or TOML, everything is shown in the documentations.
Upvotes: 1
Related Questions
- How to proxy HTTP request from container to a specific address(:port) in docker?
- Bidirectional communication on stdin/stdout from container to host?
- Connect to host socket from within docker container
- Pipe input to dockerized socat run on socket present on docker host
- scrape docker metrics from inside container
- Proxy request to specific http using tor\socks
- Use proxy inside a Docker container
- How to make a TCP outgoing connection with Docker container?
- Sending http requests from docker container using same network as sending requests from host machine
- How to send all network traffic from Docker container through a proxy?