What happens with http headers in bridge network mode?

Hi forum

I have setup a Tomcat container on a host machine that I run in bridged mode. I use two ports 80 and 443 that I specify with the port binding.

Now I discovered in my webapp that among other http headers the “host” http header is missing. Is that expected behavior?

Without the host header I can’t see the subdomain requesteed for example.

Regards,
Rune

The only thing not being retained in a bridge network is the source ip. Everything else should still be there.

1 Like

Ok thanks - I use the following code in the container to show all headers:

        Enumeration<String> headerNames = request.getHeaderNames();
        while (headerNames.hasMoreElements()) {
            String headerName = headerNames.nextElement();
            loggerHTTPServlet.debug(headerName + ": " + request.getHeader(headerName));
        }

“host” is not part of this output? What could be the reason for that? I have my whole setup running without docker and in this setup I do get the host header?

I can’t tell you why it’s not working for you. I can say though, that reverse proxies depend on the host header as well to reverse proxy traffic based on domains - works like a charm with traefik and nginx.

Published ports to a container in a bridge network are forwarded the same way, like your wan router at home does forward wan ports to lan ports. This happens on osi layer 3 and 4. Why would you expect it to mess with content in osi layer 7?

1 Like

You can simple test with an image like traefik/whoami, which echos the headers in the browser.

1 Like

For the record it works using port 80, but not when I run over SSL (443). Must be some settings problem with Tomcat even though it’s a copy of a working server.

Out of curiosity, are you running Docker CE or Docker Desktop? I have a vague memory about an old bug in Desktop caused some issues with HTTP headers. Normally Docker just adds network bridges without modifying anything. Only a proxy could change the headers. Docker CE has no such thing by default. Docker Desktop is more complex so I’m not 100% confident about what it containers either, escpecially because it evolves constantly.

I’m running Docker CE

Thanks for your inputs. I found out that the issue was caused by me for some reason “upgrading” the Tomcat SSL-connector to use http2 instead of http1.1. Http2 doesn’t necesarily send the host header in the request. Using http1.1 (which is default in most examples) solved the problem. I found out by turning on request debugging in Tomcat using this guide: logging - How to log all headers of request/response in Tomcat 7 - Stack Overflow

1 Like