What happens with http headers in bridge network mode?

rdfined · June 10, 2024, 3:51pm

Hi forum

I have setup a Tomcat container on a host machine that I run in bridged mode. I use two ports 80 and 443 that I specify with the port binding.

Now I discovered in my webapp that among other http headers the “host” http header is missing. Is that expected behavior?

Without the host header I can’t see the subdomain requesteed for example.

Regards,
Rune

meyay · June 10, 2024, 6:28pm

The only thing not being retained in a bridge network is the source ip. Everything else should still be there.

rdfined · June 10, 2024, 6:51pm

Ok thanks - I use the following code in the container to show all headers:

        Enumeration<String> headerNames = request.getHeaderNames();
        while (headerNames.hasMoreElements()) {
            String headerName = headerNames.nextElement();
            loggerHTTPServlet.debug(headerName + ": " + request.getHeader(headerName));
        }

“host” is not part of this output? What could be the reason for that? I have my whole setup running without docker and in this setup I do get the host header?

meyay · June 10, 2024, 7:21pm

I can’t tell you why it’s not working for you. I can say though, that reverse proxies depend on the host header as well to reverse proxy traffic based on domains - works like a charm with traefik and nginx.

Published ports to a container in a bridge network are forwarded the same way, like your wan router at home does forward wan ports to lan ports. This happens on osi layer 3 and 4. Why would you expect it to mess with content in osi layer 7?

bluepuma77 · June 10, 2024, 7:27pm

You can simple test with an image like traefik/whoami, which echos the headers in the browser.

rdfined · June 11, 2024, 6:58am

For the record it works using port 80, but not when I run over SSL (443). Must be some settings problem with Tomcat even though it’s a copy of a working server.

rimelek · June 11, 2024, 4:25pm

Out of curiosity, are you running Docker CE or Docker Desktop? I have a vague memory about an old bug in Desktop caused some issues with HTTP headers. Normally Docker just adds network bridges without modifying anything. Only a proxy could change the headers. Docker CE has no such thing by default. Docker Desktop is more complex so I’m not 100% confident about what it containers either, escpecially because it evolves constantly.

rdfined · June 12, 2024, 8:28am

I’m running Docker CE

rdfined · June 12, 2024, 8:33am

Thanks for your inputs. I found out that the issue was caused by me for some reason “upgrading” the Tomcat SSL-connector to use http2 instead of http1.1. Http2 doesn’t necesarily send the host header in the request. Using http1.1 (which is default in most examples) solved the problem. I found out by turning on request debugging in Tomcat using this guide: logging - How to log all headers of request/response in Tomcat 7 - Stack Overflow

Topic		Replies	Views
Access containers using host headers Docker Desktop	0	2963	June 2, 2016
Cannot access network port on host using bridge network Docker Desktop	1	14281	August 5, 2016
Bridge Interface General bugfixes	0	765	September 2, 2019
Docker overrides remote_addr and forwarded_for headers to the bridge network ip General	1	963	November 15, 2023
How can a web-server container inside a docker bridge network get the public IP address of a HTTP request? Compose docker-compose	5	12169	November 9, 2022

What happens with http headers in bridge network mode?

Related topics