WEBVTT

00:00.200 --> 00:01.740
Hi, everyone, and welcome back.

00:01.760 --> 00:06.020
Now, in today's video, we will be discussing about the proxy host header.

00:06.050 --> 00:12.830
Now, by default, the host header that is received at a reverse proxy level is not really forwarded

00:12.830 --> 00:14.160
to the backend server.

00:14.180 --> 00:16.910
For example, let's say that you have a web browser.

00:16.910 --> 00:23.150
A web browser is making a request to the website and the request first reaches the Nginx reverse proxy.

00:23.180 --> 00:28.300
Now the request is of type get and there is a host header of captain.

00:28.310 --> 00:32.690
So basically the user is requesting for a website called as Captain.

00:32.690 --> 00:39.050
So this request goes to the Nginx reverse proxy and depending upon the proxy configuration that you

00:39.050 --> 00:43.500
have done, Nginx will send the same request to the backend server.

00:43.520 --> 00:49.100
Now if you look into the request that is made to the backend server, it is again a get request.

00:49.100 --> 00:50.640
That was the original one.

00:50.660 --> 00:57.980
However, this host field here is missing now based on this setup, even if the host fill is missing,

00:57.980 --> 01:00.460
it might not really impact much.

01:00.480 --> 01:07.110
However, when you have a backend that is hosting multiple applications or multiple websites, then

01:07.110 --> 01:08.310
you will run into issues.

01:08.310 --> 01:09.900
So let's quickly look into it.

01:09.930 --> 01:15.770
Now if you look here, the backend web server is hosting two different websites.

01:15.780 --> 01:24.120
One is captain and second is CPT Net, and both of them have a different index.html file altogether.

01:24.120 --> 01:28.050
So now your web browser has requested for CPT net.

01:28.080 --> 01:31.230
The request is received at nginx reverse proxy level.

01:31.300 --> 01:35.060
Nginx reverse proxy is just sending the get request to the web server.

01:35.070 --> 01:42.510
Now this web server does not really know whether it should serve the index.html of captain or index.html

01:42.540 --> 01:50.700
of CPT net because this host header is missing over here and this is one of the reasons why it is very

01:50.700 --> 01:58.110
important that the host header that was sent by the client should also be forwarded to the backend application.

01:58.110 --> 02:04.460
Specifically when you have multiple domain based association that is taking place here.

02:04.470 --> 02:06.510
So let's quickly look into it.

02:06.540 --> 02:07.860
Now let's do one thing.

02:07.860 --> 02:15.240
Let's quickly run our inspect within the browser and let's request for the Dexter Labs dot in.

02:15.930 --> 02:18.480
All right, so the website is loaded.

02:18.480 --> 02:24.600
Now, one important part to note is that sometimes the user complain that a website is not loading primarily

02:24.600 --> 02:31.950
because when you just type domain, many times the Chrome will directly add the https here.

02:31.950 --> 02:35.400
So this is the reason why the domain might not load.

02:35.400 --> 02:42.300
So you have to ensure that it is not a Https, it is just the Http based request anyways.

02:42.300 --> 02:48.900
So let's quickly go to network and if you quickly look into the headers here, let's quickly look into

02:48.900 --> 02:49.940
the request headers.

02:49.950 --> 02:54.570
You have a host header and the host header is Dexter Labs dot in.

02:54.570 --> 02:59.190
So this is the host header which reaches this Nginx level here.

02:59.190 --> 03:04.770
And this Nginx does not forward it to the backend server and we want that.

03:04.770 --> 03:08.430
Nginx should also forward it to the backend server.

03:08.430 --> 03:14.880
So for this to be achieved, what you need to do is you will have to add a new configuration of proxy

03:14.880 --> 03:21.270
set header host followed by a variable of host into the location directory of your configuration.

03:21.270 --> 03:27.240
So we are back to our CLI setup and the first step is associated with our reverse proxy.

03:27.270 --> 03:31.050
Second tab is associated with our backend application server.

03:31.050 --> 03:37.170
Now in order to understand it in a better way, what we need to do in the application server, we have

03:37.170 --> 03:41.760
to install the Tcpdump utility to capture the packets.

03:41.760 --> 03:47.940
So let's go ahead and install the Tcpdump utility in the backend application server.

03:48.600 --> 03:51.300
All right, now let's do one thing.

03:51.300 --> 03:57.450
Let's go ahead and run the TCP dump here and from the reverse proxy server just to quickly revise,

03:57.450 --> 04:06.120
we had set the host where whenever we query for the domain of labs dot internal, it goes to 127001.

04:06.120 --> 04:10.710
So it basically goes to the local Nginx server, which is acting as a reverse proxy.

04:10.710 --> 04:14.580
So now I will do a curl on CP labs dot internal.

04:14.580 --> 04:20.910
So this request, since it is a reverse proxy server, it will be forwarded to the backend application

04:20.910 --> 04:25.050
server here and the packets will be captured at the TCP dump level.

04:25.050 --> 04:31.950
So now at a TCP dump level you will see ten packets have been captured and basically the file is temp

04:31.950 --> 04:32.670
headers.

04:32.670 --> 04:38.220
So let's quickly go to the temp directory and let's do a cat on headers.

04:38.220 --> 04:40.710
So let's go a bit.

04:40.710 --> 04:43.410
So this is basically the response, which is 200.

04:43.410 --> 04:43.800
Okay.

04:43.800 --> 04:47.430
But we are more interested in the actual request.

04:47.430 --> 04:51.570
So if you look into the request, we have received a get request.

04:51.600 --> 04:56.060
We are also getting the real IP of 127001.

04:56.070 --> 04:59.850
And along with that, we are getting the host of ten one.

04:59.930 --> 05:03.830
39 0.3, along with few other details over here.

05:03.830 --> 05:08.630
But we are not really getting the actual domain that was queried upon.

05:08.630 --> 05:13.910
And this is one of the reasons why you should go ahead and add an appropriate header.

05:13.910 --> 05:17.090
So let's modify our configuration file.

05:17.090 --> 05:23.810
I'll go to Etsy, Nginx conf dot d proxy dot conf.

05:23.810 --> 05:27.440
And within here let's also add a new header.

05:27.440 --> 05:33.110
I'll say proxy set header host followed by host over here.

05:33.140 --> 05:34.520
All right, I'll save it.

05:34.880 --> 05:39.740
We'll do next and we'll do a systemctl restart.

05:39.740 --> 05:40.520
Nginx.

05:41.240 --> 05:42.170
Perfect.

05:42.200 --> 05:48.350
Now again from the application server, let's go ahead and clear the file of headers.

05:50.060 --> 05:58.310
Let's run the tcpdump utility again and from a reverse proxy server let's do a curl on CP labs dot internal.

05:58.430 --> 06:01.740
As expected, we are getting a response from the back end.

06:01.890 --> 06:05.100
I'll do a control C, ten packets have been received.

06:05.130 --> 06:07.800
Let's do a cat on headers.

06:08.520 --> 06:09.090
Now.

06:09.090 --> 06:17.030
If we go a bit up this time you'll see that you have a host header and this has a value of CP labs dot

06:17.040 --> 06:23.880
internal and this is what we are discussing in today's video and this is very, very helpful in production

06:23.880 --> 06:24.510
environments.

06:24.510 --> 06:31.470
So it is generally from what I have seen, you have a host header as well as the real IP header.

06:31.470 --> 06:33.840
Both of these are captured here.

06:33.840 --> 06:38.910
Now one more important thing that I just wanted to show you, you can name it whatever you want.

06:38.940 --> 06:46.500
Just to avoid any confusion, let me quickly show you let's modify this instead of host, you can give

06:46.500 --> 06:47.700
whatever value you need.

06:47.820 --> 06:49.530
Let me just give it as Z.

06:50.730 --> 06:57.390
All right, let's quickly restart Nginx from the back end server.

06:57.420 --> 07:01.040
Let's do a control C, we'll empty the file.

07:01.040 --> 07:02.780
Let's do a TCP dump.

07:03.030 --> 07:04.730
In fact, this will overwrite.

07:04.730 --> 07:08.300
So you do not really need to explicitly empty the file here.

07:08.720 --> 07:12.500
Now let's do a curl on CP labs dot internal.

07:13.730 --> 07:16.420
Let's do a control C ten packet captured.

07:16.430 --> 07:18.260
Let's do a cat on headers.

07:18.920 --> 07:25.400
If you go a bit up this time you see for Z you are seeing CP labs dot internal.

07:25.400 --> 07:30.110
So this field is completely modifiable depending upon your requirement.

07:30.110 --> 07:36.740
And this time you also see that there is a new host which basically contains the IP address of the Nginx

07:36.740 --> 07:37.880
reverse proxy.

07:37.910 --> 07:38.480
Great.

07:38.480 --> 07:44.000
So I hope with this you understood the basic problem and also its associated solution.

07:44.000 --> 07:51.320
Now, one more thing I wanted to show you just to avoid any confusion is associated with the TCP dump

07:51.320 --> 07:51.770
command.

07:51.770 --> 07:59.360
So in this Tcpdump command, we are capturing the traffic of Port 80 that is coming to the interface

07:59.360 --> 08:00.560
of one.

08:00.560 --> 08:06.180
Now this is very important because in case if you are practicing it in a different cloud provider,

08:06.210 --> 08:08.340
let me run ifconfig here.

08:08.340 --> 08:11.520
So there are multiple interfaces that are present.

08:11.550 --> 08:19.140
Now the Nginx reverse proxy server is sending the traffic to which interface is it sending the traffic

08:19.140 --> 08:22.830
to the public IP which is associated with the zero interface?

08:22.860 --> 08:28.920
Or is it sending the traffic to a private IP associated with the one interface and so on?

08:29.130 --> 08:39.180
So if you want to quickly verify the reverse proxy is sending the data to IP ten 139 0.3 which is basically

08:39.180 --> 08:41.130
this private interface over here.

08:41.130 --> 08:48.210
So within this hyphen I you will have to specify the appropriate interface where the traffic is coming

08:48.210 --> 08:48.750
from.

08:48.750 --> 08:49.260
All right.

08:49.260 --> 08:52.800
So this is one important part of the TCP dump command.

08:52.950 --> 08:53.460
Great.

08:53.460 --> 08:58.530
So with our basics understood for proxy host header, we'll conclude today's video.