From 489cdd8b6334f1c9bb5d76d81dc0b83cdc39785e Mon Sep 17 00:00:00 2001
From: Cuong Manh Le <cuong.manhle.vn@gmail.com>
Date: Wed, 22 Jul 2020 23:51:57 +0700
Subject: [PATCH] internal/controlplane: using envoy strip host port matching
 (#1126)

* internal/controlplane: using envoy strip host port matching

With envoy 1.15.0 release, strip host port matching setting allows
incoming request with Host "example:443" will match again route with
domains match set to "example".

Not that this is not standard HTTP behavior, but it's more convenient
for users.

Fixes #959

* docs/docs: add note about enable envoy strip host port matching
---
 docs/docs/CHANGELOG.md                      | 1 +
 internal/controlplane/xds_listeners.go      | 5 +++--
 internal/controlplane/xds_listeners_test.go | 1 +
 3 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/docs/docs/CHANGELOG.md b/docs/docs/CHANGELOG.md
index 0b8e4c079..aa7007742 100644
--- a/docs/docs/CHANGELOG.md
+++ b/docs/docs/CHANGELOG.md
@@ -10,6 +10,7 @@
 - authenticate: allow hot reloaded admin users config @cuonglm [GH-984]
 - authorize: include "kid" in JWT headers @cuonglm [GH-1046]
 - config: both base64 and file reference can be used for "certificates" @dmitrif [GH-1055]
+- envoy: enable strip host port matching @cuonglm [GH-1126]
 
 ### Changes
 
diff --git a/internal/controlplane/xds_listeners.go b/internal/controlplane/xds_listeners.go
index 65b27675c..8403dc56c 100644
--- a/internal/controlplane/xds_listeners.go
+++ b/internal/controlplane/xds_listeners.go
@@ -225,8 +225,9 @@ func buildMainHTTPConnectionManagerFilter(options *config.Options, domains []str
 			RandomSampling: &envoy_type_v3.Percent{Value: options.TracingSampleRate * 100},
 		},
 		// See https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers#x-forwarded-for
-		UseRemoteAddress: &wrappers.BoolValue{Value: true},
-		SkipXffAppend:    false,
+		UseRemoteAddress:      &wrappers.BoolValue{Value: true},
+		SkipXffAppend:         false,
+		StripMatchingHostPort: true,
 	})
 
 	return &envoy_config_listener_v3.Filter{
diff --git a/internal/controlplane/xds_listeners_test.go b/internal/controlplane/xds_listeners_test.go
index 39ebdd93a..cbe28959b 100644
--- a/internal/controlplane/xds_listeners_test.go
+++ b/internal/controlplane/xds_listeners_test.go
@@ -308,6 +308,7 @@ func Test_buildMainHTTPConnectionManagerFilter(t *testing.T) {
 				"validateClusters": false
 			},
 			"statPrefix": "ingress",
+			"stripMatchingHostPort": true,
 			"tracing": {
 				"randomSampling": {
 					"value": 0.01