From b577413d3b3fa5241f2c1fac6e095ec31a7e312e Mon Sep 17 00:00:00 2001 From: Aliaksandr Valialkin Date: Sun, 17 Mar 2024 20:19:23 +0200 Subject: [PATCH] lib/promauth: properly set `Host` header in requests to scrape targets. The `Host` header must be set via net/http.Request.Host field, since net/http.Client ignores this header if it is set via Request.Header.Set(). Updates https://github.com/VictoriaMetrics/VictoriaMetrics/issues/5969 Updates https://github.com/VictoriaMetrics/VictoriaMetrics/pull/5970 --- docs/CHANGELOG.md | 1 + lib/promauth/config.go | 9 +++++++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md index 3b2d070e1f..13fa841465 100644 --- a/docs/CHANGELOG.md +++ b/docs/CHANGELOG.md @@ -52,6 +52,7 @@ See also [LTS releases](https://docs.victoriametrics.com/lts-releases/). * FEATURE: [vmctl](https://docs.victoriametrics.com/vmctl.html): support client-side TLS configuration for [native protocol](https://docs.victoriametrics.com/vmctl/#migrating-data-from-victoriametrics). See [this feature request](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/5748). Thanks to @khushijain21 for the [pull request](https://github.com/VictoriaMetrics/VictoriaMetrics/pull/5824). * FEATURE: [vmctl](https://docs.victoriametrics.com/vmctl.html): support client-side TLS configuration for VictoriaMetrics destination specified via `--vm-*` cmd-line flags used in [InfluxDB](https://docs.victoriametrics.com/vmctl/#migrating-data-from-influxdb-1x), [Remote Read protocol](https://docs.victoriametrics.com/vmctl/#migrating-data-by-remote-read-protocol), [OpenTSDB](https://docs.victoriametrics.com/vmctl/#migrating-data-from-opentsdb), [Prometheus](https://docs.victoriametrics.com/vmctl/#migrating-data-from-prometheus) and [Promscale](https://docs.victoriametrics.com/vmctl/#migrating-data-from-promscale) migration modes. +* BUGFIX: [vmagent](https://docs.victoriametrics.com/vmagent.html): properly set `Host` header in requests to scrape targets if it is specified via [`headers` option](https://docs.victoriametrics.com/sd_configs/#http-api-client-options). Thanks to @fholzer for [the bugreport](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/5969) and [the fix](https://github.com/VictoriaMetrics/VictoriaMetrics/pull/5970). * BUGFIX: do not drop `match[]` filter at [`/api/v1/series`](https://docs.victoriametrics.com/url-examples/#apiv1series) if `-search.ignoreExtraFiltersAtLabelsAPI` command-line flag is set, since missing `match[]` filter breaks `/api/v1/series` requests. * BUGFIX: [stream aggregation](https://docs.victoriametrics.com/stream-aggregation/): take into account sample timestamp during [deduplication](https://docs.victoriametrics.com/stream-aggregation/#deduplication). If multiple samples have the same timestamp on the configured deduplication interval, then the sample with the biggest value is kept. The logic is aligned with [`-dedup.minScrapeInterval`](https://docs.victoriametrics.com/#deduplication). * BUGFIX: [vmctl](https://docs.victoriametrics.com/vmctl.html): properly parse TLS key and CA files for [InfluxDB](https://docs.victoriametrics.com/vmctl/#migrating-data-from-influxdb-1x) and [OpenTSDB](https://docs.victoriametrics.com/vmctl/#migrating-data-from-opentsdb) migration modes. diff --git a/lib/promauth/config.go b/lib/promauth/config.go index 29996883dd..b06a17b4b3 100644 --- a/lib/promauth/config.go +++ b/lib/promauth/config.go @@ -307,7 +307,7 @@ func parseHeaders(headers []string) ([]keyValue, error) { return nil, fmt.Errorf(`missing ':' in header %q; expecting "key: value" format`, h) } kv := &kvs[i] - kv.key = strings.TrimSpace(h[:n]) + kv.key = http.CanonicalHeaderKey(strings.TrimSpace(h[:n])) kv.value = strings.TrimSpace(h[n+1:]) } return kvs, nil @@ -335,7 +335,12 @@ func (ac *Config) SetHeaders(req *http.Request, setAuthHeader bool) error { } reqHeaders := req.Header for _, h := range ac.headers { - reqHeaders.Set(h.key, h.value) + if h.key == "Host" { + // Host header must be set via req.Host - see https://github.com/VictoriaMetrics/VictoriaMetrics/issues/5969 + req.Host = h.value + } else { + reqHeaders.Set(h.key, h.value) + } } if setAuthHeader { ah, err := ac.GetAuthHeader()