Nginx reverse proxy with istio ingress

1

Hello folks!

We have the following architecture in our microservice based app:

client (react.js) → nginx gateway → nginx load balancer → ingress istio → – routing rule → service → pod (spring boot microservice)

we have external nginx reverce proxy server that sits in front of istio.

we have the following nginx reverse proxy configuration:

http {

upstream backend {
server dns-of-the-ingress:80;
}

server {
server_name dns_of_frontend_app_deployed_on_nginx_web_server;
listen 80;

proxy_add_header Host                      $host;
proxy_add_header X-Real-IP              $remote_addr;
proxy_add_header X-Forwarded-For  $proxy_add_x_forwarded_for;

location /microservice1/ {
   proxy_pass  http://backend;
}

location /microservice2/ {
   proxy_pass  http://backend;
}

}
}

Istio Ingress config

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: httpbin-gateway
spec:
selector:
istio: ingressgateway
servers:

  • port:
    number: 80
    name: http
    protocol: HTTP
    hosts:
    • “dns-of-the-ingress”

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: httpbin
spec:
hosts:

  • “*”
    gateways:
  • httpbin-gateway
    http:
  • match:
    • uri:
      prefix: /microservice1
      route:
    • destination:
      port:
      number: 8000
  • match:
    • uri:
      prefix: /microservice2
      route:
    • destination:
      port:
      number: 8000
      host: ‘*’

the problem is when I call microservice 1 or microservice 2 like below

curl -v dns-of-the-ingress/microservice1
or
curl -v dns-of-the-ingress/microservice2
it works as it’s supposed to.

but when I call the microservices like below

curl -v dns_of_frontend_app_deployed_on_nginx_web_server/microservice1
or
curl -v ip-of-the-ingress/microservice1

where ip-of-the-ingress = ping dns-of-the-ingress

it doesn’t work, I get a 404 error - resource doesnt exist.
I’ve checked the nginx logs and it’s clear that nginx reverse proxy resolves dns name to ip prior calling the microservices. curl -v ip-of-the-ingress/microservice1

i wonder why ingress doesnt understand ip-of-the-ingress/microservice1 calls, but everything works with dns-of-the-ingress/microservice1

what’s wrong with my configuration.

any help would be greately appreciated!

2

I would guess the Istio Ingress only understands hostnames, no IPs. So when you send traffic to nginx, it will send the header Host and that will be recognisable by Istio. I guess the 404 comes from Istio. Could you confirm that?

3

If you target IP address then you need to set the Host header in your curl command

The routing is perfumed based on the Host Header