We’re currently planning to use a design whereby we have a Rancher agent cluster fronted by an ELB (or equivalent) which will proxy requests to the Rancher agent hosts and also perform SSL termination. The cluster will host several services which will each have their own Rancher LB. The services themselves are returning JSON-LD payloads, which contain links to other resources that need to be externally accessible. As such, the services require accurate information with regards to X-Forwarded-Host, X-Forwarded-Port and X-Forwarded-Proto headers in order to construct responses that contain the correct links with the externally accessible host, port and scheme.
The problem we’re currently having is that although the ELB is setting these headers correctly, the Rancher LBs are overwriting the X-Forwarded-Port with whatever port they’re running on. All the other headers are fine, its just the port that we’re having an issue with. The current behavior we see only really works if the Rancher LB is the edge proxy, which in our case is not true (and there seems to be plenty of people using an edge LB that lives outside of Rancher).
Is there any way to work around this?