I'm trying to use Nginx as a reverse proxy and the upstream server is an ASP.NET Core application where I've registered the ForwardedHeadersMiddleware, which will read three different X-Forwarded-* headers:
X-Forwarded-ForX-Forwarded-ProtoX-Forwarded-Host
Now, I understand the first two, but find the last one (X-Forwarded-Host) confusing. I've seen Nginx reverse proxy configurations usually rewriting the Host header like so:
location / {
proxy_pass http://app;
proxy_set_header Host $host;
}
But then I've also seen the X-Forwarded-Host being used instead:
location / {
proxy_pass http://app;
proxy_set_header X-Forwarded-Host $host;
}
In some cases both are used at the same time:
location / {
proxy_pass http://app;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
}
I'm not sure what I should do. Why would you use both at the same time? And why would anyone use the X-Forwarded-Host header if they can simply change the Host header directly? I've noticed that the result in my ASP.NET Core app will be the same regardless of whether I set Host or X-Forwarded-Host (or both), in either case, HttpContext.Request.Host is set to the expected value — provided that the forwarded headers middleware is registered, of course.
To my surprise, I couldn't find any relevant information on this issue by googling, so I had to ask this here. What is the right approach to take in this situation?
