My Spring Boot 2.2.0 application with Spring Web MVC is running behind a reverse proxy. How can Spring cope properly with X-Forwarded-{Prefix,Host,Proto}-headers to recognize the actual request made to the server?
With Spring Boot <= 2.1.x you had to provide a ForwardedHeaderFilter-Bean. Since Spring Boot 2.2.0 you don't have to do this anymore. Add server.forward-headers-strategy=NATIVE or server.forward-headers-strategy=FRAMEWORK to your application.properties-file.
NATIVE means that the servlet container (e.g. undertow, tomcat) is resolving the x-forwarded-*-headers which is fine in most cases. If you rely on X-Forwarded-Prefix than you must use FRAMEWORK so that request.getContextPath() is set properly.
Example:
User types into browser: https://mydomain.tld/my-microservice/actuator
the microservice "my-microservice" (e.g. user-service) shall handle the request; it's running on localhost:8080
reverse-proxy forwards the request like this:
// Forwarded-Request from Reverse Proxy to your microservice
GET http://localhost:8080/actuator/
X-Forwarded-Host: mydomain.tld
X-Forwarded-Proto: https
X-Forwarded-Prefix: /my-microservice
Debugging into a HttpServletRequest will result in:
request.getRequestURL(): "https://mydomain.tld/my-microservice/actuator/"
request.getScheme(): "https"
request.getContextPath(): "/my-microservice"
new UrlPathHelper().getPathWithinApplication(request): "/actuator"