Kong: why "X-Forwarded-Port“ value is not client request port?

Is there an answer? i have the same problem，when i use kong to proxy swagger.

Same issue here.

Same issue here.
I tried looking at a workaround for this by binding ports 443/80 inside the container but the docker image won't allow that at this time because it doesn't use CAP_NET_BIND_SERVICE even if the capability is added to the container. https://github.com/Kong/docker-kong/pull/213 should fix that in theory. But the pr seems stuck.

bump

bump.
Facing issues in Sidekiq with the kong. Sidekiq uses rack which redirects request with the x-forwarded-port

bump
Facing issue with fusionauth

I think the port in host can only be trusted when it comes from a trusted source. Then you need to configure Kong to trust everything, and it will just be a fallback if client does not give X-Forwarded-Port. I am not sure if docker could do proxy_protocol.

Can we please get a resolution on this?

If this can be of any help to anyone; I've used the Serverless Functions plugin as a workaround to this issue. DB-less configuration:

plugins:
  # Workaround for the following issue: https://github.com/Kong/kong/issues/5018
  - name: post-function
    config:
      functions:
        # Lua version of the ternary operator....
        - ngx.var.upstream_x_forwarded_port= ((kong.request.get_header("x-forwarded-proto") == "http") and 80 or 443)

@erikgb I've tried that using KongPlugin as we are using the ingress controller, as seen here: https://github.com/Kong/kong/pull/5561#issuecomment-585724653, and it has not worked for us. It does not seem to change it at all.

Not sure if I am doing something wrong or not.

@erikgb I've tried that using KongPlugin as we are using the ingress controller, as seen here: #5561 (comment), and it has not worked for us. It does not seem to change it at all.

Make sure you are enabling the plugin on the required service.

I've tried enabling on the Service as well with no change.

Any update on the subject, I'm having the same issue with k3s. I disabled Traefik and installed kong ingress directly as a replacement, when I tried the echo services I always get the internal port and IP.
Tried adding proxy_protocol to ports 8000 and 8443 but received another error related to missing x-forwarded headers.
Hope there is a solution for this problem as Traefik is working out of the box with the default configurations but I want to use Kong for its api features

I just removed

USER kong

from Dockerfile
and set

services:
  kong:
    build: kong
    environment:
      KONG_PROXY_LISTEN: 0.0.0.0:80, 0.0.0.0:443 ssl
    ports:
      - 80:80
      - 443:443

We are shipping a configuration switch to fix this:
https://github.com/Kong/kong/pull/5861

This will be available in Kong 2.1.0. Currently going through beta.

I think this issue can be closed. I just verified that the changes in https://github.com/Kong/kong/pull/5861 fixes my problem. What needs to be configured is documented here: https://docs.konghq.com/2.1.x/configuration/#port_maps