diff --git a/etc/main.yaml b/etc/main.yaml index d189007..45434ee 100644 --- a/etc/main.yaml +++ b/etc/main.yaml @@ -5,7 +5,9 @@ pid_file: /tmp/load_balancer.pid error_log: /tmp/load_balancer_err.log upgrade_sock: /tmp/load_balancer.sock proxy_address_http: 0.0.0.0:6193 -proxy_address_tls: 0.0.0.0:6194 +proxy_address_tls: 0.0.0.0:6194 # Optionnal +tls_certificate: etc/server.crt # Mandatory if proxy_address_tls if exists +tls_key_file: etc/key.pem # Mandatory if proxy_address_tls if exists config_address: 0.0.0.0:3000 upstreams_conf: etc/upstreams.yaml #idle_timeout: 1000 diff --git a/etc/upstreams.yaml b/etc/upstreams.yaml index c03116d..33c6535 100644 --- a/etc/upstreams.yaml +++ b/etc/upstreams.yaml @@ -4,7 +4,6 @@ globals: - "Access-Control-Allow-Origin:*" - "Access-Control-Allow-Methods:POST, GET, OPTIONS" - "Access-Control-Max-Age:86400" - - "Hujukulu-Header-HoHoHo:Me No Ho Ho Ho" consul: servers: - "http://master1:8500" @@ -74,9 +73,15 @@ upstreams: ssl: true servers: - "apt.netangels.net:443" + test.netangels.net: + paths: + "/": + ssl: false + servers: + - "myip.netangels.net:80" 127.0.0.1: paths: - "/camerastatus": + "/": ssl: false servers: - "192.168.1.5:8080" \ No newline at end of file diff --git a/src/web/proxyhttp.rs b/src/web/proxyhttp.rs index 56dc2c5..b3e9db0 100644 --- a/src/web/proxyhttp.rs +++ b/src/web/proxyhttp.rs @@ -6,11 +6,13 @@ use dashmap::DashMap; use futures::channel::mpsc; use futures::StreamExt; use log::{debug, error, info, warn}; +use pingora::http::RequestHeader; use pingora::prelude::*; use pingora_core::prelude::HttpPeer; use pingora_core::server::ShutdownWatch; use pingora_core::services::background::BackgroundService; -use pingora_http::{RequestHeader, ResponseHeader}; +use pingora_http::ResponseHeader; + use pingora_proxy::{ProxyHttp, Session}; use std::ops::Deref; use std::sync::atomic::Ordering; @@ -138,7 +140,6 @@ impl GetHost for LB { let host_entry = self.ump_upst.get(peer)?; let mut current_path = path.to_string(); let mut best_match: Option<(String, u16, bool)> = None; - loop { if let Some(entry) = host_entry.get(¤t_path) { let (servers, index) = entry.value(); @@ -199,11 +200,13 @@ impl ProxyHttp for LB { type CTX = (); fn new_ctx(&self) -> Self::CTX {} async fn upstream_peer(&self, session: &mut Session, _ctx: &mut Self::CTX) -> Result> { - let host_name = session.req_header().headers.get("host"); + let host_name = return_header_host(&session); + match host_name { Some(host) => { - let header_host = host.to_str().unwrap().split(':').collect::>(); - let ddr = self.get_host(header_host[0], session.req_header().uri.path(), session.is_upgrade_req()); + // session.req_header_mut().headers.insert("X-Host-Name", host.to_string().parse().unwrap()); + + let ddr = self.get_host(host, host, session.is_upgrade_req()); match ddr.await { Some((host, port, ssl)) => { let peer = Box::new(HttpPeer::new((host, port), ssl, String::new())); @@ -265,15 +268,28 @@ impl ProxyHttp for LB { { // _upstream_response.insert_header("X-Proxied-From", "Fooooooooooooooo").unwrap(); - let host = _session.req_header().headers.get("Host"); - match host { + let host_name = return_header_host(&_session); + match host_name { Some(host) => { let path = _session.req_header().uri.path(); - let yoyo = self.get_header(host.to_str().unwrap(), path).await; - - for k in yoyo.iter() { - for t in k.iter() { - _upstream_response.insert_header(t.0.clone(), t.1.clone()).unwrap(); + let host_header = host; + let split_header = host_header.split_once(':'); + match split_header { + Some(sh) => { + let yoyo = self.get_header(sh.0, path).await; + for k in yoyo.iter() { + for t in k.iter() { + _upstream_response.insert_header(t.0.clone(), t.1.clone()).unwrap(); + } + } + } + None => { + let yoyo = self.get_header(host_header, path).await; + for k in yoyo.iter() { + for t in k.iter() { + _upstream_response.insert_header(t.0.clone(), t.1.clone()).unwrap(); + } + } } } } @@ -288,3 +304,20 @@ impl ProxyHttp for LB { // info!("{}, response code: {response_code}", self.request_summary(session, ctx)); } } + +fn return_header_host(session: &Session) -> Option<&str> { + if session.is_http2() { + match session.req_header().uri.host() { + Some(host) => Option::from(host), + None => None, + } + } else { + match session.req_header().headers.get("host") { + Some(host) => { + let header_host = host.to_str().unwrap().splitn(2, ':').collect::>(); + Option::from(header_host[0]) + } + None => None, + } + } +} diff --git a/src/web/start.rs b/src/web/start.rs index 0bac466..a40c211 100644 --- a/src/web/start.rs +++ b/src/web/start.rs @@ -1,6 +1,7 @@ use crate::utils::tools::*; use crate::web::proxyhttp::LB; use dashmap::DashMap; +use log::info; use pingora_core::prelude::{background_service, Opt}; use pingora_core::server::Server; use std::env; @@ -72,9 +73,22 @@ pub fn run() { let bg_srvc = background_service("bgsrvc", bg); let mut proxy = pingora_proxy::http_proxy_service(&server.configuration, lb); - let bindaddress = cfg.get("proxy_address_http").unwrap(); + let bind_address_http = cfg.get("proxy_address_http").unwrap(); - proxy.add_tcp(bindaddress.as_str()); + let bind_address_tls = cfg.get("proxy_address_tls"); + match bind_address_tls { + Some(bind_address_tls) => { + info!("Running TLS listener on :{}", bind_address_tls.value()); + let cert_path = cfg.get("tls_certificate").unwrap(); + let key_path = cfg.get("tls_key_file").unwrap(); + let mut tls_settings = pingora_core::listeners::tls::TlsSettings::intermediate(&cert_path, &key_path).unwrap(); + tls_settings.enable_h2(); + proxy.add_tls_with_settings(bind_address_tls.value(), None, tls_settings); + } + None => {} + } + info!("Running HTTP listener on :{}", bind_address_http.as_str()); + proxy.add_tcp(bind_address_http.as_str()); server.add_service(proxy); server.add_service(bg_srvc);