diff --git a/README.md b/README.md index e4dda7e..f4ecc95 100644 --- a/README.md +++ b/README.md @@ -212,6 +212,10 @@ myhost.mydomain.com: servers: - "127.0.0.4:8443" - "127.0.0.5:8443" + "/.well-known/acme-challenge": + healthcheck: false + servers: + - "127.0.0.1:8001" ``` **This means:** @@ -226,6 +230,7 @@ myhost.mydomain.com: - Requests to `myhost.mydomain.com/` will be proxied to `127.0.0.1` and `127.0.0.2`. - Plain HTTP to `myhost.mydomain.com/foo` will get 301 redirect to configured TLS port of Aralez. - Requests to `myhost.mydomain.com/foo` will be proxied to `127.0.0.4` and `127.0.0.5`. +- Requests to `myhost.mydomain.com/.well-known/acme-challenge` will be proxied to `127.0.0.1:8001`, but healthcheks are disabled. - SSL/TLS for upstreams is detected automatically, no need to set any config parameter. - Assuming the `127.0.0.5:8443` is SSL protected. The inner traffic will use TLS. - Self-signed certificates are silently accepted. diff --git a/etc/upstreams.yaml b/etc/upstreams.yaml index db38474..06b10ff 100644 --- a/etc/upstreams.yaml +++ b/etc/upstreams.yaml @@ -65,9 +65,11 @@ upstreams: headers: - "X-Some-Thing:Yaaaaaaaaaaaaaaa" servers: - - "192.168.1.1:8000" - - "192.168.1.10:8000" - "127.0.0.1:8000" - "127.0.0.2:8000" - "127.0.0.3:8000" - - "127.0.0.4:8000" \ No newline at end of file + - "127.0.0.4:8000" + "/.well-known/acme-challenge": + healthcheck: false + servers: + - "127.0.0.1:8001" \ No newline at end of file diff --git a/src/utils/consul.rs b/src/utils/consul.rs index 726c93e..36b2a88 100644 --- a/src/utils/consul.rs +++ b/src/utils/consul.rs @@ -128,6 +128,7 @@ async fn get_by_http(url: String, token: Option) -> Option Option, pub headers: Option>, pub rate_limit: Option, + pub healthcheck: Option, } #[derive(Debug, Default)] pub struct Configuration { @@ -108,6 +109,7 @@ pub struct InnerMap { pub is_http2: bool, pub to_https: bool, pub rate_limit: Option, + pub healthcheck: Option, } #[allow(dead_code)] @@ -120,6 +122,7 @@ impl InnerMap { is_http2: Default::default(), to_https: Default::default(), rate_limit: Default::default(), + healthcheck: Default::default(), } } } diff --git a/src/utils/tools.rs b/src/utils/tools.rs index b414bd9..865f96c 100644 --- a/src/utils/tools.rs +++ b/src/utils/tools.rs @@ -155,6 +155,7 @@ pub fn clone_idmap_into(original: &UpstreamsDashMap, cloned: &UpstreamsIdMap) { is_http2: false, to_https: false, rate_limit: None, + healthcheck: None, }; cloned.insert(id, to_add); cloned.insert(hh, x.to_owned()); diff --git a/src/web/proxyhttp.rs b/src/web/proxyhttp.rs index 48bdd1a..b2805d8 100644 --- a/src/web/proxyhttp.rs +++ b/src/web/proxyhttp.rs @@ -67,7 +67,7 @@ impl ProxyHttp for LB { }; let hostname = return_header_host(&session); - _ctx.hostname = hostname.clone(); + _ctx.hostname = hostname; let mut backend_id = None; @@ -85,7 +85,7 @@ impl ProxyHttp for LB { } } - match hostname { + match _ctx.hostname.as_ref() { None => return Ok(false), Some(host) => { // let optioninnermap = self.get_host(host.as_str(), host.as_str(), backend_id); @@ -175,22 +175,12 @@ impl ProxyHttp for LB { } } - async fn upstream_request_filter(&self, session: &mut Session, _upstream_request: &mut RequestHeader, _ctx: &mut Self::CTX) -> Result<()> { - match session.client_addr() { - Some(ip) => { - let inet = ip.as_inet(); - match inet { - Some(addr) => { - _upstream_request - .insert_header("X-Forwarded-For", addr.to_string().split(':').collect::>()[0]) - .unwrap(); - } - None => warn!("Malformed Client IP: {:?}", inet), - } - } - None => { - warn!("Cannot detect client IP"); - } + async fn upstream_request_filter(&self, _session: &mut Session, upstream_request: &mut RequestHeader, ctx: &mut Self::CTX) -> Result<()> { + if let Some(hostname) = ctx.hostname.as_ref() { + upstream_request.insert_header("Host", hostname)?; + } + if let Some(peer) = ctx.upstream_peer.as_ref() { + upstream_request.insert_header("X-Forwarded-For", peer.address.as_str())?; } Ok(()) }