diff options
| author | Alex Auvolat <alex@adnab.me> | 2022-01-25 17:01:39 +0100 |
|---|---|---|
| committer | Alex Auvolat <alex@adnab.me> | 2022-01-25 17:01:39 +0100 |
| commit | b1ac01f53ec110438e8be8ab7716e9d7b6ebb7fe (patch) | |
| tree | 5867683287e04bd69e93ad21ad1f432c9794a63d | |
| parent | ea050c7045764f69a6dd25a2b0c75186dddfc50e (diff) | |
| download | tricot-b1ac01f53ec110438e8be8ab7716e9d7b6ebb7fe.tar.gz tricot-b1ac01f53ec110438e8be8ab7716e9d7b6ebb7fe.zip | |
Try to fix duplicate Host header issuedocker-34
- disable http2 to backend connections even when using tls
- forbid hyper from adding a host header
| -rw-r--r-- | src/reverse_proxy.rs | 9 | ||||
| -rw-r--r-- | src/tls_util.rs | 5 |
2 files changed, 9 insertions, 5 deletions
diff --git a/src/reverse_proxy.rs b/src/reverse_proxy.rs index 6ea15a0..c6e0bac 100644 --- a/src/reverse_proxy.rs +++ b/src/reverse_proxy.rs @@ -22,7 +22,7 @@ pub const PROXY_TIMEOUT: Duration = Duration::from_secs(60); const HOP_HEADERS: &[HeaderName] = &[ header::CONNECTION, - //header::KEEP_ALIVE, + // header::KEEP_ALIVE, // not found in http::header header::PROXY_AUTHENTICATE, header::PROXY_AUTHORIZATION, header::TE, @@ -69,7 +69,8 @@ fn create_proxied_request<B>( ) -> Result<Request<B>> { let mut builder = Request::builder() .method(request.method()) - .uri(forward_uri(forward_url, &request)?); + .uri(forward_uri(forward_url, &request)?) + .version(hyper::Version::HTTP_11); *builder.headers_mut().unwrap() = remove_hop_headers(request.headers()); @@ -133,7 +134,7 @@ pub async fn call( let mut connector = HttpConnector::new(); connector.set_connect_timeout(Some(PROXY_TIMEOUT)); - let client: Client<_, hyper::Body> = Client::builder().build(connector); + let client: Client<_, hyper::Body> = Client::builder().set_host(false).build(connector); let response = client.request(proxied_request).await?; @@ -161,7 +162,7 @@ pub async fn call_https( http_connector.set_connect_timeout(Some(PROXY_TIMEOUT)); let connector = HttpsConnectorFixedDnsname::new(tls_config, "dummy", http_connector); - let client: Client<_, hyper::Body> = Client::builder().build(connector); + let client: Client<_, hyper::Body> = Client::builder().set_host(false).build(connector); let response = client.request(proxied_request).await?; trace!("Inner response (HTTPS): {:?}", response); diff --git a/src/tls_util.rs b/src/tls_util.rs index 836f41e..c80dcf8 100644 --- a/src/tls_util.rs +++ b/src/tls_util.rs @@ -21,7 +21,9 @@ pub struct HttpsConnectorFixedDnsname<T> { tls_config: Arc<rustls::ClientConfig>, fixed_dnsname: &'static str, } + type BoxError = Box<dyn std::error::Error + Send + Sync>; + impl HttpsConnectorFixedDnsname<HttpConnector> { pub fn new( mut tls_config: rustls::ClientConfig, @@ -29,7 +31,7 @@ impl HttpsConnectorFixedDnsname<HttpConnector> { mut http: HttpConnector, ) -> Self { http.enforce_http(false); - tls_config.alpn_protocols = vec![b"h2".to_vec(), b"http/1.1".to_vec()]; + tls_config.alpn_protocols = vec![b"http/1.1".to_vec()]; Self { http, tls_config: Arc::new(tls_config), @@ -37,6 +39,7 @@ impl HttpsConnectorFixedDnsname<HttpConnector> { } } } + impl<T> Service<Uri> for HttpsConnectorFixedDnsname<T> where T: Service<Uri>, |