aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlex Auvolat <alex@adnab.me>2022-01-25 17:01:39 +0100
committerAlex Auvolat <alex@adnab.me>2022-01-25 17:01:39 +0100
commitb1ac01f53ec110438e8be8ab7716e9d7b6ebb7fe (patch)
tree5867683287e04bd69e93ad21ad1f432c9794a63d
parentea050c7045764f69a6dd25a2b0c75186dddfc50e (diff)
downloadtricot-b1ac01f53ec110438e8be8ab7716e9d7b6ebb7fe.tar.gz
tricot-b1ac01f53ec110438e8be8ab7716e9d7b6ebb7fe.zip
Try to fix duplicate Host header issuedocker-34
- disable http2 to backend connections even when using tls - forbid hyper from adding a host header
-rw-r--r--src/reverse_proxy.rs9
-rw-r--r--src/tls_util.rs5
2 files changed, 9 insertions, 5 deletions
diff --git a/src/reverse_proxy.rs b/src/reverse_proxy.rs
index 6ea15a0..c6e0bac 100644
--- a/src/reverse_proxy.rs
+++ b/src/reverse_proxy.rs
@@ -22,7 +22,7 @@ pub const PROXY_TIMEOUT: Duration = Duration::from_secs(60);
const HOP_HEADERS: &[HeaderName] = &[
header::CONNECTION,
- //header::KEEP_ALIVE,
+ // header::KEEP_ALIVE, // not found in http::header
header::PROXY_AUTHENTICATE,
header::PROXY_AUTHORIZATION,
header::TE,
@@ -69,7 +69,8 @@ fn create_proxied_request<B>(
) -> Result<Request<B>> {
let mut builder = Request::builder()
.method(request.method())
- .uri(forward_uri(forward_url, &request)?);
+ .uri(forward_uri(forward_url, &request)?)
+ .version(hyper::Version::HTTP_11);
*builder.headers_mut().unwrap() = remove_hop_headers(request.headers());
@@ -133,7 +134,7 @@ pub async fn call(
let mut connector = HttpConnector::new();
connector.set_connect_timeout(Some(PROXY_TIMEOUT));
- let client: Client<_, hyper::Body> = Client::builder().build(connector);
+ let client: Client<_, hyper::Body> = Client::builder().set_host(false).build(connector);
let response = client.request(proxied_request).await?;
@@ -161,7 +162,7 @@ pub async fn call_https(
http_connector.set_connect_timeout(Some(PROXY_TIMEOUT));
let connector = HttpsConnectorFixedDnsname::new(tls_config, "dummy", http_connector);
- let client: Client<_, hyper::Body> = Client::builder().build(connector);
+ let client: Client<_, hyper::Body> = Client::builder().set_host(false).build(connector);
let response = client.request(proxied_request).await?;
trace!("Inner response (HTTPS): {:?}", response);
diff --git a/src/tls_util.rs b/src/tls_util.rs
index 836f41e..c80dcf8 100644
--- a/src/tls_util.rs
+++ b/src/tls_util.rs
@@ -21,7 +21,9 @@ pub struct HttpsConnectorFixedDnsname<T> {
tls_config: Arc<rustls::ClientConfig>,
fixed_dnsname: &'static str,
}
+
type BoxError = Box<dyn std::error::Error + Send + Sync>;
+
impl HttpsConnectorFixedDnsname<HttpConnector> {
pub fn new(
mut tls_config: rustls::ClientConfig,
@@ -29,7 +31,7 @@ impl HttpsConnectorFixedDnsname<HttpConnector> {
mut http: HttpConnector,
) -> Self {
http.enforce_http(false);
- tls_config.alpn_protocols = vec![b"h2".to_vec(), b"http/1.1".to_vec()];
+ tls_config.alpn_protocols = vec![b"http/1.1".to_vec()];
Self {
http,
tls_config: Arc::new(tls_config),
@@ -37,6 +39,7 @@ impl HttpsConnectorFixedDnsname<HttpConnector> {
}
}
}
+
impl<T> Service<Uri> for HttpsConnectorFixedDnsname<T>
where
T: Service<Uri>,