From b1ac01f53ec110438e8be8ab7716e9d7b6ebb7fe Mon Sep 17 00:00:00 2001 From: Alex Auvolat Date: Tue, 25 Jan 2022 17:01:39 +0100 Subject: Try to fix duplicate Host header issue - disable http2 to backend connections even when using tls - forbid hyper from adding a host header --- src/reverse_proxy.rs | 9 +++++---- src/tls_util.rs | 5 ++++- 2 files changed, 9 insertions(+), 5 deletions(-) (limited to 'src') diff --git a/src/reverse_proxy.rs b/src/reverse_proxy.rs index 6ea15a0..c6e0bac 100644 --- a/src/reverse_proxy.rs +++ b/src/reverse_proxy.rs @@ -22,7 +22,7 @@ pub const PROXY_TIMEOUT: Duration = Duration::from_secs(60); const HOP_HEADERS: &[HeaderName] = &[ header::CONNECTION, - //header::KEEP_ALIVE, + // header::KEEP_ALIVE, // not found in http::header header::PROXY_AUTHENTICATE, header::PROXY_AUTHORIZATION, header::TE, @@ -69,7 +69,8 @@ fn create_proxied_request( ) -> Result> { let mut builder = Request::builder() .method(request.method()) - .uri(forward_uri(forward_url, &request)?); + .uri(forward_uri(forward_url, &request)?) + .version(hyper::Version::HTTP_11); *builder.headers_mut().unwrap() = remove_hop_headers(request.headers()); @@ -133,7 +134,7 @@ pub async fn call( let mut connector = HttpConnector::new(); connector.set_connect_timeout(Some(PROXY_TIMEOUT)); - let client: Client<_, hyper::Body> = Client::builder().build(connector); + let client: Client<_, hyper::Body> = Client::builder().set_host(false).build(connector); let response = client.request(proxied_request).await?; @@ -161,7 +162,7 @@ pub async fn call_https( http_connector.set_connect_timeout(Some(PROXY_TIMEOUT)); let connector = HttpsConnectorFixedDnsname::new(tls_config, "dummy", http_connector); - let client: Client<_, hyper::Body> = Client::builder().build(connector); + let client: Client<_, hyper::Body> = Client::builder().set_host(false).build(connector); let response = client.request(proxied_request).await?; trace!("Inner response (HTTPS): {:?}", response); diff --git a/src/tls_util.rs b/src/tls_util.rs index 836f41e..c80dcf8 100644 --- a/src/tls_util.rs +++ b/src/tls_util.rs @@ -21,7 +21,9 @@ pub struct HttpsConnectorFixedDnsname { tls_config: Arc, fixed_dnsname: &'static str, } + type BoxError = Box; + impl HttpsConnectorFixedDnsname { pub fn new( mut tls_config: rustls::ClientConfig, @@ -29,7 +31,7 @@ impl HttpsConnectorFixedDnsname { mut http: HttpConnector, ) -> Self { http.enforce_http(false); - tls_config.alpn_protocols = vec![b"h2".to_vec(), b"http/1.1".to_vec()]; + tls_config.alpn_protocols = vec![b"http/1.1".to_vec()]; Self { http, tls_config: Arc::new(tls_config), @@ -37,6 +39,7 @@ impl HttpsConnectorFixedDnsname { } } } + impl Service for HttpsConnectorFixedDnsname where T: Service, -- cgit v1.2.3