works almost. todo: config.toml

2022-06-25 09:31:13 -04:00 · 2022-06-25 09:31:13 -04:00 · 744b65b738
commit 744b65b738
parent 9c34c259ef
6 changed files with 74 additions and 23 deletions
--- a/config-example.toml
+++ b/config-example.toml
@ -18,21 +18,22 @@ app_name = 'localhost' # this should be option, if null then same as hostname
 hostname = 'localhost'
 https_redirection = true
 reverse_proxy = [
-  { path = '*', destination = '192.168.10.0:3000', tls = true },
+  # default destination if path is not specified
-  { path = '/path/to', destination = '192.168.10.1:4000', tls = true },
+  { destination = 'www.google.com', tls = true },
  { destination = 'www.bing.com', path = '/maps', tls = true },
 ]
 ## List of destinations to send data to.
 ## At this point, round-robin is used for load-balancing if multiple URLs are specified.
-allowhosts = ['127.0.0.1', '::1', '192.168.10.0/24']
+# allowhosts = ['127.0.0.1', '::1', '192.168.10.0/24'] # TODO
-denyhosts = ['*']
+# denyhosts = ['*'] # TODO
-tls_cert_path = 'localhost1.pem'
+tls_cert_path = 'localhost.pem'
-tls_cert_key_path = 'localhost1.pem'
+tls_cert_key_path = 'localhost.pem'
 [[application]]
 app_name = 'locahost_application'
 hostname = 'localhost.localdomain'
 https_redirection = true
-reverse_proxy = [{ path = '/', destination = 'www.google.com', tls = true }]
+reverse_proxy = [{ destination = 'www.google.com', tls = true }]
-tls_cert_path = 'localhost2.pem'
+tls_cert_path = 'localhost.pem'
-tls_cert_key_path = 'localhost2.pem'
+tls_cert_key_path = 'localhost.pem'
--- a/lolalhost.pem
+++ b/lolalhost.pem
@ -0,0 +1,47 @@
 -----BEGIN PRIVATE KEY-----
 MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDb7g6EQhbfby97
 k4oMbZTzdi2TWFBs7qK/QwgOu+L6EhNHPO1ZEU29v0APFBFJO5zyyAk9bZ9k9tPB
 bCuVVI9jEUfLH3UCjEQPG6XI2w++uVh0yALvc/uurCvRHVlle/V7cAoikndc2SjE
 RQUALbACIqwD5g0F77BYwcsreB4GH253/R6Q2/CJZ4jNHPjkocOJiVr3ejA0kkoN
 MXpGUXWcrVVk20M2A1CeO7HAulLRcklEdoHE3v46pjp0iZK0F9LyZX1U1ql+4QL3
 iQttoZ4tMg83lFHSt4G9PrpIhzXr9W4NW822faSvrIwwN/JbItUmRa7n/3+MkuJQ
 IGGNDayXAgMBAAECggEBANs0fmGSocuXvYL1Pi4+9qxnCOwIpTi97Zam0BwnZwcL
 Bw4FCyiwV4UdX1LoFIailT9i49rHLYzre4oZL6OKgdQjQCSTuQOOHLPWQbpdpWba
 w/C5/jr+pkemMZIfJ6BAGiArPt7Qj4oKpFhj1qUj5H9sYXkNTcOx8Fm25rLv6TT9
 O7wg0oCpyG+iBSbCYBp9mDMz8pfo4P3BhcFiyKCKeiAC6KuHU81dvuKeFB4XQK+X
 no2NqDqe6MBkmTqjNNy+wi1COR7lu34LPiWU5Hq5PdIEqBBUMjlMI6oYlhlgNTdx
 SvsqFz3Xs6kpAhJTrSiAqscPYosgaMQxo+LI26PJnikCgYEA9n0OERkm0wSBHnHY
 Kx8jaxNYg93jEzVnEgI/MBTJZqEyCs9fF6Imv737VawEN/BhesZZX7bGZQfDo8AT
 aiSa5upkkSGXEqTu5ytyoKFTb+dJ/qmx3+zP6dPVzDnc8WPYMoUg7vvjZkXXJgZX
 +oMlMUW1wWiDNI3wP19W9Is6xssCgYEA5GqkUBEns6eTFJV0JKqbEORJJ7lx5NZe
 cIx+jPpLkILG4mOKOg1TBx0wkxa9cELtsNsM+bPtu9OqRMhsfPBmsXDHhJwg0Z6G
 eDTfYYPkpRhwZvl6jBZn9sLVR9wfg2hE+n0lfV3mceg336KOkwAehDU84SWZ2e0S
 esqkpbHJa+UCgYA7PY0O8POSzcdWkNf6bS5vAqRIdSCpMjGGc4HKRYSuJNnJHVPm
 czNK7Bcm3QPaiexzvI4oYd5G09niVjyUSx3rl7P56Y/MjFVau+d90agjAfyXtyMo
 BVtnAGGnBtUiMvP4GGT06xcZMnnmCqpEbBaZQ/7N8Bdwnxh5sqlMdtX2hwKBgAhL
 hyQRO2vezgyVUN50A6WdZLq4lVZGIq/bqkzcWhopZaebDc4F5doASV9OGBsXkyI1
 EkePLTcA/NH6pVX0NQaEnfpG4To7k46R/PrBm3ATbyGONdEYjzX65VvytoJDKx4d
 pVrkKhZA5KaOdLcJ7hHHDSrv/qJXZbBn44rQ5guxAoGBAJ6oeUsUUETakxlmIhmK
 xuQmWqLf97BKt8r6Z8CqHKWK7vpG2OmgFYCQGaR7angQ8hmAOv6jM56XhoagDBoc
 UoaoEyo9/uCk6NRUkUMj7Tk/5UQSiWLceVH27w+icMFhf1b7EmmNfk+APsiathO5
 j4edf1AinVCPwRVVu1dtLL5P
 -----END PRIVATE KEY-----
 -----BEGIN CERTIFICATE-----
 MIIDAjCCAeoCCQCptj0+TjjIJjANBgkqhkiG9w0BAQsFADBDMREwDwYDVQQKDAhE
 TlNDcnlwdDEaMBgGA1UECwwRTG9jYWwgdGVzdCBzZXJ2ZXIxEjAQBgNVBAMMCWxv
 Y2FsaG9zdDAeFw0xOTExMTgxNDA2MzBaFw0zMzA3MjcxNDA2MzBaMEMxETAPBgNV
 BAoMCEROU0NyeXB0MRowGAYDVQQLDBFMb2NhbCB0ZXN0IHNlcnZlcjESMBAGA1UE
 AwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2+4O
 hEIW328ve5OKDG2U83Ytk1hQbO6iv0MIDrvi+hITRzztWRFNvb9ADxQRSTuc8sgJ
 PW2fZPbTwWwrlVSPYxFHyx91AoxEDxulyNsPvrlYdMgC73P7rqwr0R1ZZXv1e3AK
 IpJ3XNkoxEUFAC2wAiKsA+YNBe+wWMHLK3geBh9ud/0ekNvwiWeIzRz45KHDiYla
 93owNJJKDTF6RlF1nK1VZNtDNgNQnjuxwLpS0XJJRHaBxN7+OqY6dImStBfS8mV9
 VNapfuEC94kLbaGeLTIPN5RR0reBvT66SIc16/VuDVvNtn2kr6yMMDfyWyLVJkWu
 5/9/jJLiUCBhjQ2slwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQA6Vz5HnGuy8jZz
 5i8ipbcDMCZNdpYYnxgD53hEKOfoSv7LaF0ztD8Kmg3s5LHv9EHlkK3+G6FWRGiP
 9f6IbtRITaiVQP3M13T78hpN5Qq5jgsqjR7ZcN7Etr6ZFd7G/0+mzqbyBuW/3szt
 RdX/YLy1csvjbZoNNuXGWRohXjg0Mjko2tRLmARvxA/gZV5zWycv3BD2BPzyCdS9
 MDMYSF0RPiL8+alfwLNqLcqMA5liHlmZa85uapQyoUI3ksKJkEgU53aD8cYhH9Yn
 6mVpsrvrcRLBiHlbi24QBolhFkCSRK8bXes8XDIPuD8iYRwlrVBwOakMFQWMqNfI
 IMOKJomU
 -----END CERTIFICATE-----
--- a/src/config/mod.rs
+++ b/src/config/mod.rs
@ -0,0 +1,3 @@
 mod parse;
 pub use parse::parse_opts;
--- a/src/config/parse.rs
+++ b/src/config/parse.rs
@ -32,10 +32,11 @@ pub fn parse_opts(globals: &mut Globals, backends: &mut HashMap<String, Backend>
      app_name: "Localhost to Google except for maps".to_string(),
      hostname: "localhost".to_string(),
      reverse_proxy: ReverseProxy {
-        default_destination_uri: "https://www.google.com".parse::<Uri>().unwrap(),
+        // default_destination_uri: "http://www.google.com".parse::<Uri>().unwrap(),
        default_destination_uri: "http://abehiroshi.la.coocan.jp/".parse::<Uri>().unwrap(), // httpのみの場合の好例
        destination_uris: map_example,
      },
-      https_redirection: Some(true), // TODO: ここはtlsが存在する時はSomeにすべき。Noneはtlsがないときのみのはず
+      https_redirection: Some(false), // TODO: ここはtlsが存在する時はSomeにすべき。Noneはtlsがないときのみのはず
      tls_cert_path: Some(PathBuf::from(r"localhost1.pem")),
      tls_cert_key_path: Some(PathBuf::from(r"localhost1.pem")),
--- a/src/proxy/proxy_handler.rs
+++ b/src/proxy/proxy_handler.rs
@ -4,7 +4,8 @@ use crate::{error::*, log::*};
 use hyper::{
  client::connect::Connect,
  header::{HeaderMap, HeaderValue},
-  Body, Request, Response, StatusCode, Uri,
+  http::uri::Scheme,
  Body, Request, Response, StatusCode, Uri, Version,
 };
 use std::net::SocketAddr;
 use tokio::io::copy_bidirectional;
@ -144,16 +145,6 @@ fn generate_request_forwarded<B: core::fmt::Debug>(
 ) -> Result<Request<B>> {
  debug!("Generate request to be forwarded");
  // update "host" key in request header
  if req.headers().contains_key("host") {
    // HTTP/1.1
    req.headers_mut().insert(
      "host",
      HeaderValue::from_str(destination_scheme_host.host().unwrap())
        .map_err(|_| anyhow!("Failed to insert destination host into forwarded request"))?,
    );
  }
  // Add te: trailer if contained in original request
  let te_trailer = {
    if let Some(te) = req.headers().get("te") {
@ -178,6 +169,9 @@ fn generate_request_forwarded<B: core::fmt::Debug>(
    headers.insert("te", "trailer".parse().unwrap());
  }
  // Drop "host" key in request header to specify uri in absolute form
  req.headers_mut().remove("host");
  // update uri in request
  *req.uri_mut() = Uri::builder()
    .scheme(destination_scheme_host.scheme().unwrap().as_str())
@ -193,6 +187,11 @@ fn generate_request_forwarded<B: core::fmt::Debug>(
      .insert("connection", HeaderValue::from_str("upgrade")?);
  }
  // Change version to http/1.1 when destination scheme is http
  if req.version() != Version::HTTP_11 && destination_scheme_host.scheme() == Some(&Scheme::HTTP) {
    *req.version_mut() = Version::HTTP_11;
  }
  Ok(req)
 }
--- a/src/proxy/proxy_main.rs
+++ b/src/proxy/proxy_main.rs
@ -61,7 +61,6 @@ where
    self.globals.runtime_handle.clone().spawn(async move {
      tokio::time::timeout(
        self.globals.timeout + Duration::from_secs(1),
        // server.serve_connection(stream, self),
        server.serve_connection(
          stream,
          service_fn(move |req: Request<Body>| self.clone().handle_request(req, peer_addr)),
@ -71,6 +70,7 @@ where
      .ok();
      clients_count.decrement();
      debug!("Client #: {}", clients_count.current());
    });
  }