From 810f45248a2f24e9023d69e57ea1d13d52f55d74 Mon Sep 17 00:00:00 2001 From: Jun Kurihara Date: Sat, 23 Jul 2022 13:27:01 +0900 Subject: [PATCH] suppress debug output for debug... --- src/backend.rs | 8 ++++---- src/constants.rs | 2 +- src/proxy/proxy_tls.rs | 22 ++++++++++++++-------- 3 files changed, 19 insertions(+), 13 deletions(-) diff --git a/src/backend.rs b/src/backend.rs index cc29dbc..d7bd7df 100644 --- a/src/backend.rs +++ b/src/backend.rs @@ -207,7 +207,7 @@ impl Backends { pub async fn generate_server_crypto_with_cert_resolver(&self) -> Result { let mut resolver = ResolvesServerCertUsingSni::new(); - let mut cnt = 0; + // let mut cnt = 0; for (_, backend) in self.apps.iter() { if backend.tls_cert_key_path.is_some() && backend.tls_cert_path.is_some() { match backend.read_certs_and_key() { @@ -219,8 +219,8 @@ impl Backends { e ) } else { - debug!("Add certificate for server_name: {}", backend.server_name.as_str()); - cnt += 1; + // debug!("Add certificate for server_name: {}", backend.server_name.as_str()); + // cnt += 1; } } Err(e) => { @@ -229,7 +229,7 @@ impl Backends { } } } - debug!("Load certificate chain for {} server_name's", cnt); + // debug!("Load certificate chain for {} server_name's", cnt); let mut server_config = ServerConfig::builder() .with_safe_defaults() diff --git a/src/constants.rs b/src/constants.rs index d33486a..4abc782 100644 --- a/src/constants.rs +++ b/src/constants.rs @@ -7,7 +7,7 @@ pub const UPSTREAM_TIMEOUT_SEC: u64 = 60; pub const MAX_CLIENTS: usize = 512; pub const MAX_CONCURRENT_STREAMS: u32 = 64; // #[cfg(feature = "tls")] -pub const CERTS_WATCH_DELAY_SECS: u32 = 30; +pub const CERTS_WATCH_DELAY_SECS: u32 = 60; // #[cfg(feature = "http3")] // pub const H3_RESPONSE_BUF_SIZE: usize = 65_536; // 64KB diff --git a/src/proxy/proxy_tls.rs b/src/proxy/proxy_tls.rs index 1f81aaa..77d8ad8 100644 --- a/src/proxy/proxy_tls.rs +++ b/src/proxy/proxy_tls.rs @@ -54,16 +54,22 @@ where } let (raw_stream, client_addr) = tcp_cnx.unwrap(); - if let Ok(stream) = tls_acceptor.as_ref().unwrap().accept(raw_stream).await { - // Retrieve SNI - let (_, conn) = stream.get_ref(); - let server_name = conn.sni_hostname(); - debug!("HTTP/2 or 1.1: SNI in ClientHello: {:?}", server_name); - let server_name = server_name.map_or_else(|| None, |v| Some(v.as_bytes().to_ascii_lowercase())); - if server_name.is_none(){ + match tls_acceptor.as_ref().unwrap().accept(raw_stream).await { + Ok(stream) => { + // Retrieve SNI + let (_, conn) = stream.get_ref(); + let server_name = conn.sni_hostname(); + debug!("HTTP/2 or 1.1: SNI in ClientHello: {:?}", server_name); + let server_name = server_name.map_or_else(|| None, |v| Some(v.as_bytes().to_ascii_lowercase())); + if server_name.is_none(){ + continue; + } + self.clone().client_serve(stream, server.clone(), client_addr, server_name); // TODO: don't want to pass copied value... + }, + Err(e) => { + error!("Failed to accept TLS stream {}", e); continue; } - self.clone().client_serve(stream, server.clone(), client_addr, server_name); // TODO: don't want to pass copied value... } } _ = server_crypto_rx.changed().fuse() => {