tuxmain/rust-rpxy
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #101 from junkurihara/develop

Browse source 
0.6.2
This commit is contained in:
Jun Kurihara 2023-10-12 12:25:39 +09:00 committed by GitHub
commit 9340679d70
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
14 changed files with 278 additions and 92 deletions
Download patch file Download diff file Expand all files Collapse all files

17
.github/dependabot.yml vendored
View file

@ -5,17 +5,23 @@ version: 2
updates: updates:
# Enable version updates for cargo # Enable version updates for cargo
- package-ecosystem: "cargo" - package-ecosystem: "cargo"
# Look for `Cargo.toml` and `lock` files in the `root` directory
directory: "/" directory: "/"
# Check the crates.io for updates every day (weekdays) schedule:
interval: "daily"
- package-ecosystem: "cargo"
directory: "/rpxy-bin"
schedule:
interval: "daily"
- package-ecosystem: "cargo"
directory: "/rpxy-lib"
schedule: schedule:
interval: "daily" interval: "daily"
# Enable version updates for Docker # Enable version updates for Docker
- package-ecosystem: "docker" - package-ecosystem: "docker"
# Look for a `Dockerfile` in the `root` directory directory: "/docker"
directory: "/"
# Check for updates everyday
schedule: schedule:
interval: "daily" interval: "daily"
@ -23,5 +29,4 @@ updates:
- package-ecosystem: "github-actions" - package-ecosystem: "github-actions"
directory: "/" directory: "/"
schedule: schedule:
# Check for updates everyday
interval: "daily" interval: "daily"

4
.github/workflows/ci.yml vendored
View file

@ -2,16 +2,14 @@ name: Unit Test
on: on:
push: push:
branches: [ main, develop ]
pull_request: pull_request:
branches: [ main, develop ] types: [synchronize, opened]
env: env:
CARGO_TERM_COLOR: always CARGO_TERM_COLOR: always
jobs: jobs:
test: test:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:

83
.github/workflows/docker_build_push.yml vendored
View file

@ -1,11 +1,11 @@
name: Build and Publish Docker name: Build and publish docker
on: on:
push: push:
branches: branches:
- "develop" - "develop"
- "main" - "main"
pull_request: tags:
types: [synchronize, opened] - "*.*.*"
env: env:
GHCR: ghcr.io GHCR: ghcr.io
@ -51,6 +51,43 @@ jobs:
jqtype/rpxy:s2n jqtype/rpxy:s2n
ghcr.io/junkurihara/rust-rpxy:s2n ghcr.io/junkurihara/rust-rpxy:s2n
- target: "native-roots"
dockerfile: ./docker/Dockerfile
platforms: linux/amd64,linux/arm64
build-args: |
"CARGO_FEATURES=--no-default-features --features=http3-quinn,cache,native-roots"
tags-suffix: "-native-roots"
# Aliases must be used only for release builds
aliases: |
jqtype/rpxy:native-roots
ghcr.io/junkurihara/rust-rpxy:native-roots
- target: "slim-native-roots"
dockerfile: ./docker/Dockerfile-slim
build-args: |
"CARGO_FEATURES=--no-default-features --features=http3-quinn,cache,native-roots"
build-contexts: |
messense/rust-musl-cross:amd64-musl=docker-image://messense/rust-musl-cross:x86_64-musl
messense/rust-musl-cross:arm64-musl=docker-image://messense/rust-musl-cross:aarch64-musl
platforms: linux/amd64,linux/arm64
tags-suffix: "-slim-native-roots"
# Aliases must be used only for release builds
aliases: |
jqtype/rpxy:slim-native-roots
ghcr.io/junkurihara/rust-rpxy:slim-native-roots
- target: "s2n-native-roots"
dockerfile: ./docker/Dockerfile
build-args: |
"CARGO_FEATURES=--no-default-features --features=http3-s2n,cache,native-roots"
"ADDITIONAL_DEPS=pkg-config libssl-dev cmake libclang1 gcc g++"
platforms: linux/amd64,linux/arm64
tags-suffix: "-s2n-native-roots"
# Aliases must be used only for release builds
aliases: |
jqtype/rpxy:s2n-native-roots
ghcr.io/junkurihara/rust-rpxy:s2n-native-roots
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
@ -59,46 +96,46 @@ jobs:
- name: Docker meta - name: Docker meta
id: meta id: meta
uses: docker/metadata-action@v4 uses: docker/metadata-action@v5
with: with:
images: ${{ env.GHCR }}/${{ env.GHCR_IMAGE_NAME }} images: ${{ env.GHCR }}/${{ env.GHCR_IMAGE_NAME }}
- name: Set up QEMU - name: Set up QEMU
uses: docker/setup-qemu-action@v2 uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2 uses: docker/setup-buildx-action@v3
- name: Login to Docker Hub - name: Login to Docker Hub
uses: docker/login-action@v2 uses: docker/login-action@v3
with: with:
username: ${{ secrets.DOCKERHUB_USERNAME }} username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }} password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Login to GitHub Container Registry - name: Login to GitHub Container Registry
uses: docker/login-action@v2 uses: docker/login-action@v3
with: with:
registry: ${{ env.GHCR }} registry: ${{ env.GHCR }}
username: ${{ github.actor }} username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }} password: ${{ secrets.GITHUB_TOKEN }}
- name: Nightly build test on amd64 for pull requests # - name: Nightly build test on amd64 for pull requests
if: ${{ github.event_name == 'pull_request' }} # if: ${{ github.event_name == 'pull_request' }}
uses: docker/build-push-action@v4 # uses: docker/build-push-action@v5
with: # with:
context: . # context: .
build-args: ${{ matrix.build-args }} # build-args: ${{ matrix.build-args }}
push: false # push: false
build-contexts: ${{ matrix.build-contexts }} # build-contexts: ${{ matrix.build-contexts }}
file: ${{ matrix.dockerfile }} # file: ${{ matrix.dockerfile }}
cache-from: type=gha,scope=rpxy-nightly-${{ matrix.target }} # cache-from: type=gha,scope=rpxy-nightly-${{ matrix.target }}
cache-to: type=gha,mode=max,scope=rpxy-nightly-${{ matrix.target }} # cache-to: type=gha,mode=max,scope=rpxy-nightly-${{ matrix.target }}
platforms: linux/amd64 # platforms: linux/amd64
labels: ${{ steps.meta.outputs.labels }} # labels: ${{ steps.meta.outputs.labels }}
- name: Nightly build and push from develop branch - name: Nightly build and push from develop branch
if: ${{ (github.ref_name == 'develop') && (github.event_name == 'push') }} if: ${{ (github.ref_name == 'develop') && (github.event_name == 'push') }}
uses: docker/build-push-action@v4 uses: docker/build-push-action@v5
with: with:
context: . context: .
build-args: ${{ matrix.build-args }} build-args: ${{ matrix.build-args }}
@ -115,7 +152,7 @@ jobs:
- name: Release build and push from main branch - name: Release build and push from main branch
if: ${{ (github.ref_name == 'main') && (github.event_name == 'push') }} if: ${{ (github.ref_name == 'main') && (github.event_name == 'push') }}
uses: docker/build-push-action@v4 uses: docker/build-push-action@v5
with: with:
context: . context: .
build-args: ${{ matrix.build-args }} build-args: ${{ matrix.build-args }}

128
.github/workflows/release.yml vendored Normal file
View file

@ -0,0 +1,128 @@
name: Extract executable binary, upload artifacts, create release
on:
workflow_run:
workflows:
- "Build and publish docker"
types:
- "completed"
jobs:
on-success:
runs-on: ubuntu-latest
if: ${{ github.event.workflow_run.conclusion == 'success' }}
strategy:
fail-fast: false
matrix:
include:
- target: "gnu"
platform: linux/amd64
- target: "gnu"
platform: linux/arm64
- target: "musl"
platform: linux/amd64
tags-suffix: "-slim"
- target: "musl"
platform: linux/arm64
tags-suffix: "-slim"
- target: "gnu"
build-feature: "-s2n"
platform: linux/amd64
tags-suffix: "-s2n"
- target: "gnu"
build-feature: "-s2n"
platform: linux/arm64
tags-suffix: "-s2n"
- target: "gnu"
build-feature: "-native-roots"
platform: linux/amd64
tags-suffix: "-native-roots"
- target: "gnu"
build-feature: "-native-roots"
platform: linux/arm64
tags-suffix: "-native-roots"
- target: "musl"
build-feature: "-native-roots"
platform: linux/amd64
tags-suffix: "-slim-native-roots"
- target: "musl"
build-feature: "-native-roots"
platform: linux/arm64
tags-suffix: "-slim-native-roots"
- target: "gnu"
build-feature: "-s2n-native-roots"
platform: linux/amd64
tags-suffix: "-s2n-native-roots"
- target: "gnu"
build-feature: "-s2n-native-roots"
platform: linux/arm64
tags-suffix: "-s2n-native-roots"
steps:
- run: "echo 'The relese triggering workflows passed'"
- name: "set env"
run: |
if [ ${{ matrix.platform }} = "linux/amd64" ];then PLATFORM_MAP="x86_64";else PLATFORM_MAP="aarch64";fi
if [ ${{ github.ref_name == 'develop' }} ];then BUILD_NAME="rpxy-nightly";else BUILD_NAME="rpxy";fi
echo "PLATFORM_MAP=${PLATFORM_MAP}" >> $GITHUB_ENV
echo "TARGET_NAME=${BUILD_NAME}-${PLATFORM_MAP}-unknown-linux-${{ matrix.target }}${{ matrix.build-feature }}" >> $GITHUB_ENV
- name: "docker pull and extract binary from docker image"
id: "extract-binary"
run: |
CONTAINER_ID=`docker create --platform=${{ matrix.platform }} ghcr.io/junkurihara/rust-rpxy:nightly${{ matrix.tags-suffix }}`
docker cp ${CONTAINER_ID}:/rpxy/bin/rpxy /tmp/${TARGET_NAME}
cd /tmp
echo "artifact=${TARGET_NAME}" >> $GITHUB_OUTPUT
- name: "upload artifacts"
uses: actions/upload-artifact@v3
with:
name: ${{ steps.extract-binary.outputs.artifact }}
path: "/tmp/${{ steps.extract-binary.outputs.artifact }}"
on-failure:
runs-on: ubuntu-latest
if: ${{ github.event.workflow_run.conclusion == 'failure' }}
steps:
- run: echo 'The release triggering workflows failed'
release:
runs-on: ubuntu-latest
if: startsWith(github.ref, 'refs/tags/')
needs: on-success
steps:
- name: checkout
uses: actions/checkout@v4
- name: download artifacts
uses: actions/download-artifact@v3
with:
path: /tmp/rpxy
- name: make tar.gz of assets
run: |
mkdir /tmp/assets
cd /tmp/rpxy
for i in ./*; do sh -c "cd $i && tar zcvf $i.tar.gz $i && mv $i.tar.gz /tmp/assets/"; done
ls -lha /tmp/assets
- name: release
uses: softprops/action-gh-release@v1
if: startsWith(github.ref, 'refs/tags/')
with:
files: /tmp/assets/*.tar.gz
tag_name: ${{ github.ref }}
draft: true
prerelease: false
generate_release_notes: true

8
CHANGELOG.md
View file

@ -2,6 +2,14 @@
## 0.7.0 (unreleased) ## 0.7.0 (unreleased)
## 0.6.2
### Improvement
- Feat: Add a build feature of `native-roots` to use the system's default root cert store.
- Feat: Add binary release in addition to container release
- Refactor: lots of minor improvements
## 0.6.1 ## 0.6.1
### Bugfix ### Bugfix

4
docker/Dockerfile-slim
View file

@ -4,6 +4,8 @@ FROM --platform=$BUILDPLATFORM messense/rust-musl-cross:${TARGETARCH}-musl AS bu
LABEL maintainer="Jun Kurihara" LABEL maintainer="Jun Kurihara"
ARG TARGETARCH ARG TARGETARCH
ARG CARGO_FEATURES
ENV CARGO_FEATURES ${CARGO_FEATURES}
RUN if [ $TARGETARCH = "amd64" ]; then \ RUN if [ $TARGETARCH = "amd64" ]; then \
echo "x86_64" > /arch; \ echo "x86_64" > /arch; \
@ -23,7 +25,7 @@ COPY . /tmp/
ENV RUSTFLAGS "-C link-arg=-s" ENV RUSTFLAGS "-C link-arg=-s"
RUN echo "Building rpxy from source" && \ RUN echo "Building rpxy from source" && \
cargo build --release --target $(cat /arch)-unknown-linux-musl && \ cargo build --release --target $(cat /arch)-unknown-linux-musl ${CARGO_FEATURES} && \
musl-strip --strip-all /tmp/target/$(cat /arch)-unknown-linux-musl/release/rpxy && \ musl-strip --strip-all /tmp/target/$(cat /arch)-unknown-linux-musl/release/rpxy && \
cp /tmp/target/$(cat /arch)-unknown-linux-musl/release/rpxy /tmp/target/release/rpxy cp /tmp/target/$(cat /arch)-unknown-linux-musl/release/rpxy /tmp/target/release/rpxy

18
docker/docker-compose-slim.yml
View file

@ -9,15 +9,17 @@ services:
- 127.0.0.1:8080:8080/tcp - 127.0.0.1:8080:8080/tcp
- 127.0.0.1:8443:8443/udp - 127.0.0.1:8443:8443/udp
- 127.0.0.1:8443:8443/tcp - 127.0.0.1:8443:8443/tcp
# build: # Uncomment if you build yourself build: # Uncomment if you build yourself
# context: ../ context: ../
# additional_contexts: additional_contexts:
# - messense/rust-musl-cross:amd64-musl=docker-image://messense/rust-musl-cross:x86_64-musl - messense/rust-musl-cross:amd64-musl=docker-image://messense/rust-musl-cross:x86_64-musl
# - messense/rust-musl-cross:arm64-musl=docker-image://messense/rust-musl-cross:aarch64-musl - messense/rust-musl-cross:arm64-musl=docker-image://messense/rust-musl-cross:aarch64-musl
# dockerfile: ./docker/Dockerfile-slim # based on alpine and build x86_64-unknown-linux-musl # args: # Uncomment when build with native cert store
# platforms: # Choose your platforms # - "CARGO_FEATURES=--no-default-features --features=http3-quinn,native-roots"
dockerfile: ./docker/Dockerfile-slim # based on alpine and build x86_64-unknown-linux-musl
platforms: # Choose your platforms
# - "linux/amd64" # - "linux/amd64"
# # - "linux/arm64" - "linux/arm64"
environment: environment:
- LOG_LEVEL=debug - LOG_LEVEL=debug
- LOG_TO_FILE=true - LOG_TO_FILE=true

14
docker/docker-compose.yml
View file

@ -9,15 +9,17 @@ services:
- 127.0.0.1:8080:8080/tcp - 127.0.0.1:8080:8080/tcp
- 127.0.0.1:8443:8443/udp - 127.0.0.1:8443:8443/udp
- 127.0.0.1:8443:8443/tcp - 127.0.0.1:8443:8443/tcp
# build: # Uncomment if you build yourself build: # Uncomment if you build yourself
# context: ../ context: ../
# args: # Uncomment when build quic-s2n version # args: # Uncomment when build quic-s2n version
# - "CARGO_FEATURES=--no-default-features --features http3-s2n" # - "CARGO_FEATURES=--no-default-features --features=http3-s2n"
# - "ADDITIONAL_DEPS=pkg-config libssl-dev cmake libclang1 gcc g++" # - "ADDITIONAL_DEPS=pkg-config libssl-dev cmake libclang1 gcc g++"
# dockerfile: ./docker/Dockerfile # based on ubuntu 22.04 and build x86_64-unknown-linux-gnu # args: # Uncomment when build with native cert store
# platforms: # Choose your platforms # - "CARGO_FEATURES=--no-default-features --features=http3-quinn,native-roots"
dockerfile: ./docker/Dockerfile # based on ubuntu 22.04 and build x86_64-unknown-linux-gnu
platforms: # Choose your platforms
# - "linux/amd64" # - "linux/amd64"
# # - "linux/arm64" - "linux/arm64"
environment: environment:
- LOG_LEVEL=debug - LOG_LEVEL=debug
- LOG_TO_FILE=true - LOG_TO_FILE=true

9
rpxy-bin/Cargo.toml
View file

@ -1,6 +1,6 @@
[package] [package]
name = "rpxy" name = "rpxy"
version = "0.6.1" version = "0.6.2"
authors = ["Jun Kurihara"] authors = ["Jun Kurihara"]
homepage = "https://github.com/junkurihara/rust-rpxy" homepage = "https://github.com/junkurihara/rust-rpxy"
repository = "https://github.com/junkurihara/rust-rpxy" repository = "https://github.com/junkurihara/rust-rpxy"
@ -16,6 +16,7 @@ default = ["http3-quinn", "cache"]
http3-quinn = ["rpxy-lib/http3-quinn"] http3-quinn = ["rpxy-lib/http3-quinn"]
http3-s2n = ["rpxy-lib/http3-s2n"] http3-s2n = ["rpxy-lib/http3-s2n"]
cache = ["rpxy-lib/cache"] cache = ["rpxy-lib/cache"]
native-roots = ["rpxy-lib/native-roots"]
[dependencies] [dependencies]
rpxy-lib = { path = "../rpxy-lib/", default-features = false, features = [ rpxy-lib = { path = "../rpxy-lib/", default-features = false, features = [
@ -26,7 +27,7 @@ anyhow = "1.0.75"
rustc-hash = "1.1.0" rustc-hash = "1.1.0"
serde = { version = "1.0.188", default-features = false, features = ["derive"] } serde = { version = "1.0.188", default-features = false, features = ["derive"] }
derive_builder = "0.12.0" derive_builder = "0.12.0"
tokio = { version = "1.32.0", default-features = false, features = [ tokio = { version = "1.33.0", default-features = false, features = [
"net", "net",
"rt-multi-thread", "rt-multi-thread",
"time", "time",
@ -38,8 +39,8 @@ rustls-pemfile = "1.0.3"
mimalloc = { version = "*", default-features = false } mimalloc = { version = "*", default-features = false }
# config # config
clap = { version = "4.4.2", features = ["std", "cargo", "wrap_help"] } clap = { version = "4.4.6", features = ["std", "cargo", "wrap_help"] }
toml = { version = "0.7.8", default-features = false, features = ["parse"] } toml = { version = "0.8", default-features = false, features = ["parse"] }
hot_reload = "0.1.4" hot_reload = "0.1.4"
# logging # logging

19
rpxy-lib/Cargo.toml
View file

@ -1,6 +1,6 @@
[package] [package]
name = "rpxy-lib" name = "rpxy-lib"
version = "0.6.1" version = "0.6.2"
authors = ["Jun Kurihara"] authors = ["Jun Kurihara"]
homepage = "https://github.com/junkurihara/rust-rpxy" homepage = "https://github.com/junkurihara/rust-rpxy"
repository = "https://github.com/junkurihara/rust-rpxy" repository = "https://github.com/junkurihara/rust-rpxy"
@ -17,6 +17,7 @@ http3-quinn = ["quinn", "h3", "h3-quinn", "socket2"]
http3-s2n = ["h3", "s2n-quic", "s2n-quic-rustls", "s2n-quic-h3"] http3-s2n = ["h3", "s2n-quic", "s2n-quic-rustls", "s2n-quic-h3"]
sticky-cookie = ["base64", "sha2", "chrono"] sticky-cookie = ["base64", "sha2", "chrono"]
cache = ["http-cache-semantics", "lru"] cache = ["http-cache-semantics", "lru"]
native-roots = ["hyper-rustls/native-tokio"]
[dependencies] [dependencies]
rand = "0.8.5" rand = "0.8.5"
@ -24,7 +25,7 @@ rustc-hash = "1.1.0"
bytes = "1.5.0" bytes = "1.5.0"
derive_builder = "0.12.0" derive_builder = "0.12.0"
futures = { version = "0.3.28", features = ["alloc", "async-await"] } futures = { version = "0.3.28", features = ["alloc", "async-await"] }
tokio = { version = "1.32.0", default-features = false, features = [ tokio = { version = "1.33.0", default-features = false, features = [
"net", "net",
"rt-multi-thread", "rt-multi-thread",
"time", "time",
@ -37,7 +38,7 @@ hot_reload = "0.1.4" # reloading certs
# Error handling # Error handling
anyhow = "1.0.75" anyhow = "1.0.75"
thiserror = "1.0.48" thiserror = "1.0.49"
# http and tls # http and tls
hyper = { version = "0.14.27", default-features = false, features = [ hyper = { version = "0.14.27", default-features = false, features = [
@ -54,7 +55,7 @@ hyper-rustls = { version = "0.24.1", default-features = false, features = [
] } ] }
tokio-rustls = { version = "0.24.1", features = ["early-data"] } tokio-rustls = { version = "0.24.1", features = ["early-data"] }
rustls = { version = "0.21.7", default-features = false } rustls = { version = "0.21.7", default-features = false }
webpki = "0.22.1" webpki = "0.22.4"
x509-parser = "0.15.1" x509-parser = "0.15.1"
# logging # logging
@ -67,7 +68,7 @@ h3 = { path = "../submodules/h3/h3/", optional = true }
# h3-quinn = { path = "./h3/h3-quinn/", optional = true } # h3-quinn = { path = "./h3/h3-quinn/", optional = true }
h3-quinn = { path = "../submodules/h3-quinn/", optional = true } # Tentative to support rustls-0.21 h3-quinn = { path = "../submodules/h3-quinn/", optional = true } # Tentative to support rustls-0.21
# for UDP socket wit SO_REUSEADDR when h3 with quinn # for UDP socket wit SO_REUSEADDR when h3 with quinn
socket2 = { version = "0.5.3", features = ["all"], optional = true } socket2 = { version = "0.5.4", features = ["all"], optional = true }
s2n-quic = { path = "../submodules/s2n-quic/quic/s2n-quic/", default-features = false, features = [ s2n-quic = { path = "../submodules/s2n-quic/quic/s2n-quic/", default-features = false, features = [
"provider-tls-rustls", "provider-tls-rustls",
], optional = true } ], optional = true }
@ -76,16 +77,16 @@ s2n-quic-rustls = { path = "../submodules/s2n-quic/quic/s2n-quic-rustls/", optio
# cache # cache
http-cache-semantics = { path = "../submodules/rusty-http-cache-semantics/", optional = true } http-cache-semantics = { path = "../submodules/rusty-http-cache-semantics/", optional = true }
lru = { version = "0.11.1", optional = true } lru = { version = "0.12.0", optional = true }
# cookie handling for sticky cookie # cookie handling for sticky cookie
chrono = { version = "0.4.30", default-features = false, features = [ chrono = { version = "0.4.31", default-features = false, features = [
"unstable-locales", "unstable-locales",
"alloc", "alloc",
"clock", "clock",
], optional = true } ], optional = true }
base64 = { version = "0.21.3", optional = true } base64 = { version = "0.21.4", optional = true }
sha2 = { version = "0.10.7", default-features = false, optional = true } sha2 = { version = "0.10.8", default-features = false, optional = true }
[dev-dependencies] [dev-dependencies]

32
rpxy-lib/src/handler/forwarder.rs
View file

@ -1,8 +1,6 @@
#[cfg(feature = "cache")] #[cfg(feature = "cache")]
use super::cache::{get_policy_if_cacheable, RpxyCache}; use super::cache::{get_policy_if_cacheable, RpxyCache};
#[cfg(feature = "cache")] use crate::{error::RpxyError, globals::Globals, log::*, CryptoSource};
use crate::log::*;
use crate::{error::RpxyError, globals::Globals, CryptoSource};
use async_trait::async_trait; use async_trait::async_trait;
#[cfg(feature = "cache")] #[cfg(feature = "cache")]
use bytes::Buf; use bytes::Buf;
@ -118,18 +116,22 @@ where
impl Forwarder<HttpsConnector<HttpConnector>, Body> { impl Forwarder<HttpsConnector<HttpConnector>, Body> {
/// Build forwarder /// Build forwarder
pub async fn new<T: CryptoSource>(_globals: &std::sync::Arc<Globals<T>>) -> Self { pub async fn new<T: CryptoSource>(_globals: &std::sync::Arc<Globals<T>>) -> Self {
// let connector = TrustDnsResolver::default().into_rustls_webpki_https_connector(); #[cfg(feature = "native-roots")]
let connector = hyper_rustls::HttpsConnectorBuilder::new() let builder = hyper_rustls::HttpsConnectorBuilder::new().with_native_roots();
.with_webpki_roots() #[cfg(feature = "native-roots")]
.https_or_http() let builder_h2 = hyper_rustls::HttpsConnectorBuilder::new().with_native_roots();
.enable_http1() #[cfg(feature = "native-roots")]
.enable_http2() info!("Native cert store is used for the connection to backend applications");
.build();
let connector_h2 = hyper_rustls::HttpsConnectorBuilder::new() #[cfg(not(feature = "native-roots"))]
.with_webpki_roots() let builder = hyper_rustls::HttpsConnectorBuilder::new().with_webpki_roots();
.https_or_http() #[cfg(not(feature = "native-roots"))]
.enable_http2() let builder_h2 = hyper_rustls::HttpsConnectorBuilder::new().with_webpki_roots();
.build(); #[cfg(not(feature = "native-roots"))]
info!("Mozilla WebPKI root certs is used for the connection to backend applications");
let connector = builder.https_or_http().enable_http1().enable_http2().build();
let connector_h2 = builder_h2.https_or_http().enable_http2().build();
let inner = Client::builder().build::<_, Body>(connector); let inner = Client::builder().build::<_, Body>(connector);
let inner_h2 = Client::builder().http2_only(true).build::<_, Body>(connector_h2); let inner_h2 = Client::builder().http2_only(true).build::<_, Body>(connector_h2);

10
rpxy-lib/src/proxy/proxy_tls.rs
View file

@ -46,13 +46,13 @@ where
let client_hello = start.client_hello(); let client_hello = start.client_hello();
let server_name = client_hello.server_name(); let server_name = client_hello.server_name();
debug!("HTTP/2 or 1.1: SNI in ClientHello: {:?}", server_name); debug!("HTTP/2 or 1.1: SNI in ClientHello: {:?}", server_name);
let server_name = server_name.map_or_else(|| None, |v| Some(v.to_server_name_vec())); let server_name_in_bytes = server_name.map_or_else(|| None, |v| Some(v.to_server_name_vec()));
if server_name.is_none(){ if server_name_in_bytes.is_none(){
return Err(RpxyError::Proxy("No SNI is given".to_string())); return Err(RpxyError::Proxy("No SNI is given".to_string()));
} }
let server_crypto = sc_map_inner.as_ref().unwrap().get(server_name.as_ref().unwrap()); let server_crypto = sc_map_inner.as_ref().unwrap().get(server_name_in_bytes.as_ref().unwrap());
if server_crypto.is_none() { if server_crypto.is_none() {
return Err(RpxyError::Proxy(format!("No TLS serving app for {:?}", "xx"))); return Err(RpxyError::Proxy(format!("No TLS serving app for {:?}", server_name.unwrap())));
} }
let stream = match start.into_stream(server_crypto.unwrap().clone()).await { let stream = match start.into_stream(server_crypto.unwrap().clone()).await {
Ok(s) => s, Ok(s) => s,
@ -60,7 +60,7 @@ where
return Err(RpxyError::Proxy(format!("Failed to handshake TLS: {e}"))); return Err(RpxyError::Proxy(format!("Failed to handshake TLS: {e}")));
} }
}; };
self_inner.client_serve(stream, server_clone, client_addr, server_name); self_inner.client_serve(stream, server_clone, client_addr, server_name_in_bytes);
Ok(()) Ok(())
}; };

2
submodules/quinn

@ -1 +1 @@
Subproject commit 5d4d58387d77db952c47168ed2185b6a38b8717a Subproject commit e1e1e6e392a382fbded42ca010505fecb8fe3655

2
submodules/s2n-quic

@ -1 +1 @@
Subproject commit 9fd762a538924f943c4c8ae0aae95337635fb485 Subproject commit c88e64b6c58891651954834207d974de80e9bba8