diff --git a/rpxy-bin/src/main.rs b/rpxy-bin/src/main.rs index 39cc5bb..8aa1799 100644 --- a/rpxy-bin/src/main.rs +++ b/rpxy-bin/src/main.rs @@ -121,12 +121,20 @@ impl RpxyService { #[cfg(not(feature = "acme"))] { - let rpxy_opts = RpxyOptionsBuilder::default() + let mut rpxy_opts = RpxyOptionsBuilder::default() .proxy_config(proxy_conf.clone()) .app_config_list(app_conf.clone()) .cert_rx(cert_rx.clone()) .runtime_handle(runtime_handle.clone()) .build()?; + + for (var, val) in std::env::vars() { + match var.as_str() { + "EARLYDATA" => rpxy_opts.proxy_config.enable_early_data = val == "1", + _ => {} + } + } + self.start_inner(rpxy_opts, cancel_token).await.map_err(|e| anyhow!(e)) } } diff --git a/rpxy-certs/src/server_crypto.rs b/rpxy-certs/src/server_crypto.rs index a3282cc..e566a85 100644 --- a/rpxy-certs/src/server_crypto.rs +++ b/rpxy-certs/src/server_crypto.rs @@ -76,6 +76,7 @@ impl ServerCryptoBase { .with_safe_default_protocol_versions()? .with_no_client_auth() .with_cert_resolver(Arc::new(resolver_local)); + server_crypto_local.max_early_data_size = 8192; #[cfg(feature = "http3")] { diff --git a/rpxy-lib/src/forwarder/client.rs b/rpxy-lib/src/forwarder/client.rs index adab716..04edb05 100644 --- a/rpxy-lib/src/forwarder/client.rs +++ b/rpxy-lib/src/forwarder/client.rs @@ -206,7 +206,7 @@ where ::Error: Into>, { /// Build forwarder - pub async fn try_new(_globals: &Arc) -> RpxyResult { + pub async fn try_new(globals: &Arc) -> RpxyResult { // build hyper client with rustls and webpki, only https is allowed #[cfg(feature = "webpki-roots")] let builder = hyper_rustls::HttpsConnectorBuilder::new().with_webpki_roots(); @@ -223,7 +223,11 @@ where .try_with_platform_verifier() .unwrap() .with_no_client_auth(); - client_config.resumption = Resumption::disabled(); + if globals.proxy_config.enable_early_data { + client_config.enable_early_data = true; + } else { + client_config.resumption = Resumption::disabled(); + } let builder = hyper_rustls::HttpsConnectorBuilder::new().with_tls_config(client_config.clone()); let builder_h2 = hyper_rustls::HttpsConnectorBuilder::new().with_tls_config(client_config); info!("Rustls backend: Platform verifier used for backend connections"); @@ -233,12 +237,12 @@ where let mut http = HttpConnector::new(); http.enforce_http(false); http.set_reuse_address(true); - http.set_keepalive(Some(_globals.proxy_config.upstream_idle_timeout)); + http.set_keepalive(Some(globals.proxy_config.upstream_idle_timeout)); let connector = builder.https_or_http().enable_all_versions().wrap_connector(http.clone()); let connector_h2 = builder_h2.https_or_http().enable_http2().wrap_connector(http); - let inner = Client::builder(LocalExecutor::new(_globals.runtime_handle.clone())).build::<_, B1>(connector); - let inner_h2 = Client::builder(LocalExecutor::new(_globals.runtime_handle.clone())) + let inner = Client::builder(LocalExecutor::new(globals.runtime_handle.clone())).build::<_, B1>(connector); + let inner_h2 = Client::builder(LocalExecutor::new(globals.runtime_handle.clone())) .http2_only(true) .set_host(false) .build::<_, B1>(connector_h2); diff --git a/rpxy-lib/src/globals.rs b/rpxy-lib/src/globals.rs index 7a189fa..16b13a9 100644 --- a/rpxy-lib/src/globals.rs +++ b/rpxy-lib/src/globals.rs @@ -52,6 +52,8 @@ pub struct ProxyConfig { /// timeout to handle a connection, total time of receive request, serve, and send response. this might limits the max length of response. pub connection_handling_timeout: Option, + pub enable_early_data: bool, + #[cfg(feature = "cache")] pub cache_enabled: bool, #[cfg(feature = "cache")] @@ -100,6 +102,8 @@ impl Default for ProxyConfig { sni_consistency: true, connection_handling_timeout: None, + enable_early_data: false, + #[cfg(feature = "cache")] cache_enabled: false, #[cfg(feature = "cache")]