tuxmain/rust-rpxy
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Early data option
Some checks failed
Unit Test / test (push) Has been cancelled
Details
ShiftLeft Scan / Scan-Build (push) Has been cancelled
Details

Browse source
This commit is contained in:
Pascal Engélibert 2026-01-08 11:05:06 +01:00
commit 9518cc8b73
4 changed files with 23 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

10
rpxy-bin/src/main.rs
View file

@ -121,12 +121,20 @@ impl RpxyService {
#[cfg(not(feature = "acme"))] #[cfg(not(feature = "acme"))]
{ {
let rpxy_opts = RpxyOptionsBuilder::default() let mut rpxy_opts = RpxyOptionsBuilder::default()
.proxy_config(proxy_conf.clone()) .proxy_config(proxy_conf.clone())
.app_config_list(app_conf.clone()) .app_config_list(app_conf.clone())
.cert_rx(cert_rx.clone()) .cert_rx(cert_rx.clone())
.runtime_handle(runtime_handle.clone()) .runtime_handle(runtime_handle.clone())
.build()?; .build()?;
for (var, val) in std::env::vars() {
match var.as_str() {
"EARLYDATA" => rpxy_opts.proxy_config.enable_early_data = val == "1",
_ => {}
}
}
self.start_inner(rpxy_opts, cancel_token).await.map_err(|e| anyhow!(e)) self.start_inner(rpxy_opts, cancel_token).await.map_err(|e| anyhow!(e))
} }
} }

1
rpxy-certs/src/server_crypto.rs
View file

@ -76,6 +76,7 @@ impl ServerCryptoBase {
.with_safe_default_protocol_versions()? .with_safe_default_protocol_versions()?
.with_no_client_auth() .with_no_client_auth()
.with_cert_resolver(Arc::new(resolver_local)); .with_cert_resolver(Arc::new(resolver_local));
server_crypto_local.max_early_data_size = 8192;
#[cfg(feature = "http3")] #[cfg(feature = "http3")]
{ {

12
rpxy-lib/src/forwarder/client.rs
View file

@ -206,7 +206,7 @@ where
<B1 as Body>::Error: Into<Box<dyn std::error::Error + Send + Sync + 'static>>, <B1 as Body>::Error: Into<Box<dyn std::error::Error + Send + Sync + 'static>>,
{ {
/// Build forwarder /// Build forwarder
pub async fn try_new(_globals: &Arc<Globals>) -> RpxyResult<Self> { pub async fn try_new(globals: &Arc<Globals>) -> RpxyResult<Self> {
// build hyper client with rustls and webpki, only https is allowed // build hyper client with rustls and webpki, only https is allowed
#[cfg(feature = "webpki-roots")] #[cfg(feature = "webpki-roots")]
let builder = hyper_rustls::HttpsConnectorBuilder::new().with_webpki_roots(); let builder = hyper_rustls::HttpsConnectorBuilder::new().with_webpki_roots();
@ -223,7 +223,11 @@ where
.try_with_platform_verifier() .try_with_platform_verifier()
.unwrap() .unwrap()
.with_no_client_auth(); .with_no_client_auth();
if globals.proxy_config.enable_early_data {
client_config.enable_early_data = true;
} else {
client_config.resumption = Resumption::disabled(); client_config.resumption = Resumption::disabled();
}
let builder = hyper_rustls::HttpsConnectorBuilder::new().with_tls_config(client_config.clone()); let builder = hyper_rustls::HttpsConnectorBuilder::new().with_tls_config(client_config.clone());
let builder_h2 = hyper_rustls::HttpsConnectorBuilder::new().with_tls_config(client_config); let builder_h2 = hyper_rustls::HttpsConnectorBuilder::new().with_tls_config(client_config);
info!("Rustls backend: Platform verifier used for backend connections"); info!("Rustls backend: Platform verifier used for backend connections");
@ -233,12 +237,12 @@ where
let mut http = HttpConnector::new(); let mut http = HttpConnector::new();
http.enforce_http(false); http.enforce_http(false);
http.set_reuse_address(true); http.set_reuse_address(true);
http.set_keepalive(Some(_globals.proxy_config.upstream_idle_timeout)); http.set_keepalive(Some(globals.proxy_config.upstream_idle_timeout));
let connector = builder.https_or_http().enable_all_versions().wrap_connector(http.clone()); let connector = builder.https_or_http().enable_all_versions().wrap_connector(http.clone());
let connector_h2 = builder_h2.https_or_http().enable_http2().wrap_connector(http); let connector_h2 = builder_h2.https_or_http().enable_http2().wrap_connector(http);
let inner = Client::builder(LocalExecutor::new(_globals.runtime_handle.clone())).build::<_, B1>(connector); let inner = Client::builder(LocalExecutor::new(globals.runtime_handle.clone())).build::<_, B1>(connector);
let inner_h2 = Client::builder(LocalExecutor::new(_globals.runtime_handle.clone())) let inner_h2 = Client::builder(LocalExecutor::new(globals.runtime_handle.clone()))
.http2_only(true) .http2_only(true)
.set_host(false) .set_host(false)
.build::<_, B1>(connector_h2); .build::<_, B1>(connector_h2);

4
rpxy-lib/src/globals.rs
View file

@ -52,6 +52,8 @@ pub struct ProxyConfig {
/// timeout to handle a connection, total time of receive request, serve, and send response. this might limits the max length of response. /// timeout to handle a connection, total time of receive request, serve, and send response. this might limits the max length of response.
pub connection_handling_timeout: Option<Duration>, pub connection_handling_timeout: Option<Duration>,
pub enable_early_data: bool,
#[cfg(feature = "cache")] #[cfg(feature = "cache")]
pub cache_enabled: bool, pub cache_enabled: bool,
#[cfg(feature = "cache")] #[cfg(feature = "cache")]
@ -100,6 +102,8 @@ impl Default for ProxyConfig {
sni_consistency: true, sni_consistency: true,
connection_handling_timeout: None, connection_handling_timeout: None,
enable_early_data: false,
#[cfg(feature = "cache")] #[cfg(feature = "cache")]
cache_enabled: false, cache_enabled: false,
#[cfg(feature = "cache")] #[cfg(feature = "cache")]