Early data option

rpxy-bin/src/main.rs

@@ -121,12 +121,20 @@ impl RpxyService {
 
     #[cfg(not(feature = "acme"))]
     {
-      let rpxy_opts = RpxyOptionsBuilder::default()
+      let mut rpxy_opts = RpxyOptionsBuilder::default()
         .proxy_config(proxy_conf.clone())
         .app_config_list(app_conf.clone())
         .cert_rx(cert_rx.clone())
         .runtime_handle(runtime_handle.clone())
         .build()?;
+
+      for (var, val) in std::env::vars() {
+        match var.as_str() {
+          "EARLYDATA" => rpxy_opts.proxy_config.enable_early_data = val == "1",
+          _ => {}
+        }
+      }
+
       self.start_inner(rpxy_opts, cancel_token).await.map_err(|e| anyhow!(e))
     }
   }

rpxy-certs/src/server_crypto.rs

@@ -76,6 +76,7 @@ impl ServerCryptoBase {
           .with_safe_default_protocol_versions()?
           .with_no_client_auth()
           .with_cert_resolver(Arc::new(resolver_local));
+        server_crypto_local.max_early_data_size = 8192;
 
         #[cfg(feature = "http3")]
         {

rpxy-lib/src/forwarder/client.rs

@@ -206,7 +206,7 @@ where
   <B1 as Body>::Error: Into<Box<dyn std::error::Error + Send + Sync + 'static>>,
 {
   /// Build forwarder
-  pub async fn try_new(_globals: &Arc<Globals>) -> RpxyResult<Self> {
+  pub async fn try_new(globals: &Arc<Globals>) -> RpxyResult<Self> {
     // build hyper client with rustls and webpki, only https is allowed
     #[cfg(feature = "webpki-roots")]
     let builder = hyper_rustls::HttpsConnectorBuilder::new().with_webpki_roots();
@@ -223,7 +223,11 @@ where
         .try_with_platform_verifier()
         .unwrap()
         .with_no_client_auth();
-      client_config.resumption = Resumption::disabled();
+      if globals.proxy_config.enable_early_data {
+        client_config.enable_early_data = true;
+      } else {
+        client_config.resumption = Resumption::disabled();
+      }
       let builder = hyper_rustls::HttpsConnectorBuilder::new().with_tls_config(client_config.clone());
       let builder_h2 = hyper_rustls::HttpsConnectorBuilder::new().with_tls_config(client_config);
       info!("Rustls backend: Platform verifier used for backend connections");
@@ -233,12 +237,12 @@ where
     let mut http = HttpConnector::new();
     http.enforce_http(false);
     http.set_reuse_address(true);
-    http.set_keepalive(Some(_globals.proxy_config.upstream_idle_timeout));
+    http.set_keepalive(Some(globals.proxy_config.upstream_idle_timeout));
 
     let connector = builder.https_or_http().enable_all_versions().wrap_connector(http.clone());
     let connector_h2 = builder_h2.https_or_http().enable_http2().wrap_connector(http);
-    let inner = Client::builder(LocalExecutor::new(_globals.runtime_handle.clone())).build::<_, B1>(connector);
+    let inner = Client::builder(LocalExecutor::new(globals.runtime_handle.clone())).build::<_, B1>(connector);
-    let inner_h2 = Client::builder(LocalExecutor::new(_globals.runtime_handle.clone()))
+    let inner_h2 = Client::builder(LocalExecutor::new(globals.runtime_handle.clone()))
       .http2_only(true)
       .set_host(false)
       .build::<_, B1>(connector_h2);

rpxy-lib/src/globals.rs

@@ -52,6 +52,8 @@ pub struct ProxyConfig {
   /// timeout to handle a connection, total time of receive request, serve, and send response. this might limits the max length of response.
   pub connection_handling_timeout: Option<Duration>,
 
+  pub enable_early_data: bool,
+
   #[cfg(feature = "cache")]
   pub cache_enabled: bool,
   #[cfg(feature = "cache")]
@@ -100,6 +102,8 @@ impl Default for ProxyConfig {
       sni_consistency: true,
       connection_handling_timeout: None,
 
+      enable_early_data: false,
+
       #[cfg(feature = "cache")]
       cache_enabled: false,
       #[cfg(feature = "cache")]