From 3ba0247df99dd86390180e9865ce2a63ba2e8f4e Mon Sep 17 00:00:00 2001 From: Jun Kurihara Date: Tue, 7 Jan 2025 13:01:06 +0900 Subject: [PATCH 01/20] fix: add dependabot settings for acme and certs dirs --- .github/dependabot.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 3e44060..e39c88b 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -19,6 +19,16 @@ updates: schedule: interval: "daily" + - package-ecosystem: "cargo" + directory: "/rpxy-certs" + schedule: + interval: "daily" + + - package-ecosystem: "cargo" + directory: "/rpxy-acme" + schedule: + interval: "daily" + # Enable version updates for Docker - package-ecosystem: "docker" directory: "/docker" From f9b4a26dab87562a6cbb334738a3831371f4a645 Mon Sep 17 00:00:00 2001 From: Jun Kurihara Date: Wed, 8 Jan 2025 10:19:05 +0900 Subject: [PATCH 02/20] chore: deps --- rpxy-acme/Cargo.toml | 2 +- rpxy-bin/Cargo.toml | 4 ++-- rpxy-certs/Cargo.toml | 2 +- rpxy-lib/Cargo.toml | 10 +++++----- submodules/s2n-quic | 2 +- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/rpxy-acme/Cargo.toml b/rpxy-acme/Cargo.toml index bd8114e..e6fb6f8 100644 --- a/rpxy-acme/Cargo.toml +++ b/rpxy-acme/Cargo.toml @@ -18,7 +18,7 @@ url = { version = "2.5.4" } ahash = "0.8.11" thiserror = "2.0.9" tracing = "0.1.41" -async-trait = "0.1.84" +async-trait = "0.1.85" base64 = "0.22.1" aws-lc-rs = { version = "1.12.0", default-features = false, features = [ "aws-lc-sys", diff --git a/rpxy-bin/Cargo.toml b/rpxy-bin/Cargo.toml index 16bc0d3..8a3cc33 100644 --- a/rpxy-bin/Cargo.toml +++ b/rpxy-bin/Cargo.toml @@ -41,11 +41,11 @@ tokio = { version = "1.42.0", default-features = false, features = [ "macros", ] } tokio-util = { version = "0.7.13", default-features = false } -async-trait = "0.1.84" +async-trait = "0.1.85" futures-util = { version = "0.3.31", default-features = false } # config -clap = { version = "4.5.23", features = ["std", "cargo", "wrap_help"] } +clap = { version = "4.5.24", features = ["std", "cargo", "wrap_help"] } toml = { version = "0.8.19", default-features = false, features = ["parse"] } hot_reload = "0.1.8" serde_ignored = "0.1.10" diff --git a/rpxy-certs/Cargo.toml b/rpxy-certs/Cargo.toml index f060b1a..f48af26 100644 --- a/rpxy-certs/Cargo.toml +++ b/rpxy-certs/Cargo.toml @@ -21,7 +21,7 @@ tracing = { version = "0.1.41" } derive_builder = { version = "0.20.2" } thiserror = { version = "2.0.9" } hot_reload = { version = "0.1.8" } -async-trait = { version = "0.1.84" } +async-trait = { version = "0.1.85" } rustls = { version = "0.23.20", default-features = false, features = [ "std", "aws_lc_rs", diff --git a/rpxy-lib/Cargo.toml b/rpxy-lib/Cargo.toml index 511e177..5e93f9f 100644 --- a/rpxy-lib/Cargo.toml +++ b/rpxy-lib/Cargo.toml @@ -50,8 +50,8 @@ tokio = { version = "1.42.0", default-features = false, features = [ "fs", ] } tokio-util = { version = "0.7.13", default-features = false } -pin-project-lite = "0.2.15" -async-trait = "0.1.84" +pin-project-lite = "0.2.16" +async-trait = "0.1.85" # Error handling anyhow = "1.0.95" @@ -94,11 +94,11 @@ tracing = { version = "0.1.41" } quinn = { version = "0.11.6", optional = true } h3 = { version = "0.0.6", features = ["tracing"], optional = true } h3-quinn = { version = "0.0.7", optional = true } -s2n-quic = { version = "1.51.0", path = "../submodules/s2n-quic/quic/s2n-quic/", default-features = false, features = [ +s2n-quic = { version = "1.52.0", path = "../submodules/s2n-quic/quic/s2n-quic/", default-features = false, features = [ "provider-tls-rustls", ], optional = true } -s2n-quic-core = { version = "0.51.0", path = "../submodules/s2n-quic/quic/s2n-quic-core", default-features = false, optional = true } -s2n-quic-rustls = { version = "0.51.0", path = "../submodules/s2n-quic/quic/s2n-quic-rustls", optional = true } +s2n-quic-core = { version = "0.52.0", path = "../submodules/s2n-quic/quic/s2n-quic-core", default-features = false, optional = true } +s2n-quic-rustls = { version = "0.52.0", path = "../submodules/s2n-quic/quic/s2n-quic-rustls", optional = true } s2n-quic-h3 = { path = "../submodules/s2n-quic/quic/s2n-quic-h3/", features = [ "tracing", ], optional = true } diff --git a/submodules/s2n-quic b/submodules/s2n-quic index b49cb51..6115fa4 160000 --- a/submodules/s2n-quic +++ b/submodules/s2n-quic @@ -1 +1 @@ -Subproject commit b49cb517d0256864a9382f04fedd0e9f71531d85 +Subproject commit 6115fa43e96ce3745f3457f940d64606642224ee From 3cc44731a4ca5e9dd7a73a3ba04968cf516134f8 Mon Sep 17 00:00:00 2001 From: Jun Kurihara Date: Wed, 8 Jan 2025 14:39:12 +0900 Subject: [PATCH 03/20] chore: year++ --- LICENSE | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/LICENSE b/LICENSE index 096f5e1..ddb8c03 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ MIT License -Copyright (c) 2024 Jun Kurihara +Copyright (c) 2025 Jun Kurihara Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal From b96bba68db31dd91ad3e06b054e33d8f99f754fe Mon Sep 17 00:00:00 2001 From: Jun Kurihara Date: Fri, 10 Jan 2025 19:26:27 +0900 Subject: [PATCH 04/20] chore: upgrade --- rpxy-acme/Cargo.toml | 6 +++--- rpxy-bin/Cargo.toml | 6 +++--- rpxy-certs/Cargo.toml | 6 +++--- rpxy-lib/Cargo.toml | 8 ++++---- 4 files changed, 13 insertions(+), 13 deletions(-) diff --git a/rpxy-acme/Cargo.toml b/rpxy-acme/Cargo.toml index bd8114e..0a12ceb 100644 --- a/rpxy-acme/Cargo.toml +++ b/rpxy-acme/Cargo.toml @@ -16,9 +16,9 @@ post-quantum = ["rustls-post-quantum"] [dependencies] url = { version = "2.5.4" } ahash = "0.8.11" -thiserror = "2.0.9" +thiserror = "2.0.10" tracing = "0.1.41" -async-trait = "0.1.84" +async-trait = "0.1.85" base64 = "0.22.1" aws-lc-rs = { version = "1.12.0", default-features = false, features = [ "aws-lc-sys", @@ -33,6 +33,6 @@ rustls-acme = { path = "../submodules/rustls-acme/", default-features = false, f "aws-lc-rs", ] } rustls-post-quantum = { version = "0.2.1", optional = true } -tokio = { version = "1.42.0", default-features = false } +tokio = { version = "1.43.0", default-features = false } tokio-util = { version = "0.7.13", default-features = false } tokio-stream = { version = "0.1.17", default-features = false } diff --git a/rpxy-bin/Cargo.toml b/rpxy-bin/Cargo.toml index 16bc0d3..21f7fe4 100644 --- a/rpxy-bin/Cargo.toml +++ b/rpxy-bin/Cargo.toml @@ -33,7 +33,7 @@ mimalloc = { version = "*", default-features = false } anyhow = "1.0.95" ahash = "0.8.11" serde = { version = "1.0.217", default-features = false, features = ["derive"] } -tokio = { version = "1.42.0", default-features = false, features = [ +tokio = { version = "1.43.0", default-features = false, features = [ "net", "rt-multi-thread", "time", @@ -41,11 +41,11 @@ tokio = { version = "1.42.0", default-features = false, features = [ "macros", ] } tokio-util = { version = "0.7.13", default-features = false } -async-trait = "0.1.84" +async-trait = "0.1.85" futures-util = { version = "0.3.31", default-features = false } # config -clap = { version = "4.5.23", features = ["std", "cargo", "wrap_help"] } +clap = { version = "4.5.26", features = ["std", "cargo", "wrap_help"] } toml = { version = "0.8.19", default-features = false, features = ["parse"] } hot_reload = "0.1.8" serde_ignored = "0.1.10" diff --git a/rpxy-certs/Cargo.toml b/rpxy-certs/Cargo.toml index f060b1a..0bd9f94 100644 --- a/rpxy-certs/Cargo.toml +++ b/rpxy-certs/Cargo.toml @@ -19,9 +19,9 @@ http3 = [] ahash = { version = "0.8.11" } tracing = { version = "0.1.41" } derive_builder = { version = "0.20.2" } -thiserror = { version = "2.0.9" } +thiserror = { version = "2.0.10" } hot_reload = { version = "0.1.8" } -async-trait = { version = "0.1.84" } +async-trait = { version = "0.1.85" } rustls = { version = "0.23.20", default-features = false, features = [ "std", "aws_lc_rs", @@ -35,7 +35,7 @@ rustls-post-quantum = { version = "0.2.1", optional = true } x509-parser = { version = "0.16.0" } [dev-dependencies] -tokio = { version = "1.42.0", default-features = false, features = [ +tokio = { version = "1.43.0", default-features = false, features = [ "rt-multi-thread", "macros", ] } diff --git a/rpxy-lib/Cargo.toml b/rpxy-lib/Cargo.toml index 511e177..534f847 100644 --- a/rpxy-lib/Cargo.toml +++ b/rpxy-lib/Cargo.toml @@ -41,7 +41,7 @@ ahash = "0.8.11" bytes = "1.9.0" derive_builder = "0.20.2" futures = { version = "0.3.31", features = ["alloc", "async-await"] } -tokio = { version = "1.42.0", default-features = false, features = [ +tokio = { version = "1.43.0", default-features = false, features = [ "net", "rt-multi-thread", "time", @@ -50,12 +50,12 @@ tokio = { version = "1.42.0", default-features = false, features = [ "fs", ] } tokio-util = { version = "0.7.13", default-features = false } -pin-project-lite = "0.2.15" -async-trait = "0.1.84" +pin-project-lite = "0.2.16" +async-trait = "0.1.85" # Error handling anyhow = "1.0.95" -thiserror = "2.0.9" +thiserror = "2.0.10" # http for both server and client http = "1.2.0" From 8ffd80ce945a9b3e24fdbe782d84a64d272f4bac Mon Sep 17 00:00:00 2001 From: Jun Kurihara Date: Sat, 11 Jan 2025 12:19:49 +0900 Subject: [PATCH 05/20] chore:deps --- rpxy-acme/Cargo.toml | 4 ++-- rpxy-certs/Cargo.toml | 4 ++-- rpxy-lib/Cargo.toml | 4 ++-- submodules/rustls-acme | 2 +- submodules/rusty-http-cache-semantics | 2 +- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/rpxy-acme/Cargo.toml b/rpxy-acme/Cargo.toml index 0a12ceb..e4eb2cb 100644 --- a/rpxy-acme/Cargo.toml +++ b/rpxy-acme/Cargo.toml @@ -16,7 +16,7 @@ post-quantum = ["rustls-post-quantum"] [dependencies] url = { version = "2.5.4" } ahash = "0.8.11" -thiserror = "2.0.10" +thiserror = "2.0.11" tracing = "0.1.41" async-trait = "0.1.85" base64 = "0.22.1" @@ -24,7 +24,7 @@ aws-lc-rs = { version = "1.12.0", default-features = false, features = [ "aws-lc-sys", ] } blocking = "1.6.1" -rustls = { version = "0.23.20", default-features = false, features = [ +rustls = { version = "0.23.21", default-features = false, features = [ "std", "aws_lc_rs", ] } diff --git a/rpxy-certs/Cargo.toml b/rpxy-certs/Cargo.toml index 0bd9f94..370596e 100644 --- a/rpxy-certs/Cargo.toml +++ b/rpxy-certs/Cargo.toml @@ -19,10 +19,10 @@ http3 = [] ahash = { version = "0.8.11" } tracing = { version = "0.1.41" } derive_builder = { version = "0.20.2" } -thiserror = { version = "2.0.10" } +thiserror = { version = "2.0.11" } hot_reload = { version = "0.1.8" } async-trait = { version = "0.1.85" } -rustls = { version = "0.23.20", default-features = false, features = [ +rustls = { version = "0.23.21", default-features = false, features = [ "std", "aws_lc_rs", ] } diff --git a/rpxy-lib/Cargo.toml b/rpxy-lib/Cargo.toml index e9b76b2..19ed17a 100644 --- a/rpxy-lib/Cargo.toml +++ b/rpxy-lib/Cargo.toml @@ -55,7 +55,7 @@ async-trait = "0.1.85" # Error handling anyhow = "1.0.95" -thiserror = "2.0.10" +thiserror = "2.0.11" # http for both server and client http = "1.2.0" @@ -80,7 +80,7 @@ hyper-rustls = { version = "0.27.5", default-features = false, features = [ # tls and cert management for server rpxy-certs = { path = "../rpxy-certs/", default-features = false } hot_reload = "0.1.8" -rustls = { version = "0.23.20", default-features = false } +rustls = { version = "0.23.21", default-features = false } rustls-post-quantum = { version = "0.2.1", optional = true } tokio-rustls = { version = "0.26.1", features = ["early-data"] } diff --git a/submodules/rustls-acme b/submodules/rustls-acme index af2d016..3261f45 160000 --- a/submodules/rustls-acme +++ b/submodules/rustls-acme @@ -1 +1 @@ -Subproject commit af2d016b6aa4e09586253a0459efc4af6635c79b +Subproject commit 3261f4527baa1c83305b753a8f72c6fbc58a18d7 diff --git a/submodules/rusty-http-cache-semantics b/submodules/rusty-http-cache-semantics index d5b5efd..2500716 160000 --- a/submodules/rusty-http-cache-semantics +++ b/submodules/rusty-http-cache-semantics @@ -1 +1 @@ -Subproject commit d5b5efd9de4dab3c958c50be5380652d801cc65f +Subproject commit 2500716b70bd6e548cdf690188ded7afe6726330 From 3e7240e4cae021a2c4703594873a98c090b8b2ad Mon Sep 17 00:00:00 2001 From: Jun Kurihara Date: Sat, 11 Jan 2025 13:21:54 +0900 Subject: [PATCH 06/20] chore: refactor --- rpxy-lib/src/message_handler/handler_main.rs | 2 +- rpxy-lib/src/message_handler/utils_headers.rs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/rpxy-lib/src/message_handler/handler_main.rs b/rpxy-lib/src/message_handler/handler_main.rs index 4b324df..23133a2 100644 --- a/rpxy-lib/src/message_handler/handler_main.rs +++ b/rpxy-lib/src/message_handler/handler_main.rs @@ -200,7 +200,7 @@ where // Handle StatusCode::SWITCHING_PROTOCOLS in response let upgrade_in_response = extract_upgrade(res_backend.headers()); let should_upgrade = match (upgrade_in_request.as_ref(), upgrade_in_response.as_ref()) { - (Some(u_req), Some(u_res)) => u_req.to_ascii_lowercase() == u_res.to_ascii_lowercase(), + (Some(u_req), Some(u_res)) => u_req.eq_ignore_ascii_case(u_res), _ => false, }; diff --git a/rpxy-lib/src/message_handler/utils_headers.rs b/rpxy-lib/src/message_handler/utils_headers.rs index d058f88..1fa3c99 100644 --- a/rpxy-lib/src/message_handler/utils_headers.rs +++ b/rpxy-lib/src/message_handler/utils_headers.rs @@ -272,7 +272,7 @@ pub(super) fn extract_upgrade(headers: &HeaderMap) -> Option { .to_str() .unwrap_or("") .split(',') - .any(|w| w.trim().to_ascii_lowercase() == header::UPGRADE.as_str().to_ascii_lowercase()) + .any(|w| w.trim().eq_ignore_ascii_case(header::UPGRADE.as_str())) { if let Some(u) = headers.get(header::UPGRADE) { if let Ok(m) = u.to_str() { From a4a4c9f25fd77fe4e97afa78509d23b9fab86427 Mon Sep 17 00:00:00 2001 From: Jun Kurihara Date: Fri, 17 Jan 2025 11:34:05 +0900 Subject: [PATCH 07/20] chore: submodule --- rpxy-acme/Cargo.toml | 2 +- submodules/rustls-acme | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/rpxy-acme/Cargo.toml b/rpxy-acme/Cargo.toml index e4eb2cb..d81e322 100644 --- a/rpxy-acme/Cargo.toml +++ b/rpxy-acme/Cargo.toml @@ -20,7 +20,7 @@ thiserror = "2.0.11" tracing = "0.1.41" async-trait = "0.1.85" base64 = "0.22.1" -aws-lc-rs = { version = "1.12.0", default-features = false, features = [ +aws-lc-rs = { version = "1.12.1", default-features = false, features = [ "aws-lc-sys", ] } blocking = "1.6.1" diff --git a/submodules/rustls-acme b/submodules/rustls-acme index 3261f45..a65d7e7 160000 --- a/submodules/rustls-acme +++ b/submodules/rustls-acme @@ -1 +1 @@ -Subproject commit 3261f4527baa1c83305b753a8f72c6fbc58a18d7 +Subproject commit a65d7e7000b49e6e1e14daf32baee094f4d8dacd From 046e79e9142f2c8348e38cf1784d9702e1db39bc Mon Sep 17 00:00:00 2001 From: Jun Kurihara Date: Wed, 22 Jan 2025 02:09:48 +0900 Subject: [PATCH 08/20] chore:deps --- rpxy-bin/Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rpxy-bin/Cargo.toml b/rpxy-bin/Cargo.toml index 21f7fe4..393688e 100644 --- a/rpxy-bin/Cargo.toml +++ b/rpxy-bin/Cargo.toml @@ -45,7 +45,7 @@ async-trait = "0.1.85" futures-util = { version = "0.3.31", default-features = false } # config -clap = { version = "4.5.26", features = ["std", "cargo", "wrap_help"] } +clap = { version = "4.5.27", features = ["std", "cargo", "wrap_help"] } toml = { version = "0.8.19", default-features = false, features = ["parse"] } hot_reload = "0.1.8" serde_ignored = "0.1.10" From 8cc2a5f77c0cbb663fe47ec257a8183065faf230 Mon Sep 17 00:00:00 2001 From: Jun Kurihara Date: Thu, 23 Jan 2025 15:42:23 +0900 Subject: [PATCH 09/20] chore: deps s2n-quic --- rpxy-acme/Cargo.toml | 2 +- rpxy-lib/Cargo.toml | 6 +++--- submodules/s2n-quic | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/rpxy-acme/Cargo.toml b/rpxy-acme/Cargo.toml index d81e322..3489571 100644 --- a/rpxy-acme/Cargo.toml +++ b/rpxy-acme/Cargo.toml @@ -20,7 +20,7 @@ thiserror = "2.0.11" tracing = "0.1.41" async-trait = "0.1.85" base64 = "0.22.1" -aws-lc-rs = { version = "1.12.1", default-features = false, features = [ +aws-lc-rs = { version = "1.12.2", default-features = false, features = [ "aws-lc-sys", ] } blocking = "1.6.1" diff --git a/rpxy-lib/Cargo.toml b/rpxy-lib/Cargo.toml index 19ed17a..fd6c3f4 100644 --- a/rpxy-lib/Cargo.toml +++ b/rpxy-lib/Cargo.toml @@ -94,11 +94,11 @@ tracing = { version = "0.1.41" } quinn = { version = "0.11.6", optional = true } h3 = { version = "0.0.6", features = ["tracing"], optional = true } h3-quinn = { version = "0.0.7", optional = true } -s2n-quic = { version = "1.52.0", path = "../submodules/s2n-quic/quic/s2n-quic/", default-features = false, features = [ +s2n-quic = { version = "1.52.1", path = "../submodules/s2n-quic/quic/s2n-quic/", default-features = false, features = [ "provider-tls-rustls", ], optional = true } -s2n-quic-core = { version = "0.52.0", path = "../submodules/s2n-quic/quic/s2n-quic-core", default-features = false, optional = true } -s2n-quic-rustls = { version = "0.52.0", path = "../submodules/s2n-quic/quic/s2n-quic-rustls", optional = true } +s2n-quic-core = { version = "0.52.1", path = "../submodules/s2n-quic/quic/s2n-quic-core", default-features = false, optional = true } +s2n-quic-rustls = { version = "0.52.1", path = "../submodules/s2n-quic/quic/s2n-quic-rustls", optional = true } s2n-quic-h3 = { path = "../submodules/s2n-quic/quic/s2n-quic-h3/", features = [ "tracing", ], optional = true } diff --git a/submodules/s2n-quic b/submodules/s2n-quic index 6115fa4..de2a580 160000 --- a/submodules/s2n-quic +++ b/submodules/s2n-quic @@ -1 +1 @@ -Subproject commit 6115fa43e96ce3745f3457f940d64606642224ee +Subproject commit de2a5808b9cd712f51e5b1973ce8065b4cb046b9 From b945d0404ff7c48cf785523e015e71494bfdd697 Mon Sep 17 00:00:00 2001 From: Jun Kurihara Date: Wed, 29 Jan 2025 17:51:04 +0900 Subject: [PATCH 10/20] chore: deps lru --- rpxy-lib/Cargo.toml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rpxy-lib/Cargo.toml b/rpxy-lib/Cargo.toml index fd6c3f4..1b00f0e 100644 --- a/rpxy-lib/Cargo.toml +++ b/rpxy-lib/Cargo.toml @@ -60,7 +60,7 @@ thiserror = "2.0.11" # http for both server and client http = "1.2.0" http-body-util = "0.1.2" -hyper = { version = "1.5.2", default-features = false } +hyper = { version = "1.6.0", default-features = false } hyper-util = { version = "0.1.10", features = ["full"] } futures-util = { version = "0.3.31", default-features = false } futures-channel = { version = "0.3.31", default-features = false } @@ -108,7 +108,7 @@ socket2 = { version = "0.5.8", features = ["all"], optional = true } # cache http-cache-semantics = { path = "../submodules/rusty-http-cache-semantics", default-features = false, optional = true } -lru = { version = "0.12.5", optional = true } +lru = { version = "0.13.0", optional = true } sha2 = { version = "0.10.8", default-features = false, optional = true } # cookie handling for sticky cookie From dc7c34d7e4e8974902816a83375101b59eb3e80e Mon Sep 17 00:00:00 2001 From: Jun Kurihara Date: Wed, 29 Jan 2025 17:55:07 +0900 Subject: [PATCH 11/20] chore: deps rand --- rpxy-lib/Cargo.toml | 2 +- rpxy-lib/src/backend/load_balance/load_balance_main.rs | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/rpxy-lib/Cargo.toml b/rpxy-lib/Cargo.toml index 1b00f0e..b04b5f2 100644 --- a/rpxy-lib/Cargo.toml +++ b/rpxy-lib/Cargo.toml @@ -36,7 +36,7 @@ post-quantum = [ ] [dependencies] -rand = "0.8.5" +rand = "0.9.0" ahash = "0.8.11" bytes = "1.9.0" derive_builder = "0.20.2" diff --git a/rpxy-lib/src/backend/load_balance/load_balance_main.rs b/rpxy-lib/src/backend/load_balance/load_balance_main.rs index 0b3eff8..0db21dd 100644 --- a/rpxy-lib/src/backend/load_balance/load_balance_main.rs +++ b/rpxy-lib/src/backend/load_balance/load_balance_main.rs @@ -80,8 +80,8 @@ impl LoadBalanceRandomBuilder { impl LoadBalanceWithPointer for LoadBalanceRandom { /// Returns the random index within the range fn get_ptr(&self, _info: Option<&LoadBalanceContext>) -> PointerToUpstream { - let mut rng = rand::thread_rng(); - let ptr = rng.gen_range(0..self.num_upstreams); + let mut rng = rand::rng(); + let ptr = rng.random_range(0..self.num_upstreams); PointerToUpstream { ptr, context: None } } } From 130e8823636b885605843829c0a5708bccaf0bff Mon Sep 17 00:00:00 2001 From: Jun Kurihara Date: Thu, 30 Jan 2025 15:37:31 +0900 Subject: [PATCH 12/20] chore: deps --- rpxy-certs/Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rpxy-certs/Cargo.toml b/rpxy-certs/Cargo.toml index 370596e..7d7cd3a 100644 --- a/rpxy-certs/Cargo.toml +++ b/rpxy-certs/Cargo.toml @@ -32,7 +32,7 @@ rustls-webpki = { version = "0.102.8", default-features = false, features = [ "aws_lc_rs", ] } rustls-post-quantum = { version = "0.2.1", optional = true } -x509-parser = { version = "0.16.0" } +x509-parser = { version = "0.17.0" } [dev-dependencies] tokio = { version = "1.43.0", default-features = false, features = [ From 6f018447170700e952a69b1c8e3f574ce8f14cf1 Mon Sep 17 00:00:00 2001 From: Jun Kurihara Date: Fri, 31 Jan 2025 11:34:59 +0900 Subject: [PATCH 13/20] deps --- rpxy-acme/Cargo.toml | 4 ++-- rpxy-certs/Cargo.toml | 4 ++-- rpxy-lib/Cargo.toml | 4 ++-- submodules/s2n-quic | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/rpxy-acme/Cargo.toml b/rpxy-acme/Cargo.toml index 3489571..113f01e 100644 --- a/rpxy-acme/Cargo.toml +++ b/rpxy-acme/Cargo.toml @@ -24,7 +24,7 @@ aws-lc-rs = { version = "1.12.2", default-features = false, features = [ "aws-lc-sys", ] } blocking = "1.6.1" -rustls = { version = "0.23.21", default-features = false, features = [ +rustls = { version = "0.23.22", default-features = false, features = [ "std", "aws_lc_rs", ] } @@ -32,7 +32,7 @@ rustls-platform-verifier = { version = "0.5.0" } rustls-acme = { path = "../submodules/rustls-acme/", default-features = false, features = [ "aws-lc-rs", ] } -rustls-post-quantum = { version = "0.2.1", optional = true } +rustls-post-quantum = { version = "0.2.2", optional = true } tokio = { version = "1.43.0", default-features = false } tokio-util = { version = "0.7.13", default-features = false } tokio-stream = { version = "0.1.17", default-features = false } diff --git a/rpxy-certs/Cargo.toml b/rpxy-certs/Cargo.toml index 7d7cd3a..8ed4fc4 100644 --- a/rpxy-certs/Cargo.toml +++ b/rpxy-certs/Cargo.toml @@ -22,7 +22,7 @@ derive_builder = { version = "0.20.2" } thiserror = { version = "2.0.11" } hot_reload = { version = "0.1.8" } async-trait = { version = "0.1.85" } -rustls = { version = "0.23.21", default-features = false, features = [ +rustls = { version = "0.23.22", default-features = false, features = [ "std", "aws_lc_rs", ] } @@ -31,7 +31,7 @@ rustls-webpki = { version = "0.102.8", default-features = false, features = [ "std", "aws_lc_rs", ] } -rustls-post-quantum = { version = "0.2.1", optional = true } +rustls-post-quantum = { version = "0.2.2", optional = true } x509-parser = { version = "0.17.0" } [dev-dependencies] diff --git a/rpxy-lib/Cargo.toml b/rpxy-lib/Cargo.toml index b04b5f2..f14d821 100644 --- a/rpxy-lib/Cargo.toml +++ b/rpxy-lib/Cargo.toml @@ -80,8 +80,8 @@ hyper-rustls = { version = "0.27.5", default-features = false, features = [ # tls and cert management for server rpxy-certs = { path = "../rpxy-certs/", default-features = false } hot_reload = "0.1.8" -rustls = { version = "0.23.21", default-features = false } -rustls-post-quantum = { version = "0.2.1", optional = true } +rustls = { version = "0.23.22", default-features = false } +rustls-post-quantum = { version = "0.2.2", optional = true } tokio-rustls = { version = "0.26.1", features = ["early-data"] } # acme diff --git a/submodules/s2n-quic b/submodules/s2n-quic index de2a580..7852417 160000 --- a/submodules/s2n-quic +++ b/submodules/s2n-quic @@ -1 +1 @@ -Subproject commit de2a5808b9cd712f51e5b1973ce8065b4cb046b9 +Subproject commit 78524172f54af5e3d5a0404b230d265c82eaf446 From 201733e1ce49b467ee6b07696c65868ead837719 Mon Sep 17 00:00:00 2001 From: Jun Kurihara Date: Fri, 31 Jan 2025 12:40:45 +0900 Subject: [PATCH 14/20] fix dockerfile --- docker/Dockerfile | 1 + docker/Dockerfile-slim | 1 + 2 files changed, 2 insertions(+) diff --git a/docker/Dockerfile b/docker/Dockerfile index 707c342..c213bc1 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -40,6 +40,7 @@ RUN apt-get update && apt-get install -qy --no-install-recommends $BUILD_DEPS ${ echo "Install toolchain" && \ rustup target add $(cat /arch)-${TARGET_SUFFIX} && \ echo "Building rpxy from source" && \ + cargo update &&\ cargo build --release --target=$(cat /arch)-${TARGET_SUFFIX} ${CARGO_FEATURES} && \ strip --strip-all /tmp/target/$(cat /arch)-${TARGET_SUFFIX}/release/rpxy &&\ cp /tmp/target/$(cat /arch)-${TARGET_SUFFIX}/release/rpxy /tmp/target/release/rpxy diff --git a/docker/Dockerfile-slim b/docker/Dockerfile-slim index 0aa69cc..b58a408 100644 --- a/docker/Dockerfile-slim +++ b/docker/Dockerfile-slim @@ -25,6 +25,7 @@ COPY . /tmp/ ENV RUSTFLAGS "-C link-arg=-s" RUN echo "Building rpxy from source" && \ + cargo update && \ cargo build --release --target $(cat /arch)-unknown-linux-musl ${CARGO_FEATURES} && \ musl-strip --strip-all /tmp/target/$(cat /arch)-unknown-linux-musl/release/rpxy && \ cp /tmp/target/$(cat /arch)-unknown-linux-musl/release/rpxy /tmp/target/release/rpxy From 2371fac115e4f67ebacd5029501b79e518bca13a Mon Sep 17 00:00:00 2001 From: Jun Kurihara Date: Fri, 31 Jan 2025 13:32:33 +0900 Subject: [PATCH 15/20] tentative downgrade of gha os --- .github/workflows/release_docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release_docker.yml b/.github/workflows/release_docker.yml index 6accef5..ba38262 100644 --- a/.github/workflows/release_docker.yml +++ b/.github/workflows/release_docker.yml @@ -16,7 +16,7 @@ env: jobs: build_and_push: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 if: ${{ github.event_name == 'push' }} || ${{ github.event_name == 'pull_request' && github.event.pull_request.merged == true }} strategy: fail-fast: false From 461ef67ef24ad63a8489d85c84c4a4a1d6a87682 Mon Sep 17 00:00:00 2001 From: Jun Kurihara Date: Sat, 1 Feb 2025 02:50:48 +0900 Subject: [PATCH 16/20] support grpc (force http2 when grpc) --- rpxy-lib/src/forwarder/client.rs | 4 +++- rpxy-lib/src/message_handler/utils_request.rs | 12 ++++++++++++ 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/rpxy-lib/src/forwarder/client.rs b/rpxy-lib/src/forwarder/client.rs index bc99b41..292be06 100644 --- a/rpxy-lib/src/forwarder/client.rs +++ b/rpxy-lib/src/forwarder/client.rs @@ -226,7 +226,9 @@ where let connector = builder.https_or_http().enable_all_versions().wrap_connector(http.clone()); let connector_h2 = builder_h2.https_or_http().enable_http2().wrap_connector(http); let inner = Client::builder(LocalExecutor::new(_globals.runtime_handle.clone())).build::<_, B1>(connector); - let inner_h2 = Client::builder(LocalExecutor::new(_globals.runtime_handle.clone())).build::<_, B1>(connector_h2); + let inner_h2 = Client::builder(LocalExecutor::new(_globals.runtime_handle.clone())) + .http2_only(true) + .build::<_, B1>(connector_h2); Ok(Self { inner, diff --git a/rpxy-lib/src/message_handler/utils_request.rs b/rpxy-lib/src/message_handler/utils_request.rs index b60835f..0a0a77c 100644 --- a/rpxy-lib/src/message_handler/utils_request.rs +++ b/rpxy-lib/src/message_handler/utils_request.rs @@ -59,6 +59,18 @@ pub(super) fn update_request_line( upstream_chosen: &Upstream, upstream_candidates: &UpstreamCandidates, ) -> anyhow::Result<()> { + // If request is grpc, HTTP/2 is required + if req + .headers() + .get(header::CONTENT_TYPE) + .map(|v| v.as_bytes().starts_with(b"application/grpc")) + == Some(true) + { + debug!("Must be http/2 for gRPC request."); + *req.version_mut() = Version::HTTP_2; + return Ok(()); + } + // If not specified (force_httpXX_upstream) and https, version is preserved except for http/3 if upstream_chosen.uri.scheme() == Some(&Scheme::HTTP) { // Change version to http/1.1 when destination scheme is http From fe5e9fb166b96c0dcf68f5020b3d50c473f430e6 Mon Sep 17 00:00:00 2001 From: Jun Kurihara Date: Sat, 1 Feb 2025 03:21:01 +0900 Subject: [PATCH 17/20] doces: cleanup heading --- README.md | 38 ++++++++++++++++++++++++++++++++++---- 1 file changed, 34 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index ebe3de3..fdb7f87 100644 --- a/README.md +++ b/README.md @@ -14,15 +14,28 @@ [^pure_rust]: Doubtfully can be claimed to be written in pure Rust since current `rpxy` is based on `aws-lc-rs` for cryptographic operations. -By default, `rpxy` provides the *TLS connection sanitization* by correctly binding a certificate used to establish a secure channel with the backend application. Specifically, it always keeps the consistency between the given SNI (server name indication) in `ClientHello` of the underlying TLS and the domain name given by the overlaid HTTP HOST header (or URL in Request line) [^1]. Additionally, as a somewhat unstable feature, our `rpxy` can handle the brand-new HTTP/3 connection thanks to [`quinn`](https://github.com/quinn-rs/quinn), [`s2n-quic`](https://github.com/aws/s2n-quic) and [`hyperium/h3`](https://github.com/hyperium/h3).[^h3lib] Furthermore, `rpxy` supports the automatic issuance and renewal of certificates via [TLS-ALPN-01 (RFC8737)](https://www.rfc-editor.org/rfc/rfc8737) of [ACME protocol (RFC8555)](https://www.rfc-editor.org/rfc/rfc8555) thanks to [`rustls-acme`](https://github.com/FlorianUekermann/rustls-acme), and the hybridized post-quantum key exchange [`X25519MLKEM768`](https://www.ietf.org/archive/id/draft-kwiatkowski-tls-ecdhe-mlkem-02.html)[^kyber] for TLS/QUIC incoming and outgoing initiation thanks to [`rustls-post-quantum`](https://docs.rs/rustls-post-quantum/latest/rustls_post_quantum/). +Supported features are summarized as follows: - [^h3lib]: HTTP/3 libraries are mutually exclusive. You need to explicitly specify `s2n-quic` with `--no-default-features` flag. Also note that if you build `rpxy` with `s2n-quic`, then it requires `openssl` just for building the package. +- Supported HTTP(S) protocols: HTTP/1.1, HTTP/2 and brand-new HTTP/3 [^h3lib] +- gRPC is also supported +- Serving multiple domain names with TLS termination +- Mutual TLS authentication with client certificates +- Automated certificate issuance and renewal via TLS-ALPN-01 ACME protocol [^acme] +- Post-quantum key exchange for TLS/QUIC [^kyber] +- TLS connection sanitization to avoid the domain fronting [^sanitization] +- Load balancing with round-robin, random, and sticky session +- and more... - [^kyber]: This is already a default feature. Also note that `X25519MLKEM768` is still a draft version yet this is widely used on the Internet. +[^h3lib]: HTTP/3 is enabled thanks to [`quinn`](https://github.com/quinn-rs/quinn), [`s2n-quic`](https://github.com/aws/s2n-quic) and [`hyperium/h3`](https://github.com/hyperium/h3). HTTP/3 libraries are mutually exclusive. You need to explicitly specify `s2n-quic` with `--no-default-features` flag. Also note that if you build `rpxy` with `s2n-quic`, then it requires `openssl` just for building the package. + +[^acme]: `rpxy` supports the automatic issuance and renewal of certificates via [TLS-ALPN-01 (RFC8737)](https://www.rfc-editor.org/rfc/rfc8737) of [ACME protocol (RFC8555)](https://www.rfc-editor.org/rfc/rfc8555) thanks to [`rustls-acme`](https://github.com/FlorianUekermann/rustls-acme). + +[^kyber]: `rpxy` supports the hybridized post-quantum key exchange [`X25519MLKEM768`](https://www.ietf.org/archive/id/draft-kwiatkowski-tls-ecdhe-mlkem-02.html)[^kyber] for TLS/QUIC incoming and outgoing initiation thanks to [`rustls-post-quantum`](https://docs.rs/rustls-post-quantum/latest/rustls_post_quantum/). This is already a default feature. Also note that `X25519MLKEM768` is still a draft version yet this is widely used on the Internet. + +[^sanitization]: By default, `rpxy` provides the *TLS connection sanitization* by correctly binding a certificate used to establish a secure channel with the backend application. Specifically, it always keeps the consistency between the given SNI (server name indication) in `ClientHello` of the underlying TLS and the domain name given by the overlaid HTTP HOST header (or URL in Request line). We should note that NGINX doesn't guarantee such a consistency by default. To this end, you have to add `if` statement in the configuration file in NGINX. This project is still *work-in-progress*. But it is already working in some production environments and serves a number of domain names. Furthermore it *significantly outperforms* NGINX and Caddy, e.g., *1.5x faster than NGINX*, in the setting of a very simple HTTP reverse-proxy scenario (See [`bench`](./bench/) directory). - [^1]: We should note that NGINX doesn't guarantee such a consistency by default. To this end, you have to add `if` statement in the configuration file in NGINX. ## Installing/Building an Executable Binary of `rpxy` @@ -422,6 +435,23 @@ Check a third party project [`Gamerboy59/rpxy-webui`](https://github.com/Gamerbo todo! +## Credits + +`rpxy` cannot be built without the following projects and inspirations: + +- [`hyper`](https://github.com/hyperium/hyper) and [`hyperium/h3`](https://github.com/hyperium/h3) + +- [`rustls`](https://github.com/rustls/rustls) + +- [`tokio`](https://github.com/tokio-rs/tokio) + +- [`quinn`](https://github.com/quinn-rs/quinn) + +- [`s2n-quic`](https://github.com/aws/s2n-quic) + +- [`rustls-acme`](https://github.com/FlorianUekermann/rustls-acme) + + ## License `rpxy` is free, open-source software licensed under MIT License. From 22132926e3d4584bcef05f4ab5ee099ab6dcf606 Mon Sep 17 00:00:00 2001 From: Jun Kurihara Date: Sat, 1 Feb 2025 03:22:45 +0900 Subject: [PATCH 18/20] docs: refactor --- README.md | 5 ----- 1 file changed, 5 deletions(-) diff --git a/README.md b/README.md index fdb7f87..912ed62 100644 --- a/README.md +++ b/README.md @@ -440,15 +440,10 @@ todo! `rpxy` cannot be built without the following projects and inspirations: - [`hyper`](https://github.com/hyperium/hyper) and [`hyperium/h3`](https://github.com/hyperium/h3) - - [`rustls`](https://github.com/rustls/rustls) - - [`tokio`](https://github.com/tokio-rs/tokio) - - [`quinn`](https://github.com/quinn-rs/quinn) - - [`s2n-quic`](https://github.com/aws/s2n-quic) - - [`rustls-acme`](https://github.com/FlorianUekermann/rustls-acme) From 07a49af316df77a465e3f90bc15dc29f2e5fb3fd Mon Sep 17 00:00:00 2001 From: Jun Kurihara Date: Sat, 1 Feb 2025 04:16:41 +0900 Subject: [PATCH 19/20] feat: add version tag for github release docker --- .github/workflows/release_docker.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.github/workflows/release_docker.yml b/.github/workflows/release_docker.yml index ba38262..9ebc053 100644 --- a/.github/workflows/release_docker.yml +++ b/.github/workflows/release_docker.yml @@ -170,6 +170,14 @@ jobs: platforms: ${{ matrix.platforms }} labels: ${{ steps.meta.outputs.labels }} + - name: check pull_request title + if: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.ref == 'develop' && github.event.pull_request.base.ref == 'main' && github.event.pull_request.merged == true }} + uses: kaisugi/action-regex-match@v1.0.1 + id: regex-match + with: + text: ${{ github.event.pull_request.title }} + regex: "^(\\d+\\.\\d+\\.\\d+)$" + - name: Release build and push from main branch if: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.ref == 'develop' && github.event.pull_request.base.ref == 'main' && github.event.pull_request.merged == true }} uses: docker/build-push-action@v6 @@ -181,6 +189,8 @@ jobs: ${{ env.GHCR }}/${{ env.GHCR_IMAGE_NAME }}:latest${{ matrix.tags-suffix }} ${{ env.DH_REGISTRY_NAME }}:latest${{ matrix.tags-suffix }} ${{ matrix.aliases }} + ${{ env.GHCR }}/${{ env.GHCR_IMAGE_NAME }}:${{ github.event.pull_request.title }}${{ matrix.tags-suffix }} + ${{ env.DH_REGISTRY_NAME }}:${{ github.event.pull_request.title }}${{ matrix.tags-suffix }} build-contexts: ${{ matrix.build-contexts }} file: ${{ matrix.dockerfile }} cache-from: type=gha,scope=rpxy-latest-${{ matrix.target }} From 6d61f1418736fa9d2108d76ac61fc0d05626ce7d Mon Sep 17 00:00:00 2001 From: Jun Kurihara Date: Sat, 1 Feb 2025 04:27:25 +0900 Subject: [PATCH 20/20] docs and bump --- CHANGELOG.md | 18 +++++++++++++++++- Cargo.toml | 2 +- 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4e6b294..18deef2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,22 @@ # CHANGELOG -## 0.9.7 or 0.10.0 (Unreleased) +## 0.9.8 or 0.10.0 (Unreleased) + +## 0.9.7 + +### Improvement + +- Feat: add version tag for docker images via github actions +- Feat: support gRPC: This makes rpxy to serve gRPC requests on the same port as HTTP and HTTPS, i.e., listen_port and listen_port_tls. This means that by using the different subdomain for HTTP(S) and gRPC, we can multiplex them on same ports without opening another port dedicated to gRPC. To this end, this update made the forwarder to force HTTP/2 for gRPC requests towards backend (gRPC) app. +- Deps and refactor + +### Bugfix + +- Fixed bug for the upstream option "force_http2_upstream" + +### Other + +- Tentative downgrade of github actions `runs-on` from ubuntu-latest to ubuntu-22.04. ## 0.9.6 diff --git a/Cargo.toml b/Cargo.toml index ee0db6c..2cb948f 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,5 +1,5 @@ [workspace.package] -version = "0.9.6" +version = "0.9.7" authors = ["Jun Kurihara"] homepage = "https://github.com/junkurihara/rust-rpxy" repository = "https://github.com/junkurihara/rust-rpxy"