forked from Deuxfleurs/tricot
Actually that was quite a stupid way of handling timeouts
This commit is contained in:
parent
7d5070c57d
commit
ea050c7045
3 changed files with 30 additions and 32 deletions
25
src/https.rs
25
src/https.rs
|
@ -9,7 +9,7 @@ use log::*;
|
||||||
use accept_encoding_fork::Encoding;
|
use accept_encoding_fork::Encoding;
|
||||||
use async_compression::tokio::bufread::*;
|
use async_compression::tokio::bufread::*;
|
||||||
use futures::stream::FuturesUnordered;
|
use futures::stream::FuturesUnordered;
|
||||||
use futures::{Future, StreamExt, TryStreamExt};
|
use futures::{StreamExt, TryStreamExt};
|
||||||
use http::header::{HeaderName, HeaderValue};
|
use http::header::{HeaderName, HeaderValue};
|
||||||
use http::method::Method;
|
use http::method::Method;
|
||||||
use hyper::server::conn::Http;
|
use hyper::server::conn::Http;
|
||||||
|
@ -25,7 +25,6 @@ use crate::cert_store::{CertStore, StoreResolver};
|
||||||
use crate::proxy_config::ProxyConfig;
|
use crate::proxy_config::ProxyConfig;
|
||||||
use crate::reverse_proxy;
|
use crate::reverse_proxy;
|
||||||
|
|
||||||
const PROXY_TIMEOUT: Duration = Duration::from_secs(60);
|
|
||||||
const MAX_CONNECTION_LIFETIME: Duration = Duration::from_secs(24 * 3600);
|
const MAX_CONNECTION_LIFETIME: Duration = Duration::from_secs(24 * 3600);
|
||||||
|
|
||||||
pub struct HttpsConfig {
|
pub struct HttpsConfig {
|
||||||
|
@ -189,11 +188,10 @@ async fn handle(
|
||||||
|
|
||||||
let mut response = if proxy_to.https_target {
|
let mut response = if proxy_to.https_target {
|
||||||
let to_addr = format!("https://{}", proxy_to.target_addr);
|
let to_addr = format!("https://{}", proxy_to.target_addr);
|
||||||
handle_timeout_and_error(reverse_proxy::call_https(remote_addr.ip(), &to_addr, req))
|
handle_error(reverse_proxy::call_https(remote_addr.ip(), &to_addr, req).await)
|
||||||
.await
|
|
||||||
} else {
|
} else {
|
||||||
let to_addr = format!("http://{}", proxy_to.target_addr);
|
let to_addr = format!("http://{}", proxy_to.target_addr);
|
||||||
handle_timeout_and_error(reverse_proxy::call(remote_addr.ip(), &to_addr, req)).await
|
handle_error(reverse_proxy::call(remote_addr.ip(), &to_addr, req).await)
|
||||||
};
|
};
|
||||||
|
|
||||||
// Do further processing (compression, additionnal headers) only for 2xx responses
|
// Do further processing (compression, additionnal headers) only for 2xx responses
|
||||||
|
@ -225,27 +223,14 @@ async fn handle(
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
async fn handle_timeout_and_error(
|
fn handle_error(resp: Result<Response<Body>>) -> Response<Body> {
|
||||||
fut: impl Future<Output = Result<Response<Body>>>,
|
|
||||||
) -> Response<Body> {
|
|
||||||
select!(
|
|
||||||
resp = fut => {
|
|
||||||
match resp {
|
match resp {
|
||||||
Ok(resp) => resp,
|
Ok(resp) => resp,
|
||||||
Err(e) =>
|
Err(e) => Response::builder()
|
||||||
Response::builder()
|
|
||||||
.status(StatusCode::BAD_GATEWAY)
|
.status(StatusCode::BAD_GATEWAY)
|
||||||
.body(Body::from(format!("Proxy error: {}", e)))
|
.body(Body::from(format!("Proxy error: {}", e)))
|
||||||
.unwrap(),
|
.unwrap(),
|
||||||
}
|
}
|
||||||
}
|
|
||||||
_ = tokio::time::sleep(PROXY_TIMEOUT) => {
|
|
||||||
Response::builder()
|
|
||||||
.status(StatusCode::BAD_GATEWAY)
|
|
||||||
.body(Body::from("Proxy timeout"))
|
|
||||||
.unwrap()
|
|
||||||
}
|
|
||||||
)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
async fn try_compress(
|
async fn try_compress(
|
||||||
|
|
|
@ -5,19 +5,21 @@ use std::convert::TryInto;
|
||||||
use std::net::IpAddr;
|
use std::net::IpAddr;
|
||||||
use std::str::FromStr;
|
use std::str::FromStr;
|
||||||
use std::sync::Arc;
|
use std::sync::Arc;
|
||||||
use std::time::SystemTime;
|
use std::time::{Duration, SystemTime};
|
||||||
|
|
||||||
use anyhow::Result;
|
use anyhow::Result;
|
||||||
use log::*;
|
use log::*;
|
||||||
|
|
||||||
use http::header::HeaderName;
|
use http::header::HeaderName;
|
||||||
use hyper::header::{HeaderMap, HeaderValue};
|
use hyper::header::{HeaderMap, HeaderValue};
|
||||||
use hyper::{header, Body, Client, Request, Response, Uri};
|
use hyper::{client::HttpConnector, header, Body, Client, Request, Response, Uri};
|
||||||
use rustls::client::{ServerCertVerified, ServerCertVerifier};
|
use rustls::client::{ServerCertVerified, ServerCertVerifier};
|
||||||
use rustls::{Certificate, ServerName};
|
use rustls::{Certificate, ServerName};
|
||||||
|
|
||||||
use crate::tls_util::HttpsConnectorFixedDnsname;
|
use crate::tls_util::HttpsConnectorFixedDnsname;
|
||||||
|
|
||||||
|
pub const PROXY_TIMEOUT: Duration = Duration::from_secs(60);
|
||||||
|
|
||||||
const HOP_HEADERS: &[HeaderName] = &[
|
const HOP_HEADERS: &[HeaderName] = &[
|
||||||
header::CONNECTION,
|
header::CONNECTION,
|
||||||
//header::KEEP_ALIVE,
|
//header::KEEP_ALIVE,
|
||||||
|
@ -128,7 +130,11 @@ pub async fn call(
|
||||||
|
|
||||||
trace!("Proxied request: {:?}", proxied_request);
|
trace!("Proxied request: {:?}", proxied_request);
|
||||||
|
|
||||||
let client = Client::new();
|
let mut connector = HttpConnector::new();
|
||||||
|
connector.set_connect_timeout(Some(PROXY_TIMEOUT));
|
||||||
|
|
||||||
|
let client: Client<_, hyper::Body> = Client::builder().build(connector);
|
||||||
|
|
||||||
let response = client.request(proxied_request).await?;
|
let response = client.request(proxied_request).await?;
|
||||||
|
|
||||||
trace!("Inner response: {:?}", response);
|
trace!("Inner response: {:?}", response);
|
||||||
|
@ -150,7 +156,11 @@ pub async fn call_https(
|
||||||
.with_safe_defaults()
|
.with_safe_defaults()
|
||||||
.with_custom_certificate_verifier(Arc::new(DontVerifyServerCert))
|
.with_custom_certificate_verifier(Arc::new(DontVerifyServerCert))
|
||||||
.with_no_client_auth();
|
.with_no_client_auth();
|
||||||
let connector = HttpsConnectorFixedDnsname::new(tls_config, "dummy");
|
|
||||||
|
let mut http_connector = HttpConnector::new();
|
||||||
|
http_connector.set_connect_timeout(Some(PROXY_TIMEOUT));
|
||||||
|
let connector = HttpsConnectorFixedDnsname::new(tls_config, "dummy", http_connector);
|
||||||
|
|
||||||
let client: Client<_, hyper::Body> = Client::builder().build(connector);
|
let client: Client<_, hyper::Body> = Client::builder().build(connector);
|
||||||
let response = client.request(proxied_request).await?;
|
let response = client.request(proxied_request).await?;
|
||||||
|
|
||||||
|
|
|
@ -23,8 +23,11 @@ pub struct HttpsConnectorFixedDnsname<T> {
|
||||||
}
|
}
|
||||||
type BoxError = Box<dyn std::error::Error + Send + Sync>;
|
type BoxError = Box<dyn std::error::Error + Send + Sync>;
|
||||||
impl HttpsConnectorFixedDnsname<HttpConnector> {
|
impl HttpsConnectorFixedDnsname<HttpConnector> {
|
||||||
pub fn new(mut tls_config: rustls::ClientConfig, fixed_dnsname: &'static str) -> Self {
|
pub fn new(
|
||||||
let mut http = HttpConnector::new();
|
mut tls_config: rustls::ClientConfig,
|
||||||
|
fixed_dnsname: &'static str,
|
||||||
|
mut http: HttpConnector,
|
||||||
|
) -> Self {
|
||||||
http.enforce_http(false);
|
http.enforce_http(false);
|
||||||
tls_config.alpn_protocols = vec![b"h2".to_vec(), b"http/1.1".to_vec()];
|
tls_config.alpn_protocols = vec![b"h2".to_vec(), b"http/1.1".to_vec()];
|
||||||
Self {
|
Self {
|
||||||
|
|
Loading…
Reference in a new issue