Deuxfleurs
/
tricot
17
3
Fork 3
Code Issues 4 Pull Requests Projects Releases Wiki Activity

Try to fix duplicate Host header issue 

- disable http2 to backend connections even when using tls
- forbid hyper from adding a host header
This commit is contained in:
Alex 2022-01-25 17:01:39 +01:00
parent ea050c7045
commit b1ac01f53e
No known key found for this signature in database
GPG Key ID: EDABF9711E244EB1
2 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/reverse_proxy.rs
View File

@ -22,7 +22,7 @@ pub const PROXY_TIMEOUT: Duration = Duration::from_secs(60);
const HOP_HEADERS: &[HeaderName] = &[
header::CONNECTION,
//header::KEEP_ALIVE,
// header::KEEP_ALIVE, // not found in http::header
header::PROXY_AUTHENTICATE,
header::PROXY_AUTHORIZATION,
header::TE,
@ -69,7 +69,8 @@ fn create_proxied_request<B>(
) -> Result<Request<B>> {
let mut builder = Request::builder()
.method(request.method())
.uri(forward_uri(forward_url, &request)?);
.uri(forward_uri(forward_url, &request)?)
.version(hyper::Version::HTTP_11);
*builder.headers_mut().unwrap() = remove_hop_headers(request.headers());
@ -133,7 +134,7 @@ pub async fn call(
let mut connector = HttpConnector::new();
connector.set_connect_timeout(Some(PROXY_TIMEOUT));
let client: Client<_, hyper::Body> = Client::builder().build(connector);
let client: Client<_, hyper::Body> = Client::builder().set_host(false).build(connector);
let response = client.request(proxied_request).await?;
@ -161,7 +162,7 @@ pub async fn call_https(
http_connector.set_connect_timeout(Some(PROXY_TIMEOUT));
let connector = HttpsConnectorFixedDnsname::new(tls_config, "dummy", http_connector);
let client: Client<_, hyper::Body> = Client::builder().build(connector);
let client: Client<_, hyper::Body> = Client::builder().set_host(false).build(connector);
let response = client.request(proxied_request).await?;
trace!("Inner response (HTTPS): {:?}", response);

5
src/tls_util.rs
View File

@ -21,7 +21,9 @@ pub struct HttpsConnectorFixedDnsname<T> {
tls_config: Arc<rustls::ClientConfig>,
fixed_dnsname: &'static str,
}
type BoxError = Box<dyn std::error::Error + Send + Sync>;
impl HttpsConnectorFixedDnsname<HttpConnector> {
pub fn new(
mut tls_config: rustls::ClientConfig,
@ -29,7 +31,7 @@ impl HttpsConnectorFixedDnsname<HttpConnector> {
mut http: HttpConnector,
) -> Self {
http.enforce_http(false);
tls_config.alpn_protocols = vec![b"h2".to_vec(), b"http/1.1".to_vec()];
tls_config.alpn_protocols = vec![b"http/1.1".to_vec()];
Self {
http,
tls_config: Arc::new(tls_config),
@ -37,6 +39,7 @@ impl HttpsConnectorFixedDnsname<HttpConnector> {
}
}
}
impl<T> Service<Uri> for HttpsConnectorFixedDnsname<T>
where
T: Service<Uri>,