curben
/
cloudflared-mirror
mirror of https://github.com/cloudflare/cloudflared.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

TUN-5737: Support https protocol over unix socket origin

This commit is contained in:
Devin Carr 2022-02-28 14:07:47 -06:00
parent a1d485eca5
commit c2a32de35f
4 changed files with 22 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ingress/ingress.go
View File

@ -126,7 +126,7 @@ func parseSingleOriginService(c *cli.Context, allowURLFromArgs bool) (OriginServ
if err != nil { if err != nil {
return nil, errors.Wrap(err, "Error validating --unix-socket") return nil, errors.Wrap(err, "Error validating --unix-socket")
} }
return &unixSocketPath{path: path}, nil return &unixSocketPath{path: path, scheme: "http"}, nil
} }
u, err := url.Parse("http://localhost:8080") u, err := url.Parse("http://localhost:8080")
return &httpService{url: u}, err return &httpService{url: u}, err
@ -169,7 +169,10 @@ func validateIngress(ingress []config.UnvalidatedIngressRule, defaults OriginReq
if prefix := "unix:"; strings.HasPrefix(r.Service, prefix) { if prefix := "unix:"; strings.HasPrefix(r.Service, prefix) {
// No validation necessary for unix socket filepath services // No validation necessary for unix socket filepath services
path := strings.TrimPrefix(r.Service, prefix) path := strings.TrimPrefix(r.Service, prefix)
service = &unixSocketPath{path: path} service = &unixSocketPath{path: path, scheme: "http"}
} else if prefix := "unix+tls:"; strings.HasPrefix(r.Service, prefix) {
path := strings.TrimPrefix(r.Service, prefix)
service = &unixSocketPath{path: path, scheme: "https"}
} else if prefix := "http_status:"; strings.HasPrefix(r.Service, prefix) { } else if prefix := "http_status:"; strings.HasPrefix(r.Service, prefix) {
status, err := strconv.Atoi(strings.TrimPrefix(r.Service, prefix)) status, err := strconv.Atoi(strings.TrimPrefix(r.Service, prefix))
if err != nil { if err != nil {

15
ingress/ingress_test.go
View File

@ -26,8 +26,21 @@ ingress:
` `
ing, err := ParseIngress(MustReadIngress(rawYAML)) ing, err := ParseIngress(MustReadIngress(rawYAML))
require.NoError(t, err) require.NoError(t, err)
_, ok := ing.Rules[0].Service.(*unixSocketPath) s, ok := ing.Rules[0].Service.(*unixSocketPath)
require.True(t, ok) require.True(t, ok)
require.Equal(t, "http", s.scheme)
}
func TestParseUnixSocketTLS(t *testing.T) {
rawYAML := `
ingress:
- service: unix+tls:/tmp/echo.sock
`
ing, err := ParseIngress(MustReadIngress(rawYAML))
require.NoError(t, err)
s, ok := ing.Rules[0].Service.(*unixSocketPath)
require.True(t, ok)
require.Equal(t, "https", s.scheme)
} }
func Test_parseIngress(t *testing.T) { func Test_parseIngress(t *testing.T) {

2
ingress/origin_proxy.go
View File

@ -23,7 +23,7 @@ type StreamBasedOriginProxy interface {
} }
func (o *unixSocketPath) RoundTrip(req *http.Request) (*http.Response, error) { func (o *unixSocketPath) RoundTrip(req *http.Request) (*http.Response, error) {
req.URL.Scheme = "http" req.URL.Scheme = o.scheme
return o.transport.RoundTrip(req) return o.transport.RoundTrip(req)
} }

3
ingress/origin_service.go
View File

@ -33,9 +33,10 @@ type OriginService interface {
start(log *zerolog.Logger, shutdownC <-chan struct{}, cfg OriginRequestConfig) error start(log *zerolog.Logger, shutdownC <-chan struct{}, cfg OriginRequestConfig) error
} }
// unixSocketPath is an OriginService representing a unix socket (which accepts HTTP) // unixSocketPath is an OriginService representing a unix socket (which accepts HTTP or HTTPS)
type unixSocketPath struct { type unixSocketPath struct {
path string path string
scheme string
transport *http.Transport transport *http.Transport
} }