Add "Basic Proxy" configuration #19
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jamesmunns
added
F-Downstream
|
Getting somewhat close, here's the current test configuration as of 75b95fd working: HTTP: curl -vvvv http://localhost:8080
* processing: http://localhost:8080
* Trying [::1]:8080...
* connect to ::1 port 8080 failed: Connection refused
* Trying 127.0.0.1:8080...
* Connected to localhost (127.0.0.1) port 8080
> GET / HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/8.2.1
> Accept: */*
>
< HTTP/1.1 403 Forbidden
< Server: cloudflare
< Date: Thu, 04 Apr 2024 10:34:13 GMT
< Content-Type: text/html
< Content-Length: 151
< Connection: keep-alive
< CF-RAY: 86f0a50aef5c3bb7-WAW
<
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>cloudflare</center>
</body>
</html>
* Connection #0 to host localhost left intactHTTPS: curl -vvvv --insecure https://localhost:4443
* processing: https://localhost:4443
* Trying [::1]:4443...
* connect to ::1 port 4443 failed: Connection refused
* Trying 127.0.0.1:4443...
* Connected to localhost (127.0.0.1) port 4443
* ALPN: offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN: server did not agree on a protocol. Uses default.
* Server certificate:
* subject: C=DE; ST=Berlin; L=Berlin; O=River Test Organization; OU=River Test Unit; CN=NOT FOR ACTUAL USE
* start date: Apr 3 17:53:06 2024 GMT
* expire date: Apr 1 17:53:06 2034 GMT
* issuer: C=DE; ST=Berlin; L=Berlin; O=River Test Organization; OU=River Test Unit; CN=NOT FOR ACTUAL USE
* SSL certificate verify result: self-signed certificate (18), continuing anyway.
* using HTTP/1.x
> GET / HTTP/1.1
> Host: localhost:4443
> User-Agent: curl/8.2.1
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
< HTTP/1.1 403 Forbidden
< Server: cloudflare
< Date: Thu, 04 Apr 2024 10:35:15 GMT
< Content-Type: text/html
< Content-Length: 151
< Connection: keep-alive
< CF-RAY: 86f0a6908ecd3515-WAW
<
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>cloudflare</center>
</body>
</html>
* Connection #0 to host localhost left intactThe connection fails likely because I'm doing weird redirects (using a cloudflare IP directly), but we can see the data passing through |
|
With updated test values: curl http://127.0.0.1:8080 -v -H 'host: 1.1.1.1'
* processing: http://127.0.0.1:8080
* Trying 127.0.0.1:8080...
* Connected to 127.0.0.1 (127.0.0.1) port 8080
> GET / HTTP/1.1
> Host: 1.1.1.1
> User-Agent: curl/8.2.1
> Accept: */*
>
< HTTP/1.1 403 Forbidden
< Server: cloudflare
< Date: Thu, 04 Apr 2024 10:59:21 GMT
< Content-Type: text/html
< Content-Length: 151
< Connection: keep-alive
< CF-RAY: 86f0c9d9eefc58e4-TXL
<
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>cloudflare</center>
</body>
</html>
* Connection #0 to host 127.0.0.1 left intactcurl https://127.0.0.1:4443 -vk -H 'host: one.one.one.one' | wc -c
* processing: https://127.0.0.1:4443
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 127.0.0.1:4443...
* Connected to 127.0.0.1 (127.0.0.1) port 4443
* ALPN: offers h2,http/1.1
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [6 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [1028 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [264 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN: server did not agree on a protocol. Uses default.
* Server certificate:
* subject: C=DE; ST=Berlin; L=Berlin; O=River Test Organization; OU=River Test Unit; CN=NOT FOR ACTUAL USE
* start date: Apr 3 17:53:06 2024 GMT
* expire date: Apr 1 17:53:06 2034 GMT
* issuer: C=DE; ST=Berlin; L=Berlin; O=River Test Organization; OU=River Test Unit; CN=NOT FOR ACTUAL USE
* SSL certificate verify result: self-signed certificate (18), continuing anyway.
* using HTTP/1.x
} [5 bytes data]
> GET / HTTP/1.1
> Host: one.one.one.one
> User-Agent: curl/8.2.1
> Accept: */*
>
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [233 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [233 bytes data]
* old SSL session ID is stale, removing
{ [5 bytes data]
< HTTP/1.1 200 OK
< Date: Thu, 04 Apr 2024 11:00:22 GMT
< Content-Type: text/html; charset=utf-8
< Content-Length: 56604
< Connection: keep-alive
< CF-Ray: 86f0cb57b8b82685-TXL
< Access-Control-Allow-Origin: *
< Cache-Control: public, max-age=0, must-revalidate
< ETag: "5dd740d0e716a31c1b8437db0263fa93"
< Vary: Accept-Encoding
< referrer-policy: strict-origin-when-cross-origin
< x-content-type-options: nosniff
< Server: cloudflare
< alt-svc: h3=":443"; ma=86400
<
{ [570 bytes data]
100 56604 100 56604 0 0 410k 0 --:--:-- --:--:-- --:--:-- 412k
* Connection #0 to host 127.0.0.1 left intact
56604 |
This comment was marked as off-topic.
This comment was marked as off-topic.
Closed
Et7f3
reviewed
Apr 7, 2024
| # serde flatten | ||
| [basic-proxy.listeners.source] | ||
| # Listeners can have kind of "Tcp" (w/ or w/o TLS) or "Uds" | ||
| # for "Unix Domain Sockets", which cannot have TLS. |
There was a problem hiding this comment.
It might not be implemented in v1 but openssl s_client definitively works with -unix path.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The goal for this PR is to add a minimal basic proxy setup, based on HttpProxy.