Add https backend support

rekby · Feb 1, 2020 · cbffc07 · cbffc07
1 parent d2af41c
commit cbffc07
Show file tree

Hide file tree

Showing 7 changed files with 83 additions and 5 deletions.
diff --git a/README_DEV.md b/README_DEV.md
@@ -12,6 +12,9 @@ If use docker-machine - need ```docker-machine ssh <machine-name> -L 4001:localh
 
 FAKE_DNS may be different for other OS.
 For example for mac os - need run other image and ping host.docker.internal for see IP for host.
+```bash
+docker run --rm alpine ping host.docker.internal
+```
 
 https://docs.docker.com/docker-for-mac/networking/#/known-limitations-use-cases-and-workarounds
 

diff --git a/cmd/a_main-packr.go b/cmd/a_main-packr.go
diff --git a/cmd/static/default-config.toml b/cmd/static/default-config.toml
@@ -59,7 +59,8 @@ MaxCount = 10
 [Proxy]
 
 # Default rule of select destination address.
-#It can be: IP (with default port 80), :Port (default - same IP as receive connection), IPv4:Port or [IPv6]:Port
+# It can be: IP (with default port 80), :Port (default - same IP as receive connection), IPv4:Port or [IPv6]:Port
+# Must define port force if HTTPSBackend is true
 DefaultTarget = ":80"
 
 # After KeepAliveTimeoutSeconds of inactive incoming connection will close.
@@ -87,6 +88,12 @@ TargetMap = []
 # ["IP:{{SOURCE_IP}}", "Proxy:lets-proxy", "Protocol:{{HTTP_PROTO}}" ]
 Headers = []
 
+# Use https requests to backend instead of http
+HTTPSBackend = false
+
+# Ignore backend https certificate validations if HTTPSBackend is true
+HTTPSBackendIgnoreCert = true
+
 [CheckDomains]
 
 # Allow domain if it resolver for one of public IPs of this server.

diff --git a/internal/proxy/config.go b/internal/proxy/config.go
@@ -23,6 +23,8 @@ type Config struct {
 	TargetMap               []string
 	Headers                 []string
 	KeepAliveTimeoutSeconds int
+	HTTPSBackend            bool
+	HTTPSBackendIgnoreCert  bool
 }
 
 func (c *Config) Apply(ctx context.Context, p *HTTPProxy) error {
@@ -42,6 +44,8 @@ func (c *Config) Apply(ctx context.Context, p *HTTPProxy) error {
 	appendDirector(c.getDefaultTargetDirector)
 	appendDirector(c.getMapDirector)
 	appendDirector(c.getHeadersDirector)
+	appendDirector(c.getSchemaDirector)
+	p.httpReverseProxy.Transport = Transport{c.HTTPSBackendIgnoreCert}
 
 	if resErr != nil {
 		zc.L(ctx).Error("Can't parse proxy config", zap.Error(resErr))
@@ -130,6 +134,13 @@ func (c *Config) getMapDirector(ctx context.Context) (Director, error) {
 	return NewDirectorDestMap(m), nil
 }
 
+func (c *Config) getSchemaDirector(ctx context.Context) (Director, error) {
+	if c.HTTPSBackend {
+		return NewSetSchemeDirector(ProtocolHTTPS), nil
+	}
+	return NewSetSchemeDirector(ProtocolHTTP), nil
+}
+
 func parseTCPMapPair(line string) (from, to string, err error) {
 	line = strings.TrimSpace(line)
 	lineParts := strings.Split(line, "-")

diff --git a/internal/proxy/config_test.go b/internal/proxy/config_test.go
@@ -201,6 +201,30 @@ func TestConfig_getMapDirector(t *testing.T) {
 	td.CmpNoError(err)
 }
 
+func TestConfig_getSchemeDirector(t *testing.T) {
+	ctx, flush := th.TestContext()
+	defer flush()
+
+	td := testdeep.NewT(t)
+
+	var director Director
+	var err error
+
+	c := &Config{
+		HTTPSBackend: false,
+	}
+	director, err = c.getSchemaDirector(ctx)
+	td.CmpNoError(err)
+	td.CmpDeeply(director, NewSetSchemeDirector(ProtocolHTTP))
+
+	c = &Config{
+		HTTPSBackend: true,
+	}
+	director, err = c.getSchemaDirector(ctx)
+	td.CmpNoError(err)
+	td.CmpDeeply(director, NewSetSchemeDirector(ProtocolHTTPS))
+}
+
 func TestConfig_Apply(t *testing.T) {
 	ctx, flush := th.TestContext()
 	defer flush()
@@ -228,9 +252,16 @@ func TestConfig_Apply(t *testing.T) {
 	p = &HTTPProxy{}
 	err = c.Apply(ctx, p)
 	td.CmpNoError(err)
-	td.CmpDeeply(p.Director, NewDirectorChain(NewDirectorSameIP(94), NewDirectorSetHeaders(map[string]string{"aaa": "bbb"})))
+	td.CmpDeeply(p.Director,
+		NewDirectorChain(
+			NewDirectorSameIP(94),
+			NewDirectorSetHeaders(map[string]string{"aaa": "bbb"}),
+			NewSetSchemeDirector(ProtocolHTTP),
+		),
+	)
 
 	c = Config{
+		HTTPSBackend:  true,
 		DefaultTarget: "1.2.3.4:94",
 		TargetMap:     []string{"1.2.3.4:33-4.5.6.7:88"},
 		Headers:       []string{"aaa:bbb"},
@@ -242,5 +273,20 @@ func TestConfig_Apply(t *testing.T) {
 		NewDirectorHost("1.2.3.4:94"),
 		NewDirectorDestMap(map[string]string{"1.2.3.4:33": "4.5.6.7:88"}),
 		NewDirectorSetHeaders(map[string]string{"aaa": "bbb"}),
+		NewSetSchemeDirector(ProtocolHTTPS),
 	))
+
+	// Test backendSchemas
+
+	c = Config{HTTPSBackendIgnoreCert: false}
+	p = &HTTPProxy{}
+	c.Apply(ctx, p)
+	transport := p.httpReverseProxy.Transport.(Transport)
+	transport.IgnoreHttpsCertificate = false
+
+	c = Config{HTTPSBackendIgnoreCert: true}
+	p = &HTTPProxy{}
+	c.Apply(ctx, p)
+	transport = p.httpReverseProxy.Transport.(Transport)
+	transport.IgnoreHttpsCertificate = true
 }
diff --git a/internal/proxy/directors.go b/internal/proxy/directors.go
@@ -70,7 +70,6 @@ func (s DirectorSameIP) Director(request *http.Request) {
 	if request.URL == nil {
 		request.URL = &url.URL{}
 	}
-	request.URL.Scheme = ProtocolHTTP
 	request.URL.Host = localAddr.IP.String() + ":" + s.Port
 	zc.L(request.Context()).Debug("Set target as same ip",
 		zap.Stringer("local_addr", localAddr), zap.String("dest_host", request.Host))
@@ -169,3 +168,16 @@ func (h DirectorSetHeaders) Director(request *http.Request) {
 		request.Header.Set(name, value)
 	}
 }
+
+type DirectorSetScheme string
+
+func (d DirectorSetScheme) Director(req *http.Request) {
+	if req.URL == nil {
+		req.URL = &url.URL{}
+	}
+	req.URL.Scheme = string(d)
+}
+
+func NewSetSchemeDirector(scheme string) DirectorSetScheme {
+	return DirectorSetScheme(scheme)
+}
diff --git a/internal/proxy/http-proxy.go b/internal/proxy/http-proxy.go
@@ -90,6 +90,5 @@ func (p *HTTPProxy) director(request *http.Request) {
 	if request.URL == nil {
 		request.URL = &url.URL{}
 	}
-	request.URL.Scheme = ProtocolHTTP
 	p.Director.Director(request)
 }