reverseproxy: refactor HTTP transport layer (#5369)

Co-authored-by: Francis Lavoie <lavofr@gmail.com> Co-authored-by: Weidi Deng <weidi_deng@icloud.com>
2024-12-30 22:34:15 -05:00 · 2023-02-24 22:54:04 +03:00 · 2023-02-24 22:54:04 +03:00 · e3909cc385
commit e3909cc385
parent be53e432fc
2 changed files with 148 additions and 140 deletions
--- a/caddytest/integration/reverseproxy_test.go
+++ b/caddytest/integration/reverseproxy_test.go
@ -22,8 +22,8 @@ func TestSRVReverseProxy(t *testing.T) {
 		},
 		"apps": {
 			"pki": {
-				"certificate_authorities" : {
-					"local" : {
+				"certificate_authorities": {
+					"local": {
 						"install_trust": false
 					}
 				}
@ -33,7 +33,7 @@ func TestSRVReverseProxy(t *testing.T) {
 				"servers": {
 					"srv0": {
 						"listen": [
-				  ":8080"
+							":18080"
 						],
 						"routes": [
 							{
@ -62,8 +62,8 @@ func TestSRVWithDial(t *testing.T) {
 	{
 		"apps": {
 			"pki": {
-				"certificate_authorities" : {
-				  "local" : {
+				"certificate_authorities": {
+					"local": {
 						"install_trust": false
 					}
 				}
@ -73,7 +73,7 @@ func TestSRVWithDial(t *testing.T) {
 				"servers": {
 					"srv0": {
 						"listen": [
-				  ":8080"
+							":18080"
 						],
 						"routes": [
 							{
@ -138,8 +138,8 @@ func TestDialWithPlaceholderUnix(t *testing.T) {
 		},
 		"apps": {
 			"pki": {
-				"certificate_authorities" : {
-				  "local" : {
+				"certificate_authorities": {
+					"local": {
 						"install_trust": false
 					}
 				}
@ -149,7 +149,7 @@ func TestDialWithPlaceholderUnix(t *testing.T) {
 				"servers": {
 					"srv0": {
 						"listen": [
-				  ":8080"
+							":18080"
 						],
 						"routes": [
 							{
@ -172,7 +172,7 @@ func TestDialWithPlaceholderUnix(t *testing.T) {
 	}
 	`, "json")

-	req, err := http.NewRequest(http.MethodGet, "http://localhost:8080", nil)
+	req, err := http.NewRequest(http.MethodGet, "http://localhost:18080", nil)
 	if err != nil {
 		t.Fail()
 		return
@ -190,8 +190,8 @@ func TestReverseProxyWithPlaceholderDialAddress(t *testing.T) {
 		},
 		"apps": {
 			"pki": {
-				"certificate_authorities" : {
-				  "local" : {
+				"certificate_authorities": {
+					"local": {
 						"install_trust": false
 					}
 				}
@ -201,7 +201,7 @@ func TestReverseProxyWithPlaceholderDialAddress(t *testing.T) {
 				"servers": {
 					"srv0": {
 						"listen": [
-							":8080"
+							":18080"
 						],
 						"routes": [
 							{
@ -271,7 +271,7 @@ func TestReverseProxyWithPlaceholderDialAddress(t *testing.T) {
 		t.Fail()
 		return
 	}
-	req.Header.Set("X-Caddy-Upstream-Dial", "localhost:8080")
+	req.Header.Set("X-Caddy-Upstream-Dial", "localhost:18080")
 	tester.AssertResponse(req, 200, "Hello, World!")
 }

@ -284,8 +284,8 @@ func TestReverseProxyWithPlaceholderTCPDialAddress(t *testing.T) {
 		},
 		"apps": {
 			"pki": {
-				"certificate_authorities" : {
-				  "local" : {
+				"certificate_authorities": {
+					"local": {
 						"install_trust": false
 					}
 				}
@ -295,7 +295,7 @@ func TestReverseProxyWithPlaceholderTCPDialAddress(t *testing.T) {
 				"servers": {
 					"srv0": {
 						"listen": [
-							":8080"
+							":18080"
 						],
 						"routes": [
 							{
@ -340,7 +340,7 @@ func TestReverseProxyWithPlaceholderTCPDialAddress(t *testing.T) {
 										"handler": "reverse_proxy",
 										"upstreams": [
 											{
-												"dial": "tcp/{http.request.header.X-Caddy-Upstream-Dial}:8080"
+												"dial": "tcp/{http.request.header.X-Caddy-Upstream-Dial}:18080"
 											}
 										]
 									}
@ -385,7 +385,7 @@ func TestSRVWithActiveHealthcheck(t *testing.T) {
 				"servers": {
 					"srv0": {
 						"listen": [
-				  ":8080"
+							":18080"
 						],
 						"routes": [
 							{
--- a/modules/caddyhttp/reverseproxy/httptransport.go
+++ b/modules/caddyhttp/reverseproxy/httptransport.go
@ -172,13 +172,20 @@ func (h *HTTPTransport) NewTransport(caddyCtx caddy.Context) (*http.Transport, e
 		}
 	}

-	// Set up the dialer to pull the correct information from the context
 	dialContext := func(ctx context.Context, network, address string) (net.Conn, error) {
-		// the proper dialing information should be embedded into the request's context
+		// For unix socket upstreams, we need to recover the dial info from
+		// the request's context, because the Host on the request's URL
+		// will have been modified by directing the request, overwriting
+		// the unix socket filename.
+		// Also, we need to avoid overwriting the address at this point
+		// when not necessary, because http.ProxyFromEnvironment may have
+		// modified the address according to the user's env proxy config.
 		if dialInfo, ok := GetDialInfo(ctx); ok {
+			if strings.HasPrefix(dialInfo.Network, "unix") {
 				network = dialInfo.Network
 				address = dialInfo.Address
 			}
+		}

 		conn, err := dialer.DialContext(ctx, network, address)
 		if err != nil {
@ -188,8 +195,8 @@ func (h *HTTPTransport) NewTransport(caddyCtx caddy.Context) (*http.Transport, e
 			return nil, DialError{err}
 		}

-		// if read/write timeouts are configured and this is a TCP connection, enforce the timeouts
-		// by wrapping the connection with our own type
+		// if read/write timeouts are configured and this is a TCP connection,
+		// enforce the timeouts by wrapping the connection with our own type
 		if tcpConn, ok := conn.(*net.TCPConn); ok && (h.ReadTimeout > 0 || h.WriteTimeout > 0) {
 			conn = &tcpRWTimeoutConn{
 				TCPConn:      tcpConn,
@ -203,6 +210,7 @@ func (h *HTTPTransport) NewTransport(caddyCtx caddy.Context) (*http.Transport, e
 	}

 	rt := &http.Transport{
+		Proxy:                  http.ProxyFromEnvironment,
 		DialContext:            dialContext,
 		MaxConnsPerHost:        h.MaxConnsPerHost,
 		ResponseHeaderTimeout:  time.Duration(h.ResponseHeaderTimeout),