alkdev/reverse-proxy
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
111 Commits 2 Branches 0 Tags
9ebb8ee7a831967c5fd2408c54945965fa8c997e
Commit Graph

5 Commits

Author SHA1 Message Date
glm-5.1
9ebb8ee7a8 Fix HTTP/2 support: use ALPN-based protocol detection and fallback to URI host 
Two changes to properly support HTTP/2 clients:

1. server.rs: Detect ALPN protocol after TLS handshake and use
   hyper::server::conn::http2::Builder for H2 connections instead
   of the auto::Builder which failed to detect HTTP/2 over TLS.
   The auto::Builder's ReadVersion mechanism doesn't work reliably
   with tokio-rustls TlsStreams. For H1 connections, continue using
   auto::Builder with upgrade support.

2. handler.rs: Fallback to URI host when Host header is missing.
   In HTTP/2, the host is conveyed via :authority pseudo-header which
   hyper represents as the URI host, not a Host header.
 2026-06-12 06:14:46 +00:00
glm-5.1
067f8a9012 fix: use typed hyper::Error::is_incomplete_message() instead of fragile string matching 2026-06-12 04:25:11 +00:00
glm-5.1
cf002cc40f Fix spec deviations and implement graceful shutdown drain 
- Replace determine_if_https() with ProxyState.is_https field so X-Forwarded-Proto
  reflects the listener's protocol instead of guessing from the Host header
- Return ProxyError::BadGateway with host/upstream context for non-connect upstream
  errors instead of bare StatusCode::BAD_GATEWAY
- Implement InFlightCounter with RAII guard for tracking in-flight connections
- Add drain_in_flight() to wait for connections to complete on shutdown, with
  configurable timeout before forcing exit
- Mark review/core-components and review/integration-readiness as complete
 2026-06-11 14:01:55 +00:00
glm-5.1
7bed7db615 Wire startup orchestration: correct sequence, middleware order, TLS, ConnectInfo, sd_notify 
Consolidate startup logic into main.rs following operations.md sequence:
1. Parse/validate config, 2. Init DynamicConfig ArcSwap, 3. Init shared state
(rate limiter, clients, logging), 4. Bind health check port, 5. Bind admin
socket, 6. Bind all listener ports (HTTP+HTTPS), 7. Load TLS config,
8. Start TCP listeners, 9. Start background tasks, 10. Signal readiness

Key changes:
- main.rs: Complete startup orchestration with proper sequence, TLS handling,
  ConnectInfo propagation, sd_notify, graceful shutdown
- server.rs: Simplified to just serve_https_listener with shutdown support
- proxy/mod.rs: Added build_router() with correct middleware order
  (rate limiting → body limit → routing → proxy handler)
 2026-06-11 13:45:39 +00:00
glm-5.1
7ccb2ae64f feat: implement multi-listener TLS setup with ConnectInfo propagation 
- Add server module that orchestrates the full startup sequence:
  parse config, init dynamic config, init shared state, bind health
  check, bind admin socket, bind all listener ports, load TLS config,
  start TCP listeners, start background tasks, signal readiness
- For each ListenerConfig: bind TCP listener, construct appropriate
  ServerConfig (manual or ACME via TlsMode), create TlsAcceptor
- ConnectInfo<SocketAddr> populated from TcpStream::peer_addr() BEFORE
  TLS wrapping via ConnectInfoService wrapper that inserts ConnectInfo
  into request extensions for each connection
- Per-listener axum::Router instances sharing Arc<ProxyState> via State
- Fail-fast: if any bind or TLS load fails, exit with non-zero code
- All ports bound before any connections accepted
- /health endpoint available on HTTPS listener(s) as fallback
  (proxy_router already includes /health route)
- sd_notify(READY=1) sent after all listeners started
- Use hyper_util for TLS connection serving with TowerToHyperService
  and ConnectInfoService to bridge ConnectInfo from pre-TLS peer_addr
- Add sd-notify dependency for systemd readiness notification
 2026-06-11 13:38:39 +00:00