search

drogonframework / drogon

Drogon: A C++14/17/20 based HTTP web application framework running on Linux/macOS/Unix/Windows
MIT License
11.04k stars 1.06k forks source link

[HttpAppFramework / HttpClientPtr ] can't change/set (ssl key, cert, & configuration) after/on plugin #2047

Closed prothegee closed 1 month ago

prothegee commented 1 month ago

[HttpAppFramework / HttpClientPtr ] can't change/set (ssl key, cert, & configuration) after/on plugin

May related to:


I was try on a server using ssl/tls and use drogon framework as webserver,

but the catch is, the first key to handshake cert (I think), key & sslconf already binded and can't change after it's run (even re-configured on pre routing reverse proxy plugin)


I was expecting

app().setSSLFiles(sslConf.cert, sslConf.key);
app().setSSLConfigCommands(sslConf.configurations);

pClient->setCertPath(sslConf.cert, sslConf.key);
pClient->addSSLConfigs(sslConf.configurations);

able to set cert, key and sslconf manualy and use correct one.


But the certficate alway belong to config file under

drogon::app().loadConfigFile("../../../configs/json/drogon_framework.json");


summary & question

long story short video

is there's a existing related feature/function/subject that can change/set cert, key, & sslconf

after HttpAppFramework run?


related file/config

config file ```json { "custom_config": { "name": "drogon_framework" }, "listeners": [ { "address": "0.0.0.0", "port": 80, "https": false, "cert": "", "key": "", "ssl_conf": [] }, { "address": "0.0.0.0", "port": 443, "https": true, "cert": "/etc/letsencrypt/live/prothegee.com/cert.pem", "key": "/etc/letsencrypt/live/prothegee.com/privkey.pem", "ssl_conf": [ ["MinProtocol", "TLSv1.2"], ["MaxProtocol", "TLSv1.3"], ["AllowNoDHEKEX", "off"], ["-SessionTicket", "off"], ["ServerPreference", "on"], ["ChainCAFile", "/etc/letsencrypt/live/prothegee.com/fullchain.pem"], ["VerifyCAFile", "/etc/letsencrypt/live/prothegee.com/fullchain.pem"], ["RequestCAFile", "/etc/letsencrypt/live/prothegee.com/fullchain.pem"], ["DHParameters", "/root/projects/prothegee/com.prothegee.stack.v1.private/ssl/_prothegee.com.dhparams.pem"], ["Options", "-strict, ServerPreference, -SessionTicket, Compression, AllowNoDHEKEX"], ["Curves", "P-256:P-384:P-521:X25519:X448:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192"], ["CipherString", "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"], ["SignatureAlgorithms", "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"] ] } ], "mime": { "text/markdown": "md", "text/gemini": [ "gmi", "gemini" ], "text/css": [ "css", "css.map" ], "text/javascript": [ "js", "mjs", "js.map", "framework.js", "loader.js", "audio.worklet.js", "data", "pck", "wasm", "side.wasm", "worker.js" ] }, "app": { "number_of_threads": 1, "document_root": "/root/projects/prothegee/com.prothegee.stack.v1/public/_", "enable_session": false, "session_timeout": 604800, "session_same_site" : "Strict", "session_cookie_key": "_drogon_framework-session", "max_connections": 150000, "max_connections_per_ip": 0, "client_max_body_size": "5M", "client_max_memory_body_size": "5M", "client_max_websocket_message_size": "5M", "log": { "use_spdlog": false, "log_path": "/root/projects/prothegee/com.prothegee.stack.v1/logs/info", "logfile_base_name": "drogon_framework.info", "log_size_limit": 100000000, "max_files": 30, "log_level": "INFO" }, "run_as_daemon": true, "relaunch_on_error": true, "upload_path": "../media", "use_sendfile": false, "use_gzip": true, "use_brotli": true, "static_files_cache_time": -1, "idle_connection_timeout": 600, "enable_server_header": true, "server_header_field": "Drogon Framework", "enable_date_header": false, "keepalive_requests": 0, "br_static": true, "reuse_port": false, "file_types": [ "gif", "png", "jpg", "map", "js", "framework.js", "loader.js", "bundle.js", "min.js", "js.map", "js.flow", "module.js", "cjs", "mjs", "css", "css.map", "min.css", "min.css.map", "rtl.css.map", "rtl.min.css.map", "scss", "html", "ico", "swf", "svg", "xap", "apk", "cur", "xml", "ttf", "woff", "woff2", "text", "txt", "json", "audio.worklet.js", "data", "pck", "wasm", "side.wasm", "worker.js" ] }, "plugins": [ { "name": "drogon::plugin::AccessLogger", "dependencies": [], "config": { "log_path": "/root/projects/prothegee/com.prothegee.stack.v1/logs/access", "log_format": "$request_date $method $url [$body_bytes_received] ($remote_addr - $local_addr) $status $body_bytes_sent $processing_time", "log_file": "drogon_framework.access.log", "log_size_limit": 100000000, "use_local_time": true, "log_index": 0 } }, { "name": "drogon_framework::ReverseProxy", "dependencies": [], "config": { "backends": [ { "host": "prothegee.com", "redirect": false, "redirect_to": "", "header_add": true, "header_add_list": [ ["x-frame-options", "sameorigin"] ], "document_root": "/root/projects/prothegee/com.prothegee.stack.v1/public/www", "origin_whitelist_check": true, "origin_whitelist_check_data": "https://prothegee.com https://api.prothegee.com https://www.prothegee.com https://media.prothegee.com", "internal_proxies": [ "http://127.0.0.1:9101", "http://127.0.0.1:9102", "http://127.0.0.1:9103" ], "ssl": true, "ssl_conf": { "cert": "/etc/letsencrypt/live/prothegee.com/cert.pem", "key": "/etc/letsencrypt/live/prothegee.com/privkey.pem", "use_old_tls": false, "configurations": [ ["MinProtocol", "TLSv1.2"], ["MaxProtocol", "TLSv1.3"], ["AllowNoDHEKEX", "off"], ["-SessionTicket", "off"], ["ServerPreference", "on"], ["ChainCAFile", "/etc/letsencrypt/live/prothegee.com/fullchain.pem"], ["VerifyCAFile", "/etc/letsencrypt/live/prothegee.com/fullchain.pem"], ["RequestCAFile", "/etc/letsencrypt/live/prothegee.com/fullchain.pem"], ["DHParameters", "/root/projects/prothegee/com.prothegee.stack.v1.private/ssl/_prothegee.com.dhparams.pem"], ["Options", "-strict, ServerPreference, -SessionTicket, Compression, AllowNoDHEKEX"], ["Curves", "P-256:P-384:P-521:X25519:X448:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192"], ["CipherString", "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"], ["SignatureAlgorithms", "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"] ] } }, { "host": "www.prothegee.com", "redirect": true, "redirect_to": "https://prothegee.com", "header_add": true, "header_add_list": [ ["x-frame-options", "sameorigin"] ], "document_root": "/root/projects/prothegee/com.prothegee.stack.v1/public/www", "origin_whitelist_check": true, "origin_whitelist_check_data": "https://prothegee.com https://api.prothegee.com https://www.prothegee.com https://media.prothegee.com", "internal_proxies": [ "http://127.0.0.1:9101", "http://127.0.0.1:9102", "http://127.0.0.1:9103" ], "ssl": true, "ssl_conf": { "cert": "/etc/letsencrypt/live/www.prothegee.com/cert.pem", "key": "/etc/letsencrypt/live/www.prothegee.com/privkey.pem", "use_old_tls": false, "configurations": [ ["MinProtocol", "TLSv1.2"], ["MaxProtocol", "TLSv1.3"], ["AllowNoDHEKEX", "off"], ["-SessionTicket", "off"], ["ServerPreference", "on"], ["ChainCAFile", "/etc/letsencrypt/live/www.prothegee.com/fullchain.pem"], ["VerifyCAFile", "/etc/letsencrypt/live/www.prothegee.com/fullchain.pem"], ["RequestCAFile", "/etc/letsencrypt/live/www.prothegee.com/fullchain.pem"], ["DHParameters", "/root/projects/prothegee/com.prothegee.stack.v1.private/ssl/_prothegee.com.dhparams.pem"], ["Options", "-strict, ServerPreference, -SessionTicket, Compression, AllowNoDHEKEX"], ["Curves", "P-256:P-384:P-521:X25519:X448:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192"], ["CipherString", "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"], ["SignatureAlgorithms", "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"] ] } }, { "host": "api.prothegee.com", "redirect": false, "redirect_to": "", "header_add": true, "header_add_list": [ ["x-frame-options", "sameorigin"] ], "document_root": "/root/projects/prothegee/com.prothegee.stack.v1/public/api", "origin_whitelist_check": false, "origin_whitelist_check_data": "https://prothegee.com https://api.prothegee.com https://www.prothegee.com https://media.prothegee.com", "internal_proxies": [ "http://127.0.0.1:9104", "http://127.0.0.1:9105", "http://127.0.0.1:9106" ], "ssl": true, "ssl_conf": { "cert": "/etc/letsencrypt/live/api.prothegee.com/cert.pem", "key": "/etc/letsencrypt/live/api.prothegee.com/privkey.pem", "use_old_tls": false, "configurations": [ ["MinProtocol", "TLSv1.2"], ["MaxProtocol", "TLSv1.3"], ["AllowNoDHEKEX", "off"], ["-SessionTicket", "off"], ["ServerPreference", "on"], ["ChainCAFile", "/etc/letsencrypt/live/api.prothegee.com/fullchain.pem"], ["VerifyCAFile", "/etc/letsencrypt/live/api.prothegee.com/fullchain.pem"], ["RequestCAFile", "/etc/letsencrypt/live/api.prothegee.com/fullchain.pem"], ["DHParameters", "/root/projects/prothegee/com.prothegee.stack.v1.private/ssl/_prothegee.com.dhparams.pem"], ["Options", "-strict, ServerPreference, -SessionTicket, Compression, AllowNoDHEKEX"], ["Curves", "P-256:P-384:P-521:X25519:X448:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192"], ["CipherString", "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"], ["SignatureAlgorithms", "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"] ] } }, { "host": "media.prothegee.com", "redirect": false, "redirect_to": "", "header_add": true, "header_add_list": [ ["x-frame-options", "sameorigin"] ], "document_root": "/root/projects/prothegee/com.prothegee.stack.v1/public/api", "origin_whitelist_check": false, "origin_whitelist_check_data": "https://prothegee.com https://api.prothegee.com https://www.prothegee.com https://media.prothegee.com", "internal_proxies": [ "http://127.0.0.1:9107", "http://127.0.0.1:9108", "http://127.0.0.1:9109" ], "ssl": true, "ssl_conf": { "cert": "/etc/letsencrypt/live/media.prothegee.com/cert.pem", "key": "/etc/letsencrypt/live/media.prothegee.com/privkey.pem", "use_old_tls": false, "configurations": [ ["MinProtocol", "TLSv1.2"], ["MaxProtocol", "TLSv1.3"], ["AllowNoDHEKEX", "off"], ["-SessionTicket", "off"], ["ServerPreference", "on"], ["ChainCAFile", "/etc/letsencrypt/live/media.prothegee.com/fullchain.pem"], ["VerifyCAFile", "/etc/letsencrypt/live/media.prothegee.com/fullchain.pem"], ["RequestCAFile", "/etc/letsencrypt/live/media.prothegee.com/fullchain.pem"], ["DHParameters", "/root/projects/prothegee/com.prothegee.stack.v1.private/ssl/_prothegee.com.dhparams.pem"], ["Options", "-strict, ServerPreference, -SessionTicket, Compression, AllowNoDHEKEX"], ["Curves", "P-256:P-384:P-521:X25519:X448:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192"], ["CipherString", "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"], ["SignatureAlgorithms", "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"] ] } } ], "pipelining": 16, "connection_factor": 1, "default_document_root": "/root/projects/prothegee/com.prothegee.stack.v1/public/_", "same_client_to_same_backend": false } } ] } ```


reverse_proxy.h ```c++ #ifndef DROGON_FRAMEWORK_REVERSE_PROXY_H #define DROGON_FRAMEWORK_REVERSE_PROXY_H #include #include namespace drogon_framework { using namespace drogon; /** * @brief type for backend ssl storage * */ struct TBackendSSL { std::string key; std::string cert; bool use_old_tls; std::vector> configurations; }; /** * @brief type for backend storage * */ struct TBackendStorage { bool ssl; bool redirect; bool header_add; bool origin_whitelist_check; std::string host; TBackendSSL ssl_conf; std::string redirect_to; std::string document_root; std::string origin_whitelist_check_data; std::vector internal_proxies; std::vector> header_add_list_pair; }; /** * @brief drogon_framework reverse proxy plugin * */ class ReverseProxy final : public Plugin { private: bool m_useSSL = false; bool m_sameClientToSameBackend = false; size_t m_backendIdx = 0; size_t m_pipelining = 16; size_t m_connectionFactor = 1; std::vector m_backends; std::string m_defaultDocumentRoot = ""; IOThreadStorage m_clientIndex = 0; IOThreadStorage> m_clients; protected: void initAndStart(const Json::Value &config) override; void shutdown() override; /** * @brief pre routing request to array backend * * @param pReq * @param aCallback * @param acCallback */ void PreRouting(const HttpRequestPtr &pReq, AdviceCallback &&aCallback, AdviceChainCallback &&acCallback); public: ReverseProxy(/* args */); ~ReverseProxy(); }; } // namespace drogon_framework #endif // DROGON_FRAMEWORK_REVERSE_PROXY_H ```


reverse_proxy.cc ```c++ #include "reverse_proxy.h" namespace drogon_framework { void ReverseProxy::initAndStart(const Json::Value &config) { #if PROJECT_IS_DEBUG std::cout << "drogon_framework reverse proxy init and start\n"; #endif // backends storage if (config.isMember("backends") && config["backends"].isArray()) { for (auto &backends : config["backends"]) { TBackendStorage backend; backend.host = backends["host"].asString(); backend.redirect = backends["redirect"].asBool(); backend.redirect_to = backends["redirect_to"].asString(); backend.origin_whitelist_check = backends["origin_whitelist_check"].asBool(); backend.origin_whitelist_check_data = backends["origin_whitelist_check_data"].asString(); backend.header_add = backends["header_add"].asBool(); if (backend.header_add) { if (backends["header_add_list"].isArray() && backends["header_add_list"].size() <= 0) { app().getLoop()->runAfter(0, [&]() { std::cerr << "ERROR: you are trying to add more header response, but header add list is not supplied or 0\n"; app().quit(); }); } for (auto &header : backends["header_add_list"]) { if (header.isArray() && header.size() == 2 && header[0].isString() && header[1].isString()) { std::string key = header[0].asString(); std::string value = header[1].asString(); backend.header_add_list_pair.emplace_back(key, value); } else { app().getLoop()->runAfter(0, [&]() { std::cerr << "ERROR: can't use header list, these array can't assign as pair 2 string\n"; app().quit(); }); } } } backend.document_root = backends["document_root"].asString(); // check backend proxies if (backends["internal_proxies"].size() <= 0) { app().getLoop()->runAfter(0, [&]() { std::cerr << "ERROR: internal backend proxies should be provide at least one\n"; app().quit(); }); } for (auto &proxy : backends["internal_proxies"]) { backend.internal_proxies.emplace_back(proxy.asString()); } backend.ssl = backends["ssl"].asBool(); if (backend.ssl) { TBackendSSL backendSSL; backendSSL.key = backends["ssl_conf"]["key"].asString(); backendSSL.cert = backends["ssl_conf"]["cert"].asString(); backendSSL.use_old_tls = backends["ssl_conf"]["use_old_tls"].asBool(); if (backendSSL.key.length() <= 0) { app().getLoop()->runAfter(0, [&]() { std::cerr << "ERROR: you're configuring using ssl, but key is not supplied\n"; app().quit(); }); } if (backendSSL.cert.length() <= 0) { app().getLoop()->runAfter(0, [&]() { std::cerr << "ERROR: you're configuring using ssl, but cert is not supplied\n"; app().quit(); }); } const auto SSL_CONF_CONFIG = backends["ssl_conf"]["configurations"]; if (SSL_CONF_CONFIG.isArray() && SSL_CONF_CONFIG.size() >= 1) { for (auto &ssl_cfg : SSL_CONF_CONFIG) { if (ssl_cfg.isArray() && ssl_cfg.size() == 2 && ssl_cfg[0].isString() && ssl_cfg[1].isString()) { std::string key = ssl_cfg[0].asString(); std::string value = ssl_cfg[1].asString(); backendSSL.configurations.emplace_back(key, value); } else { app().getLoop()->runAfter(0, [&]() { std::cerr << "ERROR: can't use config, these array can't assign as pair 2 string\n"; app().quit(); }); } } backend.ssl_conf = backendSSL; } else { app().getLoop()->runAfter(0, [&]() { std::cerr << "ERROR: ssl_conf configurations is not an array or empty\nREADMORE: https://www.openssl.org/docs/manmaster/man3/SSL_CONF_cmd.html\n"; app().quit(); }); } } m_backends.emplace_back(backend); } // final check if (m_backends.empty()) { app().getLoop()->runAfter(0, [&]() { std::cerr << "ERROR: backends configuration is empty\n"; app().quit(); }); } } else { app().getLoop()->runAfter(0, [&]() { std::cerr << "ERROR: configuration\n"; app().quit(); }); } // pipelining m_pipelining = config.get("pipelining", 0).asInt(); // connection factor m_connectionFactor = config.get("connection_factor", 0).asInt(); if (m_connectionFactor == 0 || m_connectionFactor > 100) { app().getLoop()->runAfter(0, [&]() { std::cerr << "ERROR: invalid number of connection factor\n"; app().quit(); }); } // same client to same backend m_sameClientToSameBackend = config.get("same_client_to_same_backend", false).asBool(); // default document root m_defaultDocumentRoot = config["default_document_root"].asString(); // clients config m_clients.init([this](std::vector &clients, size_t ioLoopIndex) { clients.resize(m_backends.size() * m_connectionFactor); }); // client index config m_clientIndex.init([this](size_t &index, size_t ioLoopIndex) { index = ioLoopIndex; }); // pre routing register app().registerPreRoutingAdvice([this](const HttpRequestPtr &pReq, AdviceCallback &&aCallback, AdviceChainCallback &&acCallback) { PreRouting(pReq, std::move(aCallback), std::move(acCallback)); }); } void ReverseProxy::shutdown() { #if PROJECT_IS_DEBUG std::cout << "drogon_framework reverse proxy shutdown\n"; #endif } void ReverseProxy::PreRouting(const HttpRequestPtr &pReq, AdviceCallback &&aCallback, AdviceChainCallback &&acCallback) { size_t index = 0, index_be = 0; size_t count = -1; auto host = pReq->getHeader("host"); auto &clientsVector = *m_clients; bool redirect = false; std::string redirectUrl = ""; bool requestFound = false; // check for correct request for (const auto &backend : m_backends) { count++; if (backend.host.rfind(host, 0) == 0) { index_be = count; requestFound = true; break; } } m_backendIdx = index_be; // same client same backend if (m_sameClientToSameBackend) { auto ipHash = std::hash{}(pReq->getPeerAddr().ipNetEndian()) % clientsVector.size(); index = (ipHash + (++(*m_clientIndex))) % clientsVector.size(); } else if (!m_sameClientToSameBackend) { index = ++(*m_clientIndex) % clientsVector.size(); } // http client pointer auto &pClient = clientsVector[index]; if (!pClient && requestFound) { const auto &backend = m_backends[index_be]; const auto &address = backend.internal_proxies[index % backend.internal_proxies.size()]; pClient = HttpClient::newHttpClient( address, trantor::EventLoop::getEventLoopOfCurrentThread(), backend.ssl_conf.use_old_tls, backend.ssl, Version::kHttp2 ); } else { // NOTE: // this section is to // expecting something not right // to prevent subdomain and same path confiction // if this else section remove, there's something wrong with the request const auto &backend = m_backends[index_be]; const auto &address = backend.internal_proxies[index % backend.internal_proxies.size()]; pClient = HttpClient::newHttpClient( address, trantor::EventLoop::getEventLoopOfCurrentThread(), backend.ssl_conf.use_old_tls, backend.ssl, Version::kHttp2 ); } // ssl assignment config if (m_backends[index_be].ssl) { const auto &backend = m_backends[index_be]; const auto &sslConf = m_backends[index_be].ssl_conf; app().addListener("0.0.0.0", 80, true, sslConf.cert, sslConf.key, false, sslConf.configurations); app().addListener("0.0.0.0", 443, true, sslConf.cert, sslConf.key, false, sslConf.configurations); app().setDocumentRoot(backend.document_root); app().setSSLFiles(sslConf.cert, sslConf.key); app().setSSLConfigCommands(sslConf.configurations); pClient->setCertPath(sslConf.cert, sslConf.key); pClient->addSSLConfigs(sslConf.configurations); } pReq->setPassThrough(true); if (requestFound) { pClient->setPipeliningDepth(m_pipelining); redirect = m_backends[index_be].redirect; redirectUrl = m_backends[index_be].redirect_to; if (redirect) { auto pRequestRedirect = HttpResponse::newHttpResponse(); aCallback(pRequestRedirect->newRedirectionResponse(redirectUrl, k307TemporaryRedirect)); return; } // valid backend object helper for response auto validBackend = m_backends[index_be]; pClient->sendRequest(pReq, [aCallback = std::move(aCallback), validBackend = std::move(validBackend)](ReqResult result, const HttpResponsePtr &pResp) { pResp->setPassThrough(true); switch (result) { case ReqResult::Ok: { // add header if supplied if (validBackend.header_add && validBackend.header_add_list_pair.size() >= 1) { for (auto &pair : validBackend.header_add_list_pair) { pResp->addHeader(pair.first, pair.second); } } // give warn or error? // add server check origin if supplied // can be add manually from each backend before their response callback if (validBackend.origin_whitelist_check) { pResp->addHeader("access-control-allow-origin", validBackend.origin_whitelist_check_data); } aCallback(pResp); } break; default: { // just to make it sure and show the message when happen pResp->setBody("Internal Server Error By Default"); pResp->setStatusCode(k500InternalServerError); aCallback(pResp); } break; } }); } else { app().setDocumentRoot(m_defaultDocumentRoot); auto errorResp = HttpResponse::newHttpViewResponse("drogon_framework_505"); errorResp->setStatusCode(k500InternalServerError); aCallback(errorResp); } } ReverseProxy::ReverseProxy() { } ReverseProxy::~ReverseProxy() { } } // namespace drogon_framework ```


drogon version

Version: 1.9.4
Git commit: fb08813e5cc602964257a3340c5814cccd9a5249
Compilation:
  Compiler: c++
  Compiler ID: GNU
  Compilation flags: -O3 -DNDEBUG -std=c++20 -I/usr/include/jsoncpp -I/usr/local/include
Libraries:
  postgresql: yes  (pipeline mode: yes)
  mariadb: no
  sqlite3: yes
  ssl/tls backend: OpenSSL
  brotli: yes
  hiredis: no
  c-ares: yes
  yaml-cpp: no


end of [HttpAppFramework / HttpClientPtr ] change ssl configuration after/on plugin
marty1885 commented 1 month ago

I've watched your videos. In short you cannot. Drogon initializes everything and lock them down to read only when app().run() is called.

prothegee commented 1 month ago

allright, I guess that enough.

clossing this issue.