search

memorysafety / river

This repository is the home of the River reverse proxy application, based on the pingora library from Cloudflare.
https://www.memorysafety.org/initiative/reverse-proxy/
Apache License 2.0
1.9k stars 107 forks source link

Add "Basic Proxy" configuration #19

Closed jamesmunns closed 7 months ago

jamesmunns commented 7 months ago

The goal for this PR is to add a minimal basic proxy setup, based on HttpProxy.

jamesmunns commented 7 months ago

Getting somewhat close, here's the current test configuration as of 75b95fd working:

HTTP:

curl -vvvv http://localhost:8080
* processing: http://localhost:8080
*   Trying [::1]:8080...
* connect to ::1 port 8080 failed: Connection refused
*   Trying 127.0.0.1:8080...
* Connected to localhost (127.0.0.1) port 8080
> GET / HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/8.2.1
> Accept: */*
> 
< HTTP/1.1 403 Forbidden
< Server: cloudflare
< Date: Thu, 04 Apr 2024 10:34:13 GMT
< Content-Type: text/html
< Content-Length: 151
< Connection: keep-alive
< CF-RAY: 86f0a50aef5c3bb7-WAW
< 
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>cloudflare</center>
</body>
</html>
* Connection #0 to host localhost left intact

HTTPS:

curl -vvvv --insecure https://localhost:4443
* processing: https://localhost:4443
*   Trying [::1]:4443...
* connect to ::1 port 4443 failed: Connection refused
*   Trying 127.0.0.1:4443...
* Connected to localhost (127.0.0.1) port 4443
* ALPN: offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN: server did not agree on a protocol. Uses default.
* Server certificate:
*  subject: C=DE; ST=Berlin; L=Berlin; O=River Test Organization; OU=River Test Unit; CN=NOT FOR ACTUAL USE
*  start date: Apr  3 17:53:06 2024 GMT
*  expire date: Apr  1 17:53:06 2034 GMT
*  issuer: C=DE; ST=Berlin; L=Berlin; O=River Test Organization; OU=River Test Unit; CN=NOT FOR ACTUAL USE
*  SSL certificate verify result: self-signed certificate (18), continuing anyway.
* using HTTP/1.x
> GET / HTTP/1.1
> Host: localhost:4443
> User-Agent: curl/8.2.1
> Accept: */*
> 
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
< HTTP/1.1 403 Forbidden
< Server: cloudflare
< Date: Thu, 04 Apr 2024 10:35:15 GMT
< Content-Type: text/html
< Content-Length: 151
< Connection: keep-alive
< CF-RAY: 86f0a6908ecd3515-WAW
< 
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>cloudflare</center>
</body>
</html>
* Connection #0 to host localhost left intact

The connection fails likely because I'm doing weird redirects (using a cloudflare IP directly), but we can see the data passing through river.

jamesmunns commented 7 months ago

With updated test values:

curl http://127.0.0.1:8080 -v -H 'host: 1.1.1.1'
* processing: http://127.0.0.1:8080
*   Trying 127.0.0.1:8080...
* Connected to 127.0.0.1 (127.0.0.1) port 8080
> GET / HTTP/1.1
> Host: 1.1.1.1
> User-Agent: curl/8.2.1
> Accept: */*
> 
< HTTP/1.1 403 Forbidden
< Server: cloudflare
< Date: Thu, 04 Apr 2024 10:59:21 GMT
< Content-Type: text/html
< Content-Length: 151
< Connection: keep-alive
< CF-RAY: 86f0c9d9eefc58e4-TXL
< 
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>cloudflare</center>
</body>
</html>
* Connection #0 to host 127.0.0.1 left intact
curl https://127.0.0.1:4443 -vk -H 'host: one.one.one.one' | wc -c
* processing: https://127.0.0.1:4443
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 127.0.0.1:4443...
* Connected to 127.0.0.1 (127.0.0.1) port 4443
* ALPN: offers h2,http/1.1
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [6 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [1028 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [264 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN: server did not agree on a protocol. Uses default.
* Server certificate:
*  subject: C=DE; ST=Berlin; L=Berlin; O=River Test Organization; OU=River Test Unit; CN=NOT FOR ACTUAL USE
*  start date: Apr  3 17:53:06 2024 GMT
*  expire date: Apr  1 17:53:06 2034 GMT
*  issuer: C=DE; ST=Berlin; L=Berlin; O=River Test Organization; OU=River Test Unit; CN=NOT FOR ACTUAL USE
*  SSL certificate verify result: self-signed certificate (18), continuing anyway.
* using HTTP/1.x
} [5 bytes data]
> GET / HTTP/1.1
> Host: one.one.one.one
> User-Agent: curl/8.2.1
> Accept: */*
> 
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [233 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [233 bytes data]
* old SSL session ID is stale, removing
{ [5 bytes data]
< HTTP/1.1 200 OK
< Date: Thu, 04 Apr 2024 11:00:22 GMT
< Content-Type: text/html; charset=utf-8
< Content-Length: 56604
< Connection: keep-alive
< CF-Ray: 86f0cb57b8b82685-TXL
< Access-Control-Allow-Origin: *
< Cache-Control: public, max-age=0, must-revalidate
< ETag: "5dd740d0e716a31c1b8437db0263fa93"
< Vary: Accept-Encoding
< referrer-policy: strict-origin-when-cross-origin
< x-content-type-options: nosniff
< Server: cloudflare
< alt-svc: h3=":443"; ma=86400
< 
{ [570 bytes data]
100 56604  100 56604    0     0   410k      0 --:--:-- --:--:-- --:--:--  412k
* Connection #0 to host 127.0.0.1 left intact
56604
lperdereau commented 7 months ago

I've juste seen you starting development. I hope you're enjoying getting into development.

I'm pulling your branch, to read over my lunch. I realised that my IDE couldn't analyse the code with rust-analyzer. So I found a trick to do it.

I add a root Cargo.toml to reference the repository member project.

[workspace]

members = [
    "source/river",
]

I don't know if you're used to doing this. Just a suggestion.

Thank you for your time and your work. I wish you a good day.