TLS termination is a bit complex. This crate intends NGINX to do that. This PR tests integration between NGINX configured with stream support and ohttp-relay. Vanilla NGINX or Caddy don't proxy streams, but NGINX supports it natively with compilation flags.
The flake configures NGINX with --with-stream, --with-stream_ssl_module configuration flags so that NGINX can reverse proxy proxy_pass the entire incoming TCP stream rather than individual HTTP requests in order to support CONNECT and WebSocket bootstrap mechanisms.
Tests assume NGINX is built with this configuration in the environment and start them from the shell using a tokio::process::Command. This first draft only tests the stream reverse proxy. I'd like the next iteration to test NGINX TLS termination as well, and to include an nginx.conf template for simple configuration.
Enabling a consistent environment for both CI and development is a challenge, but should be possible with nix flakes.
TLS termination is a bit complex. This crate intends NGINX to do that. This PR tests integration between NGINX configured with stream support and ohttp-relay. Vanilla NGINX or Caddy don't proxy streams, but NGINX supports it natively with compilation flags.
The flake configures NGINX with
--with-stream,--with-stream_ssl_moduleconfiguration flags so that NGINX can reverse proxyproxy_passthe entire incoming TCP stream rather than individual HTTP requests in order to support CONNECT and WebSocket bootstrap mechanisms.Tests assume NGINX is built with this configuration in the environment and start them from the shell using a
tokio::process::Command. This first draft only tests the stream reverse proxy. I'd like the next iteration to test NGINX TLS termination as well, and to include annginx.conftemplate for simple configuration.Enabling a consistent environment for both CI and development is a challenge, but should be possible with nix flakes.