Implement the proxy server.

[thedodd]

abstract

The trunk serve command needs the ability to proxy some URLs to a configured backend, particularly for cases where the UI makes requests to backend data APIs on the same host which served the UI application, nested under a different URI prefix. This is a very common deployment pattern.

todo

• [x] add trunk serve --proxy-backend flag. This flag will take a valid URL, where the protocol, host, and port segments will be used as the proxy backend target, and the URI portion will be treated as the URI to proxy. E.G., for http://localhost:3000/api/ Trunk will proxy any requests received at /api/ over to the target backend, same URI, headers &c.
• [x] when the --proxy-backend option is specified, the serve subcommand should add a handler for the backend's URI. The handler should transparently proxy any received requests over to the configured backend, returning the response from the backend to the client.
• [x] add trunk serve --proxy-rewrite flag. This flag will take a valid URI, and will use it as the URI which is to be proxied, stripping the given prefix and rewriting it to match the URI of --proxy-backend.

Trunk.toml-only proxy config

• [x] add a new section to the Trunk.toml called [proxy]. It will only be supported in the config file. No env vars or CLI opts.
• [x] require a backend to be specified. This describes the backend target. The URI provided for the backend will be used as the proxy URI by default.
• [x] an optional rewrite can be provided which will make the proxy handle the given URI as the entrypoint, but will then re-write the URI segment to match the backend's URI. E.G., rewrite=/dev/v1/ backend=http://localhost:3000/api/ will cause Trunk to proxy requests received on /dev/v1/ over the the backend at http://localhost:3000/api/, and the /dev/v1/ portion of the URI of the original request will be stripped and rewritten as simply /api/ matching the backend.
• [x] it should take a vector of proxy configs for configuring more complex proxy topologies.
• [x] if --proxy-backend is specified on the CLI, then Trunk.toml proxies will be ignored (following the config layers pattern).
• [x] add support for ignoring invalid certs.
• [x] open a ticket to support WebSocket proxy once Tide has WebSocket support.

related issues

29

31 (though this one will require separate treatment and functionality)

[jgrund]

add support for ignoring invalid certs.

Was this implemented? I am seeing the following when trying to proxy to a dev server with a self-signed cert:

Caused by:
    0: error sending request for url (https://localhost:7443/messaging/): error trying to connect: invalid certificate: UnknownIssuer
    1: error trying to connect: invalid certificate: UnknownIssuer
    2: invalid certificate: UnknownIssuer
Feb 18 16:47:33.355 ERROR response failed classification=Status code: 500 Internal Server Error latency=140 ms

[rogusdev]

The feature you are looking for exists but is undocumented: --proxy-insecure as a cli arg like:

trunk serve --proxy-backend=https://localhost:3001/ --proxy-insecure --proxy-rewrite=/api/

The docs need updating at https://trunkrs.dev/configuration/#proxy-cli-flags and I have asked how to do that.

This was added in https://github.com/thedodd/trunk/commit/41e4a6089dbc3fc73b9c5b0f0d48565f8b199b49

[rogusdev]

Oh, I see that @jgrund was the one who in fact added it :) Thank you!

[rogusdev]

https://github.com/thedodd/trunk/pull/611 PR for docs