fix: reverse proxy tls server start fail (#145)

* fix: reverse proxy tls example * add comment * typo * two tls server
cloudwego · May 13, 2024 · 36af1b1 · 36af1b1
1 parent 13a9a9d
commit 36af1b1
Show file tree

Hide file tree

Showing 2 changed files with 43 additions and 22 deletions.
diff --git a/reverseproxy/tls/README.md b/reverseproxy/tls/README.md
@@ -0,0 +1,10 @@
+## How to run
+
+### start tls server and normal server
+```bash
+go run tls/main.go
+```
+
+### Accessing the tls server through the reverse proxy
+
+Visit https://127.0.0.1:8005/backend by GET method.
diff --git a/reverseproxy/tls/main.go b/reverseproxy/tls/main.go
@@ -30,31 +30,40 @@ import (
 	"github.com/hertz-contrib/reverseproxy"
 )
 
+var (
+	wg        sync.WaitGroup
+	tlsConfig *tls.Config
+)
+
 func main() {
-	var wg sync.WaitGroup
 	wg.Add(2)
+	cert, err := tls.LoadX509KeyPair("tls/server.crt", "tls/server.key")
+	if err != nil {
+		fmt.Println(err.Error())
+		return
+	}
+	tlsConfig = &tls.Config{
+		MinVersion:               tls.VersionTLS12,
+		CurvePreferences:         []tls.CurveID{tls.X25519, tls.CurveP256},
+		PreferServerCipherSuites: true,
+		CipherSuites: []uint16{
+			tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+			tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+			tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+		},
+	}
+
+	tlsConfig.Certificates = append(tlsConfig.Certificates, cert)
+
 	go func() {
 		defer wg.Done()
-		cfg := &tls.Config{
-			MinVersion:               tls.VersionTLS12,
-			CurvePreferences:         []tls.CurveID{tls.X25519, tls.CurveP256},
-			PreferServerCipherSuites: true,
-			CipherSuites: []uint16{
-				tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
-				tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
-				tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
-			},
-		}
-		cert, err := tls.LoadX509KeyPair("tls/server.crt", "tls/server.key")
-		if err != nil {
-			fmt.Println(err.Error())
-		}
-		cfg.Certificates = append(cfg.Certificates, cert)
-
 		h := server.New(
 			server.WithHostPorts(":8004"),
-			server.WithTLS(cfg),
+			server.WithTLS(tlsConfig),
+			// if you want to use tls server. pls use go net
+			server.WithTransport(standard.NewTransporter),
 		)
+
 		h.GET("/backend", func(cc context.Context, c *app.RequestContext) {
 			c.JSON(200, utils.H{"msg": "pong"})
 		})
@@ -63,11 +72,13 @@ func main() {
 
 	go func() {
 		defer wg.Done()
-		h := server.New(server.WithHostPorts(":8001"))
+		h := server.New(
+			server.WithHostPorts(":8005"),
+			server.WithTransport(standard.NewTransporter),
+			server.WithTLS(tlsConfig),
+		)
 		proxy, err := reverseproxy.NewSingleHostReverseProxy("https://127.0.0.1:8004",
-			client.WithTLSConfig(&tls.Config{
-				InsecureSkipVerify: true,
-			}),
+			client.WithTLSConfig(&tls.Config{InsecureSkipVerify: true}),
 			client.WithDialer(standard.NewDialer()),
 		)
 		if err != nil {