Add support for HTTPS+TCP+SNI on the same listener #783
Comments
nathanejohnson
added a commit
to nathanejohnson/fabio
that referenced
this issue
Aug 28, 2020
Adds support for the https+tcp+sni listener. Any routes that are marked with proto=tcp or have a scheme tcp:// will be matched for TCP steering. Failing any matches there, fallthrough will be to https matching. This resolves: fabiolb#783. clean up error handling on 'use of closed network connection' case fix makefile tag finding stuff fix logic for https+tcp+sni matching so that only explicit proto=tcp matches
nathanejohnson
added a commit
to nathanejohnson/fabio
that referenced
this issue
Aug 28, 2020
Adds support for the https+tcp+sni listener. Any routes that are marked with proto=tcp or have a scheme tcp:// will be matched for TCP steering. Failing any matches there, fallthrough will be to https matching. This resolves: fabiolb#783. clean up error handling on 'use of closed network connection' case fix makefile tag finding stuff fix logic for https+tcp+sni matching so that only explicit proto=tcp matches
nathanejohnson
added a commit
to nathanejohnson/fabio
that referenced
this issue
Aug 28, 2020
Adds support for the https+tcp+sni listener. Any routes that are marked with proto=tcp or have a scheme tcp:// will be matched for TCP steering. Failing any matches there, fallthrough will be to https matching. This resolves: fabiolb#783. clean up error handling on 'use of closed network connection' case fix makefile tag finding stuff fix logic for https+tcp+sni matching so that only explicit proto=tcp matches
nathanejohnson
added a commit
to nathanejohnson/fabio
that referenced
this issue
Aug 30, 2020
Adds support for the https+tcp+sni listener. Any routes that are marked with proto=tcp or have a scheme tcp:// will be matched for TCP steering. Failing any matches there, fallthrough will be to https matching. This resolves: fabiolb#783. clean up error handling on 'use of closed network connection' case fix makefile tag finding stuff fix logic for https+tcp+sni matching so that only explicit proto=tcp matches Adding an integration test
nathanejohnson
added a commit
to nathanejohnson/fabio
that referenced
this issue
Aug 30, 2020
Adds support for the https+tcp+sni listener. Any routes that are marked with proto=tcp or have a scheme tcp:// will be matched for TCP steering. Failing any matches there, fallthrough will be to https matching. This resolves: fabiolb#783. clean up error handling on 'use of closed network connection' case fix makefile tag finding stuff fix logic for https+tcp+sni matching so that only explicit proto=tcp matches Adding an integration test
nathanejohnson
added a commit
to nathanejohnson/fabio
that referenced
this issue
Aug 30, 2020
Adds support for the https+tcp+sni listener. Any routes that are marked with proto=tcp or have a scheme tcp:// will be matched for TCP steering. Failing any matches there, fallthrough will be to https matching. This resolves: fabiolb#783. clean up error handling on 'use of closed network connection' case fix makefile tag finding stuff fix logic for https+tcp+sni matching so that only explicit proto=tcp matches Adding an integration test
nathanejohnson
added a commit
to nathanejohnson/fabio
that referenced
this issue
Aug 30, 2020
Adds support for the https+tcp+sni listener. Any routes that are marked with proto=tcp or have a scheme tcp:// will be matched for TCP steering. Failing any matches there, fallthrough will be to https matching. This resolves: fabiolb#783. clean up error handling on 'use of closed network connection' case fix makefile tag finding stuff fix logic for https+tcp+sni matching so that only explicit proto=tcp matches Adding an integration test make sure proxy is listening before starting test
nathanejohnson
added a commit
to nathanejohnson/fabio
that referenced
this issue
Aug 30, 2020
Adds support for the https+tcp+sni listener. Any routes that are marked with proto=tcp or have a scheme tcp:// will be matched for TCP steering. Failing any matches there, fallthrough will be to https matching. This resolves: fabiolb#783. clean up error handling on 'use of closed network connection' case fix makefile tag finding stuff fix logic for https+tcp+sni matching so that only explicit proto=tcp matches Adding an integration test make sure proxy is listening before starting test
nathanejohnson
added a commit
to nathanejohnson/fabio
that referenced
this issue
Aug 30, 2020
Adds support for the https+tcp+sni listener. Any routes that are marked with proto=tcp or have a scheme tcp:// will be matched for TCP steering. Failing any matches there, fallthrough will be to https matching. This resolves: fabiolb#783. clean up error handling on 'use of closed network connection' case fix makefile tag finding stuff fix logic for https+tcp+sni matching so that only explicit proto=tcp matches Adding an integration test make sure proxy is listening before starting test
nathanejohnson
added a commit
to nathanejohnson/fabio
that referenced
this issue
Aug 31, 2020
Adds support for the https+tcp+sni listener. Any routes that are marked with proto=tcp or have a scheme tcp:// will be matched for TCP steering. Failing any matches there, fallthrough will be to https matching. This resolves: fabiolb#783. clean up error handling on 'use of closed network connection' case fix makefile tag finding stuff fix logic for https+tcp+sni matching so that only explicit proto=tcp matches Adding an integration test make sure proxy is listening before starting test add buffered err chan to Close() per dcarbone add 1.14 and 1.15 to travis tests
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In some cases it is desirable to have TCP SNI steering as well as HTTPS proxying.
For example: Say you have one external IP address, 1.2.3.4
You have a services A, B and C that need path based (https) routing
You have service D that needs to see the client certificate, and any traffic with this SNI should be routed to D so it can terminate TLS
Adding a https+tcp+sni mode would support this use case by allowing any hosts that match D - as specified by proto=tcp or scheme is tcp:// in the route - would be tcp proxied, and that everything else would fall through to existing HTTPS routing logic.
The text was updated successfully, but these errors were encountered: