-
Notifications
You must be signed in to change notification settings - Fork 240
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for Caddy 2 #74
Conversation
All the tests pass. I tried to keep as much as possible the same, but a few things don't translate well to Caddy 2, notably one test in probe_resist_test.go on L200, I had to change that test case since I didn't quite understand why it was the way it was before. Does not yet have v2 Caddyfile support.
* Fix probe_resistance config parsing * Support Caddyfile * Support HTTP/3 * Revert "Support HTTP/3" This reverts commit f01c163. * Fix review comments * Update README.md to new directive names * Use Caddy 2 logger
@sergeyfrolov Do you think you'd have a chance to look this over or try it out soon? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey @mholt!
Sorry I haven't paid much attention to my open-source projects lately. Between academia and new full-time job I don't have much extra energy.
I took a look at the code and left some comments.
I specifically looked through the new ServeHTTP function to see if correct probe-resistance behavior is preserved, and it appears to be. Haven't yet checked why probe-resistance tests fail, but we can fix them after ensuring that it does actually work correctly. The most bulletproof way to do that would be to spin up 2 Caddy servers: one without forwardproxy, and another with forwardproxy and probe_resistance and see if there's a difference in their responses to requests. How about we try to do that today or tomorrow evening (or some other evening)?
forwardproxy.go
Outdated
BasicauthUser string `json:"auth_user,omitempty"` | ||
BasicauthPass string `json:"auth_pass,omitempty"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why do we add those 2 fields, instead of using the existing authCredentials slice? How does this temporary solution help tests and why can't we re-use existing credentials checking code?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These fields are here so users can access them via configuration. Otherwise the authCredentials
field is unexported so the JSON unmarshaler can't reach it.
I am hoping to remove auth from this module entirely, and let Caddy's existing authentication handler deal with it. Do you think that's possible?
@sergeyfrolov Thanks for taking a look! I guess the main thing to verify now is the probe resistance and authentication. I'm hoping we can remove the authentication logic entirely... When do you have time today or this weekend? (Feel free to ping me in Slack at your convenience.) |
responseProbeResist and responseForwardProxy must be different
Btw, I think this is probably good to go for most people, if we are OK with being complacent about the failing test case. |
Fix multiauth for caddy2
All tests are green. Any remaining issues? |
It's related in that if it's not fixed, this plugin won't work if you need access logs. |
@WeidiDeng I will fix it thus weekend. Thanks! @johnzhanghua Only a few things left, cleaning up the readme, updating the docker file + workflow, We could probably merge after that and do a release candidate. |
ready to dog food this. woof !!!! |
So happy to see the commit yesterday. Looking forward to a potential merge. |
Verify if tests can run on different platforms
Tests are now run in:
TODO:
|
Just stumbled over this PR as I am looking for a way to use caddy as a forward proxy. Nice work! I reviewed the
|
Please reduce scope and get this merged first after 3 years and we can talk about more improvements. Including
which I argue are non-essential work before the merge. |
@mholt This should be good to merge now. Pending issues and documentation can be handle in a separate PR. |
Acknowledged. Thank you for your help with it! |
All the tests pass. I tried to keep as much as possible the same, but a
few things don't translate well to Caddy 2, notably one test in
probe_resist_test.go on L200, I had to change that test case since I
didn't quite understand why it was the way it was before.
Have not vetted this for privacy or security guarantees. Do not rely on this code.
Example config:
@sergeyfrolov Please give this a once-over if you have a chance. Or better yet, ping me in Slack so I can give you a brief walkthrough of the changes. It'd be good to have an extra set of eyeballs review any sensitive parts that I might have (probably) botched up.
I also wonder if we can remove basicauth logic out from this code and use Caddy 2's existing basicauth module instead. Let's chat when you have a chance. But, if I don't hear from you in the next couple weeks I might just go ahead anyway.
Thanks!