From 56ad7b5171e10d3bf5754d959cda0ef0aec9b80a Mon Sep 17 00:00:00 2001 From: Ryan Leung Date: Wed, 9 Oct 2019 18:40:17 +0800 Subject: [PATCH] api: fix TLS when redirecting the request (#1740) (#1777) Signed-off-by: Ryan Leung --- .gitignore | 2 ++ server/api/redirector.go | 19 ++++++++++++++++++- 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 81e2de79eb9..e100d144118 100644 --- a/.gitignore +++ b/.gitignore @@ -9,3 +9,5 @@ tags /.retools/ vendor default* +*.bak +.vscode/ diff --git a/server/api/redirector.go b/server/api/redirector.go index 911f48e58bc..7cf61245cec 100644 --- a/server/api/redirector.go +++ b/server/api/redirector.go @@ -14,10 +14,12 @@ package api import ( + "crypto/tls" "io/ioutil" "net/http" "net/url" "strings" + "sync" log "github.com/pingcap/log" "github.com/pingcap/pd/server" @@ -33,6 +35,8 @@ const ( errRedirectToNotLeader = "redirect to not leader" ) +var initHTTPClientOnce sync.Once + type redirector struct { s *server.Server } @@ -67,7 +71,20 @@ func (h *redirector) ServeHTTP(w http.ResponseWriter, r *http.Request, next http http.Error(w, err.Error(), http.StatusInternalServerError) return } - + initHTTPClientOnce.Do(func() { + var tlsConfig *tls.Config + tlsConfig, err = server.ToTLSConfig(h.s.GetSecurityConfig()) + dialClient = &http.Client{ + Transport: &http.Transport{ + DisableKeepAlives: true, + TLSClientConfig: tlsConfig, + }, + } + }) + if err != nil { + http.Error(w, err.Error(), http.StatusInternalServerError) + return + } newCustomReverseProxies(urls).ServeHTTP(w, r) }