Skip to content

Commit

Permalink
Fix quarkiverse#682: Add tls support to real forwarder
Browse files Browse the repository at this point in the history
  • Loading branch information
ylemoigne committed Jun 15, 2024
1 parent a3849dc commit e2f7949
Show file tree
Hide file tree
Showing 6 changed files with 66 additions and 12 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,8 @@ public ForwardedDevServerBuildItem prepareDevService(
devServerConfig.host(),
devServerConfig.port().get(),
checkPath);
return new ForwardedDevServerBuildItem(resolvedDevServerHost, devServerConfig.port().get());
return new ForwardedDevServerBuildItem(devServerConfig.tls(), devServerConfig.tlsAllowInsecure(),
resolvedDevServerHost, devServerConfig.port().get());
}
shutdownDevService();
}
Expand All @@ -125,7 +126,7 @@ public ForwardedDevServerBuildItem prepareDevService(
final String resolvedHostIPAddress = PackageManagerRunner.isDevServerUp(configuredTls, configuredTlsAllowInsecure,
configuredDevServerHost, port, checkPath);
if (resolvedHostIPAddress != null) {
return new ForwardedDevServerBuildItem(resolvedHostIPAddress, port);
return new ForwardedDevServerBuildItem(configuredTls, configuredTlsAllowInsecure, resolvedHostIPAddress, port);
} else {
throw new IllegalStateException(
"The Web UI dev server (configured as not managed by Quinoa) is not started on port: " + port);
Expand Down Expand Up @@ -161,7 +162,7 @@ public ForwardedDevServerBuildItem prepareDevService(
devService = new DevServicesResultBuildItem.RunningDevService(
DEV_SERVICE_NAME, null, onClose, devServerConfigMap);
devServices.produce(devService.toBuildItem());
return new ForwardedDevServerBuildItem(devServer.hostIPAddress(), port);
return new ForwardedDevServerBuildItem(configuredTls, configuredTlsAllowInsecure, devServer.hostIPAddress(), port);
} catch (Throwable t) {
packageManagerRunner.stopDev(dev.get());
if (devServer != null) {
Expand Down Expand Up @@ -206,7 +207,8 @@ public void runtimeInit(
LOG.infof("Quinoa is forwarding unhandled requests to port: %d", devProxy.get().getPort());
final QuinoaDevProxyHandlerConfig handlerConfig = toDevProxyHandlerConfig(quinoaConfig, httpBuildTimeConfig);
routes.produce(RouteBuildItem.builder().orderedRoute("/*", QUINOA_ROUTE_ORDER)
.handler(recorder.quinoaProxyDevHandler(handlerConfig, vertx.getVertx(), devProxy.get().getHost(),
.handler(recorder.quinoaProxyDevHandler(handlerConfig, vertx.getVertx(), devProxy.get().isTls(),
devProxy.get().isTlsAllowInsecure(), devProxy.get().getHost(),
devProxy.get().getPort(),
quinoaConfig.devServer().websocket()))
.build());
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -41,13 +41,13 @@ public interface DevServerConfig {
String host();

/**
* Protocol of the server to forward requests to.
* When set to true, Quinoa requests will be forwarded with tls enabled.
*/
@WithDefault("false")
boolean tls();

/**
* Protocol of the server to forward requests to.
* When set to true, Quinoa will accept any certificate with any hostname.
*/
@WithDefault("false")
boolean tlsAllowInsecure();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,14 +4,26 @@

public final class ForwardedDevServerBuildItem extends SimpleBuildItem {

private final boolean tls;
private final boolean tlsAllowInsecure;
private final String host;
private final Integer port;

public ForwardedDevServerBuildItem(String host, Integer port) {
public ForwardedDevServerBuildItem(boolean tls, boolean tlsAllowInsecure, String host, Integer port) {
this.tls = tls;
this.tlsAllowInsecure = tlsAllowInsecure;
this.host = host;
this.port = port;
}

public boolean isTls() {
return tls;
}

public boolean isTlsAllowInsecure() {
return tlsAllowInsecure;
}

public String getHost() {
return host;
}
Expand Down
33 changes: 32 additions & 1 deletion docs/modules/ROOT/pages/includes/quarkus-quinoa.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -519,6 +519,37 @@ endif::add-copy-button-to-env-var[]
--|boolean
|`true`

a|icon:lock[title=Fixed at build time] [[quarkus-quinoa_quarkus-quinoa-dev-server-tls]]`link:#quarkus-quinoa_quarkus-quinoa-dev-server-tls[quarkus.quinoa.dev-server.tls]`


[.description]
--
When set to true, Quinoa requests will be forwarded with tls enabled.

ifdef::add-copy-button-to-env-var[]
Environment variable: env_var_with_copy_button:+++QUARKUS_QUINOA_DEV_SERVER_TLS+++[]
endif::add-copy-button-to-env-var[]
ifndef::add-copy-button-to-env-var[]
Environment variable: `+++QUARKUS_QUINOA_DEV_SERVER_TLS+++`
endif::add-copy-button-to-env-var[]
--|boolean
|`false`

a|icon:lock[title=Fixed at build time] [[quarkus-quinoa_quarkus-quinoa-dev-server-tls-allow-insecure]]`link:#quarkus-quinoa_quarkus-quinoa-dev-server-tls-allow-insecure[quarkus.quinoa.dev-server.tls.allow-insecure]`


[.description]
--
When set to true, Quinoa will accept any certificate with any hostname.

ifdef::add-copy-button-to-env-var[]
Environment variable: env_var_with_copy_button:+++QUARKUS_QUINOA_DEV_SERVER_TLS_ALLOW_INSECURE+++[]
endif::add-copy-button-to-env-var[]
ifndef::add-copy-button-to-env-var[]
Environment variable: `+++QUARKUS_QUINOA_DEV_SERVER_TLS_ALLOW_INSECURE+++`
endif::add-copy-button-to-env-var[]
--|boolean
|`false`

a|icon:lock[title=Fixed at build time] [[quarkus-quinoa_quarkus-quinoa-dev-server-port]]`link:#quarkus-quinoa_quarkus-quinoa-dev-server-port[quarkus.quinoa.dev-server.port]`

Expand Down Expand Up @@ -745,4 +776,4 @@ endif::add-copy-button-to-env-var[]

|

|===
|===
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@

import java.util.List;

import io.vertx.ext.web.client.WebClientOptions;
import org.jboss.logging.Logger;

import io.vertx.core.AsyncResult;
Expand Down Expand Up @@ -36,11 +37,19 @@ class QuinoaDevProxyHandler implements Handler<RoutingContext> {
private final ClassLoader currentClassLoader;
private final QuinoaDevProxyHandlerConfig config;

QuinoaDevProxyHandler(final QuinoaDevProxyHandlerConfig config, final Vertx vertx, String host, int port,
QuinoaDevProxyHandler(final QuinoaDevProxyHandlerConfig config, final Vertx vertx, boolean tls, boolean tlsAllowInsecure,String host, int port,
boolean websocket) {
this.host = host;
this.port = port;
this.client = WebClient.create(vertx);
WebClientOptions options = new WebClientOptions();
if(tls){
options.setSsl(true);
if(tlsAllowInsecure){
options.setTrustAll(true);
options.setVerifyHost(false);
}
}
this.client = WebClient.create(vertx, options);
this.wsUpgradeHandler = websocket ? new QuinoaDevWebSocketProxyHandler(vertx, host, port) : null;
this.config = config;
currentClassLoader = Thread.currentThread().getContextClassLoader();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -26,12 +26,12 @@ public class QuinoaRecorder {
public static final Set<HttpMethod> HANDLED_METHODS = Set.of(HttpMethod.HEAD, HttpMethod.OPTIONS, HttpMethod.GET);

public Handler<RoutingContext> quinoaProxyDevHandler(final QuinoaDevProxyHandlerConfig handlerConfig, Supplier<Vertx> vertx,
String host, int port, boolean websocket) {
boolean tls, boolean tlsAllowInsecure, String host, int port, boolean websocket) {
if (LOG.isDebugEnabled()) {
LOG.debugf("Quinoa dev proxy-handler is ignoring paths starting with: "
+ String.join(", ", handlerConfig.ignoredPathPrefixes));
}
return new QuinoaDevProxyHandler(handlerConfig, vertx.get(), host, port, websocket);
return new QuinoaDevProxyHandler(handlerConfig, vertx.get(), tls, tlsAllowInsecure, host, port, websocket);
}

public Handler<RoutingContext> quinoaSPARoutingHandler(List<String> ignoredPathPrefixes) throws IOException {
Expand Down

0 comments on commit e2f7949

Please sign in to comment.