mirror of
https://github.com/pomerium/pomerium.git
synced 2025-08-02 08:19:23 +02:00
HTTP/3 Support (#5349)
* wip * http3 support * add integration test * move some quic code * fix codec type * casing * add alt-svc header * add quic unit test
This commit is contained in:
Caleb Doxsey
GitHub
parent
20a9be891f
commit
5d69b925be
28 changed files with 580 additions and 280 deletions
55
config/envoyconfig/quic.go
Normal file
55
config/envoyconfig/quic.go
Normal file
|
|
@ -0,0 +1,55 @@
|
|||
package envoyconfig
|
||||
|
||||
import (
|
||||
"context"
|
||||
"crypto/tls"
|
||||
"fmt"
|
||||
|
||||
envoy_config_common_mutation_rules_v3 "github.com/envoyproxy/go-control-plane/envoy/config/common/mutation_rules/v3"
|
||||
envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
|
||||
envoy_extensions_filters_http_header_mutation_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/header_mutation/v3"
|
||||
envoy_extensions_filters_network_http_connection_manager "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3"
|
||||
envoy_extensions_transport_sockets_quic_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/quic/v3"
|
||||
|
||||
"github.com/pomerium/pomerium/config"
|
||||
)
|
||||
|
||||
func (b *Builder) buildDownstreamQUICTransportSocket(
|
||||
ctx context.Context,
|
||||
cfg *config.Config,
|
||||
certs []tls.Certificate,
|
||||
) (*envoy_config_core_v3.TransportSocket, error) {
|
||||
tlsContext, err := b.buildDownstreamTLSContextMulti(ctx, cfg, certs)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
tlsContext.CommonTlsContext.AlpnProtocols = nil
|
||||
|
||||
return &envoy_config_core_v3.TransportSocket{
|
||||
Name: "envoy.transport_sockets.quic",
|
||||
ConfigType: &envoy_config_core_v3.TransportSocket_TypedConfig{
|
||||
TypedConfig: marshalAny(&envoy_extensions_transport_sockets_quic_v3.QuicDownstreamTransport{
|
||||
DownstreamTlsContext: tlsContext,
|
||||
}),
|
||||
},
|
||||
}, nil
|
||||
}
|
||||
|
||||
func newQUICAltSvcHeaderFilter(cfg *config.Config) *envoy_extensions_filters_network_http_connection_manager.HttpFilter {
|
||||
listenAddr := buildUDPAddress(cfg.Options.Addr, 443)
|
||||
listenPort := listenAddr.GetSocketAddress().GetPortValue()
|
||||
return HTTPHeaderMutationsFilter(&envoy_extensions_filters_http_header_mutation_v3.HeaderMutation{
|
||||
Mutations: &envoy_extensions_filters_http_header_mutation_v3.Mutations{
|
||||
ResponseMutations: []*envoy_config_common_mutation_rules_v3.HeaderMutation{{
|
||||
Action: &envoy_config_common_mutation_rules_v3.HeaderMutation_Append{
|
||||
Append: &envoy_config_core_v3.HeaderValueOption{
|
||||
Header: &envoy_config_core_v3.HeaderValue{
|
||||
Key: "alt-svc",
|
||||
Value: fmt.Sprintf(`h3=":%d"; ma=86400`, listenPort),
|
||||
},
|
||||
},
|
||||
},
|
||||
}},
|
||||
},
|
||||
})
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue