3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-04-29 10:26:29 +02:00
Code Issues Projects Releases Packages Wiki Activity
pomerium/config/envoyconfig/quic.go

60 lines
2.3 KiB
Go
Raw Blame History

package envoyconfig
import (
"context"
"crypto/tls"
"fmt"
envoy_config_common_mutation_rules_v3 "github.com/envoyproxy/go-control-plane/envoy/config/common/mutation_rules/v3"
envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
envoy_extensions_filters_http_header_mutation_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/header_mutation/v3"
envoy_extensions_filters_network_http_connection_manager "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3"
envoy_extensions_transport_sockets_quic_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/quic/v3"
"github.com/pomerium/pomerium/config"
)
func (b *Builder) buildDownstreamQUICTransportSocket(
ctx context.Context,
cfg *config.Config,
certs []tls.Certificate,
) (*envoy_config_core_v3.TransportSocket, error) {
tlsContext, err := b.buildDownstreamTLSContextMulti(ctx, cfg, certs)
if err != nil {
return nil, err
}
tlsContext.CommonTlsContext.AlpnProtocols = nil
return &envoy_config_core_v3.TransportSocket{
Name: "envoy.transport_sockets.quic",
ConfigType: &envoy_config_core_v3.TransportSocket_TypedConfig{
TypedConfig: marshalAny(&envoy_extensions_transport_sockets_quic_v3.QuicDownstreamTransport{
DownstreamTlsContext: tlsContext,
}),
},
}, nil
}
func newQUICAltSvcHeaderFilter(cfg *config.Config) *envoy_extensions_filters_network_http_connection_manager.HttpFilter {
var advertisePort uint32
if cfg.Options.HTTP3AdvertisePort.Valid {
advertisePort = cfg.Options.HTTP3AdvertisePort.Uint32
} else {
listenAddr := buildUDPAddress(cfg.Options.Addr, 443)
advertisePort = listenAddr.GetSocketAddress().GetPortValue()
}
return HTTPHeaderMutationsFilter(&envoy_extensions_filters_http_header_mutation_v3.HeaderMutation{
Mutations: &envoy_extensions_filters_http_header_mutation_v3.Mutations{
ResponseMutations: []*envoy_config_common_mutation_rules_v3.HeaderMutation{{
Action: &envoy_config_common_mutation_rules_v3.HeaderMutation_Append{
Append: &envoy_config_core_v3.HeaderValueOption{
Header: &envoy_config_core_v3.HeaderValue{
Key: "alt-svc",
Value: fmt.Sprintf(`h3=":%d"; ma=86400`, advertisePort),
},
},
},
}},
},
})
}
Reference in a new issue View git blame Copy permalink