mirror of
https://github.com/pomerium/pomerium.git
synced 2025-07-24 03:59:49 +02:00
1d6aa75f03
Pomerium configures a gRPC listener in Envoy, for internal communication between the various Pomerium services. Currently this listener shares much of the same configuration as the main HTTP listener, based on the main Pomerium configuration options. However, some configuration options don't make sense for the gRPC listener. Specifically, the `codec_type` option should not be applied to the gRPC listener, as gRPC requires HTTP/2. Also, any client certificate settings should not apply to the gRPC listener. Separate the gRPC listener configuration from the main HTTP listener configuration, so we can avoid applying these configuration options. Instead set AlpnProtocols to just "h2" (HTTP/2), and do not set any ValidationContextType on the DownstreamTlsContext (no client certificate validation). Specifically, inline the call to buildTLSSocket() within the body of buildGRPCListener(). Extract a new method envoyCertificates() from buildDownstreamTLSContextMulti(), to avoid repeating this logic. |
||
|---|---|---|
| .. | ||
| envoyconfig | ||
| testdata | ||
| autocert.go | ||
| autocert_test.go | ||
| codec_type.go | ||
| codec_type_test.go | ||
| config.go | ||
| config_source.go | ||
| config_source_test.go | ||
| constants.go | ||
| crypt.go | ||
| custom.go | ||
| custom_test.go | ||
| doc.go | ||
| from.go | ||
| from_test.go | ||
| helpers.go | ||
| helpers_test.go | ||
| http.go | ||
| http_test.go | ||
| identity.go | ||
| layered.go | ||
| layered_test.go | ||
| log.go | ||
| log_level.go | ||
| metrics.go | ||
| metrics_test.go | ||
| options.go | ||
| options_check.go | ||
| options_test.go | ||
| policy.go | ||
| policy_ppl.go | ||
| policy_ppl_test.go | ||
| policy_test.go | ||
| session.go | ||
| session_test.go | ||
| trace.go | ||
| trace_test.go | ||
| validate.go | ||