From e6862513814351fd29cef6c3be779a1e138654a6 Mon Sep 17 00:00:00 2001 From: Harshavardhana Date: Fri, 13 Nov 2020 11:43:26 -0800 Subject: [PATCH] allow side-kick to proxy http2.0 requests (#47) --- main.go | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/main.go b/main.go index 1491321..c85b63c 100644 --- a/main.go +++ b/main.go @@ -475,13 +475,15 @@ func clientTransport(ctx *cli.Context, enableTLS bool) http.RoundTripper { if enableTLS { // Keep TLS config. tr.TLSClientConfig = &tls.Config{ + NextProtos: []string{"h2", "http/1.1"}, RootCAs: getCertPool(ctx.GlobalString("cacert")), Certificates: getCertKeyPair(ctx.GlobalString("client-cert"), ctx.GlobalString("client-key")), InsecureSkipVerify: ctx.GlobalBool("insecure"), // Can't use SSLv3 because of POODLE and BEAST // Can't use TLSv1.0 because of POODLE and BEAST using CBC cipher // Can't use TLSv1.1 because of RC4 cipher usage - MinVersion: tls.VersionTLS12, + MinVersion: tls.VersionTLS12, + PreferServerCipherSuites: true, } } @@ -550,8 +552,22 @@ func configureSite(ctx *cli.Context, siteNum int, siteStrs []string, healthCheck if transport == nil { transport = clientTransport(ctx, target.Scheme == "https") } - proxy := httputil.NewSingleHostReverseProxy(target) - proxy.Transport = transport + + proxy := &httputil.ReverseProxy{ + Director: func(r *http.Request) { + r.Header.Add("X-Forwarded-Host", r.Host) + r.Header.Add("X-Real-IP", r.RemoteAddr) + + if target.Scheme == "https" { + r.URL.Scheme = "https" + } else { + r.URL.Scheme = "http" + } + r.URL.Host = target.Host + }, + Transport: transport, + } + stats := BackendStats{MinLatency: time.Duration(24 * time.Hour), MaxLatency: time.Duration(0)} backend := &Backend{siteNum, endpoint, proxy, &http.Client{ Transport: proxy.Transport,