5 files changed, 106 insertions, 43 deletions
diff --git a/modules/caddyhttp/reverseproxy/caddyfile.go b/modules/caddyhttp/reverseproxy/caddyfile.go
index 9ff9dce..cefb5b6 100644
--- a/modules/caddyhttp/reverseproxy/caddyfile.go
+++ b/modules/caddyhttp/reverseproxy/caddyfile.go
@@ -177,13 +177,36 @@ func (h *Handler) UnmarshalCaddyfile(d *caddyfile.Dispenser) error {
 		return net.JoinHostPort(host, port), nil
 	}
 
+	// appendUpstream creates an upstream for address and adds
+	// it to the list. If the address starts with "srv+" it is
+	// treated as a SRV-based upstream, and any port will be
+	// dropped.
+	appendUpstream := func(address string) error {
+		isSRV := strings.HasPrefix(address, "srv+")
+		if isSRV {
+			address = strings.TrimPrefix(address, "srv+")
+		}
+		dialAddr, err := upstreamDialAddress(address)
+		if err != nil {
+			return err
+		}
+		if isSRV {
+			if host, _, err := net.SplitHostPort(dialAddr); err == nil {
+				dialAddr = host
+			}
+			h.Upstreams = append(h.Upstreams, &Upstream{LookupSRV: dialAddr})
+		} else {
+			h.Upstreams = append(h.Upstreams, &Upstream{Dial: dialAddr})
+		}
+		return nil
+	}
+
 	for d.Next() {
 		for _, up := range d.RemainingArgs() {
-			dialAddr, err := upstreamDialAddress(up)
+			err := appendUpstream(up)
 			if err != nil {
 				return err
 			}
-			h.Upstreams = append(h.Upstreams, &Upstream{Dial: dialAddr})
 		}
 
 		for d.NextBlock(0) {
@@ -194,11 +217,10 @@ func (h *Handler) UnmarshalCaddyfile(d *caddyfile.Dispenser) error {
 					return d.ArgErr()
 				}
 				for _, up := range args {
-					dialAddr, err := upstreamDialAddress(up)
+					err := appendUpstream(up)
 					if err != nil {
 						return err
 					}
-					h.Upstreams = append(h.Upstreams, &Upstream{Dial: dialAddr})
 				}
 
 			case "lb_policy":
diff --git a/modules/caddyhttp/reverseproxy/circuitbreaker.go b/modules/caddyhttp/reverseproxy/circuitbreaker.go
index 00b38a8..830ab43 100644
--- a/modules/caddyhttp/reverseproxy/circuitbreaker.go
+++ b/modules/caddyhttp/reverseproxy/circuitbreaker.go
@@ -24,12 +24,12 @@ import (
 )
 
 func init() {
-	caddy.RegisterModule(localCircuitBreaker{})
+	caddy.RegisterModule(internalCircuitBreaker{})
 }
 
-// localCircuitBreaker implements circuit breaking functionality
+// internalCircuitBreaker implements circuit breaking functionality
 // for requests within this process over a sliding time window.
-type localCircuitBreaker struct {
+type internalCircuitBreaker struct {
 	tripped   int32
 	cbFactor  int32
 	threshold float64
@@ -39,15 +39,15 @@ type localCircuitBreaker struct {
 }
 
 // CaddyModule returns the Caddy module information.
-func (localCircuitBreaker) CaddyModule() caddy.ModuleInfo {
+func (internalCircuitBreaker) CaddyModule() caddy.ModuleInfo {
 	return caddy.ModuleInfo{
-		ID:  "http.reverse_proxy.circuit_breakers.local",
-		New: func() caddy.Module { return new(localCircuitBreaker) },
+		ID:  "http.reverse_proxy.circuit_breakers.internal",
+		New: func() caddy.Module { return new(internalCircuitBreaker) },
 	}
 }
 
 // Provision sets up a configured circuit breaker.
-func (c *localCircuitBreaker) Provision(ctx caddy.Context) error {
+func (c *internalCircuitBreaker) Provision(ctx caddy.Context) error {
 	f, ok := typeCB[c.Factor]
 	if !ok {
 		return fmt.Errorf("type is not defined")
@@ -77,19 +77,19 @@ func (c *localCircuitBreaker) Provision(ctx caddy.Context) error {
 }
 
 // Ok returns whether the circuit breaker is tripped or not.
-func (c *localCircuitBreaker) Ok() bool {
+func (c *internalCircuitBreaker) Ok() bool {
 	tripped := atomic.LoadInt32(&c.tripped)
 	return tripped == 0
 }
 
 // RecordMetric records a response status code and execution time of a request. This function should be run in a separate goroutine.
-func (c *localCircuitBreaker) RecordMetric(statusCode int, latency time.Duration) {
+func (c *internalCircuitBreaker) RecordMetric(statusCode int, latency time.Duration) {
 	c.metrics.Record(statusCode, latency)
 	c.checkAndSet()
 }
 
 // Ok checks our metrics to see if we should trip our circuit breaker, or if the fallback duration has completed.
-func (c *localCircuitBreaker) checkAndSet() {
+func (c *internalCircuitBreaker) checkAndSet() {
 	var isTripped bool
 
 	switch c.cbFactor {
diff --git a/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go b/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go
index 9d2dc39..cff6b39 100644
--- a/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go
+++ b/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go
@@ -29,6 +29,7 @@ import (
 	"github.com/caddyserver/caddy/v2/modules/caddyhttp"
 	"github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy"
 	"github.com/caddyserver/caddy/v2/modules/caddytls"
+	"go.uber.org/zap"
 
 	"github.com/caddyserver/caddy/v2"
 )
@@ -66,6 +67,7 @@ type Transport struct {
 	WriteTimeout caddy.Duration `json:"write_timeout,omitempty"`
 
 	serverSoftware string
+	logger         *zap.Logger
 }
 
 // CaddyModule returns the Caddy module information.
@@ -77,7 +79,8 @@ func (Transport) CaddyModule() caddy.ModuleInfo {
 }
 
 // Provision sets up t.
-func (t *Transport) Provision(_ caddy.Context) error {
+func (t *Transport) Provision(ctx caddy.Context) error {
+	t.logger = ctx.Logger(t)
 	if t.Root == "" {
 		t.Root = "{http.vars.root}"
 	}
@@ -110,6 +113,12 @@ func (t Transport) RoundTrip(r *http.Request) (*http.Response, error) {
 		address = dialInfo.Address
 	}
 
+	t.logger.Debug("roundtrip",
+		zap.Object("request", caddyhttp.LoggableHTTPRequest{Request: r}),
+		zap.String("dial", address),
+		zap.Any("env", env), // TODO: this uses reflection I think
+	)
+
 	fcgiBackend, err := DialContext(ctx, network, address)
 	if err != nil {
 		// TODO: wrap in a special error type if the dial failed, so retries can happen if enabled
@@ -164,7 +173,12 @@ func (t Transport) buildEnv(r *http.Request) (map[string]string, error) {
 	ip = strings.Replace(ip, "[", "", 1)
 	ip = strings.Replace(ip, "]", "", 1)
 
-	root := repl.ReplaceAll(t.Root, ".")
+	// make sure file root is absolute
+	root, err := filepath.Abs(repl.ReplaceAll(t.Root, "."))
+	if err != nil {
+		return nil, err
+	}
+
 	fpath := r.URL.Path
 
 	// Split path in preparation for env variables.
@@ -173,8 +187,8 @@ func (t Transport) buildEnv(r *http.Request) (map[string]string, error) {
 	splitPos := t.splitPos(fpath)
 
 	// Request has the extension; path was split successfully
-	docURI := fpath[:splitPos+len(t.SplitPath)]
-	pathInfo := fpath[splitPos+len(t.SplitPath):]
+	docURI := fpath[:splitPos]
+	pathInfo := fpath[splitPos:]
 	scriptName := fpath
 
 	// Strip PATH_INFO from SCRIPT_NAME
@@ -292,7 +306,7 @@ func (t Transport) splitPos(path string) int {
 	lowerPath := strings.ToLower(path)
 	for _, split := range t.SplitPath {
 		if idx := strings.Index(lowerPath, strings.ToLower(split)); idx > -1 {
-			return idx
+			return idx + len(split)
 		}
 	}
 	return -1
diff --git a/modules/caddyhttp/reverseproxy/hosts.go b/modules/caddyhttp/reverseproxy/hosts.go
index 602aab2..a7709ee 100644
--- a/modules/caddyhttp/reverseproxy/hosts.go
+++ b/modules/caddyhttp/reverseproxy/hosts.go
@@ -17,6 +17,8 @@ package reverseproxy
 import (
 	"context"
 	"fmt"
+	"net"
+	"net/http"
 	"strconv"
 	"sync/atomic"
 
@@ -63,10 +65,10 @@ type UpstreamPool []*Upstream
 type Upstream struct {
 	Host `json:"-"`
 
-	// The [network address](/docs/json/apps/http/#servers/listen)
+	// The [network address](/docs/conventions#network-addresses)
 	// to dial to connect to the upstream. Must represent precisely
 	// one socket (i.e. no port ranges). A valid network address
-	// either has a host and port, or is a unix socket address.
+	// either has a host and port or is a unix socket address.
 	//
 	// Placeholders may be used to make the upstream dynamic, but be
 	// aware of the health check implications of this: a single
@@ -75,6 +77,11 @@ type Upstream struct {
 	// backends is down. Also be aware of open proxy vulnerabilities.
 	Dial string `json:"dial,omitempty"`
 
+	// If DNS SRV records are used for service discovery with this
+	// upstream, specify the DNS name for which to look up SRV
+	// records here, instead of specifying a dial address.
+	LookupSRV string `json:"lookup_srv,omitempty"`
+
 	// The maximum number of simultaneous requests to allow to
 	// this upstream. If set, overrides the global passive health
 	// check UnhealthyRequestCount value.
@@ -118,6 +125,47 @@ func (u *Upstream) Full() bool {
 	return u.MaxRequests > 0 && u.Host.NumRequests() >= u.MaxRequests
 }
 
+// fillDialInfo returns a filled DialInfo for upstream u, using the request
+// context. If the upstream has a SRV lookup configured, that is done and a
+// returned address is chosen; otherwise, the upstream's regular dial address
+// field is used. Note that the returned value is not a pointer.
+func (u *Upstream) fillDialInfo(r *http.Request) (DialInfo, error) {
+	repl := r.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer)
+	var addr caddy.ParsedAddress
+
+	if u.LookupSRV != "" {
+		// perform DNS lookup for SRV records and choose one
+		srvName := repl.ReplaceAll(u.LookupSRV, "")
+		_, records, err := net.DefaultResolver.LookupSRV(r.Context(), "", "", srvName)
+		if err != nil {
+			return DialInfo{}, err
+		}
+		addr.Network = "tcp"
+		addr.Host = records[0].Target
+		addr.StartPort, addr.EndPort = uint(records[0].Port), uint(records[0].Port)
+	} else {
+		// use provided dial address
+		var err error
+		dial := repl.ReplaceAll(u.Dial, "")
+		addr, err = caddy.ParseNetworkAddress(dial)
+		if err != nil {
+			return DialInfo{}, fmt.Errorf("upstream %s: invalid dial address %s: %v", u.Dial, dial, err)
+		}
+		if numPorts := addr.PortRangeSize(); numPorts != 1 {
+			return DialInfo{}, fmt.Errorf("upstream %s: dial address must represent precisely one socket: %s represents %d",
+				u.Dial, dial, numPorts)
+		}
+	}
+
+	return DialInfo{
+		Upstream: u,
+		Network:  addr.Network,
+		Address:  addr.JoinHostPort(0),
+		Host:     addr.Host,
+		Port:     strconv.Itoa(int(addr.StartPort)),
+	}, nil
+}
+
 // upstreamHost is the basic, in-memory representation
 // of the state of a remote host. It implements the
 // Host interface.
@@ -204,27 +252,6 @@ func (di DialInfo) String() string {
 	return caddy.JoinNetworkAddress(di.Network, di.Host, di.Port)
 }
 
-// fillDialInfo returns a filled DialInfo for the given upstream, using
-// the given Replacer. Note that the returned value is not a pointer.
-func fillDialInfo(upstream *Upstream, repl *caddy.Replacer) (DialInfo, error) {
-	dial := repl.ReplaceAll(upstream.Dial, "")
-	addr, err := caddy.ParseNetworkAddress(dial)
-	if err != nil {
-		return DialInfo{}, fmt.Errorf("upstream %s: invalid dial address %s: %v", upstream.Dial, dial, err)
-	}
-	if numPorts := addr.PortRangeSize(); numPorts != 1 {
-		return DialInfo{}, fmt.Errorf("upstream %s: dial address must represent precisely one socket: %s represents %d",
-			upstream.Dial, dial, numPorts)
-	}
-	return DialInfo{
-		Upstream: upstream,
-		Network:  addr.Network,
-		Address:  addr.JoinHostPort(0),
-		Host:     addr.Host,
-		Port:     strconv.Itoa(int(addr.StartPort)),
-	}, nil
-}
-
 // GetDialInfo gets the upstream dialing info out of the context,
 // and returns true if there was a valid value; false otherwise.
 func GetDialInfo(ctx context.Context) (DialInfo, bool) {
diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go
index 4837736..918f7a6 100644
--- a/modules/caddyhttp/reverseproxy/reverseproxy.go
+++ b/modules/caddyhttp/reverseproxy/reverseproxy.go
@@ -313,7 +313,7 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyht
 		// the dial address may vary per-request if placeholders are
 		// used, so perform those replacements here; the resulting
 		// DialInfo struct should have valid network address syntax
-		dialInfo, err := fillDialInfo(upstream, repl)
+		dialInfo, err := upstream.fillDialInfo(r)
 		if err != nil {
 			return fmt.Errorf("making dial info: %v", err)
 		}