From f6900fcf530e80c921dac8e4f09996cffce7f436 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Fri, 6 May 2022 10:50:26 -0400 Subject: reverseproxy: Support performing pre-check requests (#4739) --- .../caddyfile_adapt/forward_auth_authelia.txt | 137 +++++++++++++++++++++ .../caddyfile_adapt/reverse_proxy_options.txt | 34 +++-- 2 files changed, 152 insertions(+), 19 deletions(-) create mode 100644 caddytest/integration/caddyfile_adapt/forward_auth_authelia.txt (limited to 'caddytest') diff --git a/caddytest/integration/caddyfile_adapt/forward_auth_authelia.txt b/caddytest/integration/caddyfile_adapt/forward_auth_authelia.txt new file mode 100644 index 0000000..e7cbb0f --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/forward_auth_authelia.txt @@ -0,0 +1,137 @@ +app.example.com { + forward_auth authelia:9091 { + uri /api/verify?rd=https://authelia.example.com + copy_headers Remote-User Remote-Groups Remote-Name Remote-Email + } + + reverse_proxy backend:8080 +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":443" + ], + "routes": [ + { + "match": [ + { + "host": [ + "app.example.com" + ] + } + ], + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "handle_response": [ + { + "match": { + "status_code": [ + 2 + ] + }, + "routes": [ + { + "handle": [ + { + "handler": "headers", + "request": { + "set": { + "Remote-Email": [ + "{http.reverse_proxy.header.Remote-Email}" + ], + "Remote-Groups": [ + "{http.reverse_proxy.header.Remote-Groups}" + ], + "Remote-Name": [ + "{http.reverse_proxy.header.Remote-Name}" + ], + "Remote-User": [ + "{http.reverse_proxy.header.Remote-User}" + ] + } + } + } + ] + } + ] + }, + { + "routes": [ + { + "handle": [ + { + "exclude": [ + "Connection", + "Keep-Alive", + "Te", + "Trailers", + "Transfer-Encoding", + "Upgrade" + ], + "handler": "copy_response_headers" + } + ] + }, + { + "handle": [ + { + "handler": "copy_response" + } + ] + } + ] + } + ], + "handler": "reverse_proxy", + "headers": { + "request": { + "set": { + "X-Forwarded-Method": [ + "{http.request.method}" + ], + "X-Forwarded-Uri": [ + "{http.request.uri}" + ] + } + } + }, + "rewrite": { + "method": "GET", + "uri": "/api/verify?rd=https://authelia.example.com" + }, + "upstreams": [ + { + "dial": "authelia:9091" + } + ] + }, + { + "handler": "reverse_proxy", + "upstreams": [ + { + "dial": "backend:8080" + } + ] + } + ] + } + ] + } + ], + "terminal": true + } + ] + } + } + } + } +} \ No newline at end of file diff --git a/caddytest/integration/caddyfile_adapt/reverse_proxy_options.txt b/caddytest/integration/caddyfile_adapt/reverse_proxy_options.txt index e41b900..fc07698 100644 --- a/caddytest/integration/caddyfile_adapt/reverse_proxy_options.txt +++ b/caddytest/integration/caddyfile_adapt/reverse_proxy_options.txt @@ -1,11 +1,11 @@ https://example.com { - reverse_proxy /path http://localhost:54321 { - header_up Host {host} - header_up X-Real-IP {remote} - header_up X-Forwarded-For {remote} - header_up X-Forwarded-Port {server_port} - header_up X-Forwarded-Proto "http" + reverse_proxy /path https://localhost:54321 { + header_up Host {upstream_hostport} + header_up Foo bar + + method GET + rewrite /rewritten?uri={uri} buffer_requests @@ -58,24 +58,19 @@ https://example.com { "headers": { "request": { "set": { - "Host": [ - "{http.request.host}" - ], - "X-Forwarded-For": [ - "{http.request.remote}" - ], - "X-Forwarded-Port": [ - "{server_port}" + "Foo": [ + "bar" ], - "X-Forwarded-Proto": [ - "http" - ], - "X-Real-Ip": [ - "{http.request.remote}" + "Host": [ + "{http.reverse_proxy.upstream.hostport}" ] } } }, + "rewrite": { + "method": "GET", + "uri": "/rewritten?uri={http.request.uri}" + }, "transport": { "compression": false, "dial_fallback_delay": 5000000000, @@ -96,6 +91,7 @@ https://example.com { ] }, "response_header_timeout": 8000000000, + "tls": {}, "versions": [ "h2c", "2" -- cgit v1.2.3