Re: [PATCH] FEATURE/MAJOR: Add upstream-proxy-tunnel feature

Tue, 11 Jun 2024 15:58:05 -0700 

Hi Dave.

Thank you for your test and feedback.

When you put this line into backend, will this be better?

```
tcp-request connection upstream-proxy-header HOST www.httpbun.com
```

Regards
Alex

On 2024-06-11 (Di.) 23:52, Dave Cottlehuber wrote:

On Mon, 10 Jun 2024, at 22:09, Aleksandar Lazic wrote:

It is now possible to set via "tcp-request connection upstream-proxy-header"
headers for the upstream proxy

```
tcp-request connection upstream-proxy-header Host www.test1.com
tcp-request connection upstream-proxy-header Proxy-Authorization "basic
base64-value"
```


Thanks Alex!

## sending CONNECT & headers

A simple `listen` server works, but a split frontend/backend one doesn't,
no headers are present in tcpdump/ngrep nor in debug.

I read the header iteration function and I'm not sure what the difference
is, I guess the backend doesn't see the frontend header structure?

### works

listen stream_fe
   bind            :::443        v4v6
   mode tcp
   option tcplog
   tcp-request connection upstream-proxy-header HOST www.httpbun.com
   server stream www.httpbun.com:443 upstream-proxy-tunnel 123.45.67.89:8000

## headers missing when split frontend/backend

frontend stream_fe
   bind            :::443        v4v6
   mode tcp
   option tcplog
   tcp-request connection upstream-proxy-header HOST www.httpbun.com
   default_backend stream_be

backend stream_be
   server stream www.httpbun.com:443 upstream-proxy-tunnel 123.45.67.89:8000

In the failing case, `mtrash->orig` shows it as empty, when I uncomment
your DPRINTF line. Looking at starutp log it captures the header from
the config correctly:

==== debug ========
... config phase ...

Header name :HOST:
Header value :www.httpbun.com:
name  :HOST:
value :www.httpbun.com:

.... so far so good...

... proxy phase ...

HTTP TUNNEL SEND start
proxy->id :stream_be:
hostname: www.httpbun.com
trash->data :38:
connect_length :39:
trash->data :40:
trash->orig :CONNECT www.httpbun.com:443 HTTP/1.1

... there should be more in orig here ...

====================

the working single listen version shows iterating over the headers:

list each name  :HOST:
list each value :www.httpbin.org:

Built with:
$ gmake -j32 USE_ZLIB=1 USE_OPENSSL=1 USE_THREAD=1 USE_STATIC_PCRE2=1 
USE_PCRE2_JIT=1 TARGET=freebsd DEFINE='-DFREEBSD_PORTS -DDEBUG_FULL'

Run with:
$ ./haproxy -d -db -V -f /usr/local/etc/haproxy/haproxy.conf

Either way, I didn't get to make a tcp connection through, this might need some
more tcpdump work tomorrow.

A+
Dave

Reply via email to