Re: [I] triple request missed http header like scheme, host etc. [dubbo-go]
2456868764 commented on issue #2642: URL: https://github.com/apache/dubbo-go/issues/2642#issuecomment-2034811336 我现在做法: dubbo-go/protocol/triple/triple_protocol/server.go 启动两个端口,一个http, 一个 HTTPS 代码如下 : ``` func (s *Server) Run() error { // todo(DMwangnima): deal with TLS // Check if both listeners are nil // todo http and https port can be different based on mutual tls mode and tls config provider existed or not httpAddr := s.addr httpsAddr := s.getHTTPSAddress(s.addr) httpOn := true httpsOn := false if s.tlsConfigProvider != nil { httpsOn = true } handler := h2c.NewHandler(s.mux, {}) setHTTPHeaders := func(h http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { headers := make(map[string]interface{}, 0) headers[constant.HttpHeaderXSchemeName] = "http" headers[constant.HttpHeaderXHostName] = r.Host headers[constant.HttpHeaderXPathName] = r.RequestURI headers[constant.HttpHeaderXMethodName] = "POST" ctx := context.WithValue(r.Context(), constant.AttachmentKey, headers) request := r.WithContext(ctx) h.ServeHTTP(w, request) }) } setHTTPSHeaders := func(h http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { headers := make(map[string]interface{}, 0) headers[constant.HttpHeaderXSchemeName] = "https" headers[constant.HttpHeaderXHostName] = r.Host headers[constant.HttpHeaderXPathName] = r.RequestURI headers[constant.HttpHeaderXMethodName] = r.Method certs := r.TLS.PeerCertificates if len(certs) > 0 { peerCert := certs[0] if len(peerCert.URIs) > 0 { spiffeURI := peerCert.URIs[0].String() // Set spiffe scheme header headers[constant.HttpHeaderXSpiffeName] = spiffeURI } } ctx := context.WithValue(r.Context(), constant.AttachmentKey, headers) request := r.WithContext(ctx) h.ServeHTTP(w, request) }) } if s.httpLn == nil && httpOn { httpLn, err := net.Listen("tcp", httpAddr) if err != nil { httpLn.Close() return err } s.httpLn = httpLn s.httpSrv = {Handler: setHTTPHeaders(handler)} } if s.httpsLn == nil && httpsOn { tlsCfg, err := s.tlsConfigProvider() if err != nil { logger.Error("can not get tls config") } httpsLn, err := tls.Listen("tcp", httpsAddr, tlsCfg) if err != nil { httpsLn.Close() return err } s.httpsLn = httpsLn s.httpsSrv = {Handler: setHTTPSHeaders(handler)} } if httpsOn { go s.httpsSrv.Serve(s.httpsLn) } // http should be on now if err := s.httpSrv.Serve(s.httpLn); err != nil { return err } return nil } ``` HTTPS 可以设置自定义头, HTTP不可以,因为http 一进来就是走了 r.Method == "PRI",这个时候不能设置自定义头。 ``` func (s h2cHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { // Handle h2c with prior knowledge (RFC 7540 Section 3.4) if r.Method == "PRI" && len(r.Header) == 0 && r.URL.Path == "*" && r.Proto == "HTTP/2.0" { if http2VerboseLogs { log.Print("h2c: attempting h2c with prior knowledge.") } } ``` 也做了其他trick做法,我现在trick做法 HTTP不设置定义头,HTTPS设置,后续在 dubbo filter 判断再补全, -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For additional commands, e-mail: notifications-h...@dubbo.apache.org
Re: [I] triple request missed http header like scheme, host etc. [dubbo-go]
2456868764 commented on issue #2642: URL: https://github.com/apache/dubbo-go/issues/2642#issuecomment-2033530141 这个设置头部做法在 http2下有问题,一开始有个 method = PRI 协商协议,这个时候是不能设置头部,否则这个协商协议就挂了,对要兼容 http2 / http1 协议不是很熟悉,对triple不是很熟悉,也尝试trick做法,写到 ctx里也是可以的,我现在也是 trick 做法只保留 https会设置头,在 mtls filter检查没有这个这些头就认为是http协议,重新设置这些头。这个issuse 还是给社区来解决 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For additional commands, e-mail: notifications-h...@dubbo.apache.org
Re: [I] triple request missed http header like scheme, host etc. [dubbo-go]
chickenlj commented on issue #2642: URL: https://github.com/apache/dubbo-go/issues/2642#issuecomment-2024297058 Solution by @2456868764 in https://github.com/apache/dubbo-go/pull/2643 ```go setHTTPSHeaders := func(h http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { // Set http scheme header r.Header.Set(":x-scheme", "https") r.Header.Set(":x-host", r.Host) r.Header.Set(":x-path", r.RequestURI) r.Header.Set(":x-method", r.Method) certs := r.TLS.PeerCertificates if len(certs) > 0 { peerCert := certs[0] if len(peerCert.URIs) > 0 { spiffeURI := peerCert.URIs[0].String() // Set spiffe scheme header r.Header.Set(":x-spiffe", spiffeURI) } } h.ServeHTTP(w, r) }) } ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For additional commands, e-mail: notifications-h...@dubbo.apache.org
[I] triple request missed http header like scheme, host etc. [dubbo-go]
2456868764 opened a new issue, #2642: URL: https://github.com/apache/dubbo-go/issues/2642 ### Environment - Server: - Client: - Protocol: - Registry: ### Issue description there is dubbo filter demo code which just output attachments : func (f *mtlsFilter) Invoke(ctx context.Context, invoker protocol.Invoker, invocation protocol.Invocation) protocol.Result { // get request schema attachments := ctx.Value(constant.AttachmentKey).(map[string]interface{}) for key, attachment := range attachments { logger.Infof("get triple attachment key %s = %s", key, attachment.([]string)[0]) } } ``` and output as follow: ``` 2024-03-22 02:15:34 INFOlogger/logging.go:42get triple attachment key [retries ] = %!s(MISSING) 2024-03-22 02:15:34 INFOlogger/logging.go:42get triple attachment key [user-agent grpc-go-triple/0.1.0 (go1.21.6)] = %!s(MISSING) 2024-03-22 02:15:34 INFOlogger/logging.go:42get triple attachment key [te trailers] = %!s(MISSING) 2024-03-22 02:15:34 INFOlogger/logging.go:42get triple attachment key [content-type application/grpc+proto] = %!s(MISSING) 2024-03-22 02:15:34 INFOlogger/logging.go:42get triple attachment key [interface greet.GreetService] = %!s(MISSING) 2024-03-22 02:15:34 INFOlogger/logging.go:42get triple attachment key [grpc-accept-encoding gzip] = %!s(MISSING) 2024-03-22 02:15:34 INFOlogger/logging.go:42get triple attachment key [timeout ] = %!s(MISSING) 2024-03-22 02:15:34 INFOlogger/logging.go:42get triple attachment key [grpc-timeout 2999023u] = %!s(MISSING) 2024-03-22 02:15:34 INFOlogger/logging.go:42get triple attachment key [accept-encoding identity] = %!s(MISSING) ``` and miss some common http header like scheme ,host etc. ### Logs Click me to check logs ``` Copy logs to here. ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For additional commands, e-mail: notifications-h...@dubbo.apache.org