Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support ALPN for TCP + TLS routers #8913

Merged
merged 10 commits into from Jul 7, 2022
Merged

Support ALPN for TCP + TLS routers #8913

merged 10 commits into from Jul 7, 2022

Conversation

dsseng
Copy link
Contributor

@dsseng dsseng commented Apr 3, 2022
edited by ldez

What does this PR do?

Support matching ALPN protocols when initiating connection with a TLS client, thus allowing to multiplex different service behind a single TLS entrypoint (e.g. handling h2 in Traefik and connecting mqtt to an MQTT broker)

Motivation

fixes #7906

More

  • Added/updated tests
  • Added/updated documentation

Additional Notes

Tested using client code from https://github.com/jefferai/golang-alpn-example/blob/master/alpnexample.go as foo protocol (On Go 1.16) and Chrome M102 as h2 client

@dsseng
Copy link
Contributor Author

dsseng commented Apr 3, 2022

This draft can be reviewed, code does the expected things, but docs and probably tests are left to be done

@dsseng dsseng marked this pull request as ready for review April 3, 2022 05:56
@rtribotte rtribotte added this to To review in v2 via automation Apr 4, 2022
@dsseng
Copy link
Contributor Author

dsseng commented May 6, 2022

Validate broke due to "misspell" triggering by mosquitto and Semaphore tests do not seem to be related to the topic of changes.

@rtribotte
Copy link
Member

Hello @sh7dm,

Validate broke due to "misspell" triggering by mosquitto and Semaphore tests do not seem to be related to the topic of changes.

No worries, we will take a look at the unit tests during the review phase.
We will come back to you once the design review iteration is done.
Just to let you know, as of now, we are wondering about the interactions when using this matcher with ACME challenges enabled.

@dsseng
Copy link
Contributor Author

dsseng commented May 9, 2022

I have tested that, looks like nothing broke, but it should be reviewed to ensure it fits great and does not induce a risk of regressions. Thanks for informing!

rtribotte
rtribotte approved these changes Jun 14, 2022
View reviewed changes
Copy link
Member

@rtribotte rtribotte left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks 👍

@rtribotte rtribotte added this to the next milestone Jun 14, 2022
dsseng and others added 7 commits July 6, 2022 17:06
@dsseng @tomMoulard
Support ALPN for TCP + TLS routers
c564009 
Add a rule matcher ALPN(proto) for matching any of available protocols, able to take over default handlers like h2

Signed-off-by: Dmitry Sharshakov <d3dx12.xx@gmail.com>
@dsseng @tomMoulard
Fix lint
8eec0d9 
Signed-off-by: Dmitry Sharshakov <d3dx12.xx@gmail.com>
@dsseng @tomMoulard
Add tests for ALPN matcher
3558ceb 
Signed-off-by: Dmitry Sharshakov <d3dx12.xx@gmail.com>
@dsseng @tomMoulard
Add docs for ALPN matcher
a2427d2 
Signed-off-by: Dmitry Sharshakov <d3dx12.xx@gmail.com>
@rtribotte @tomMoulard
review
bf2a486
@rtribotte @tomMoulard
review
4fec5ce
@tomMoulard
review: add regression tests
df450e8
tomMoulard
tomMoulard approved these changes Jul 6, 2022
View reviewed changes
Copy link
Member

@tomMoulard tomMoulard left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👌

mpl
mpl reviewed Jul 7, 2022
View reviewed changes
pkg/muxer/tcp/mux.go Outdated Show resolved Hide resolved
dsseng and others added 3 commits July 7, 2022 15:14
@dsseng @mpl
Clarify docs on status of ACME-TLS/1
6eb7c14 
Co-authored-by: mpl <mathieu.lonjaret@gmail.com>
@dsseng @mpl
Update pkg/muxer/tcp/mux.go
69772d7 
Co-authored-by: mpl <mathieu.lonjaret@gmail.com>
@mpl
cleanup clientHelloInfo signature
5f39d25
mpl
mpl approved these changes Jul 7, 2022
View reviewed changes
Copy link
Collaborator

@mpl mpl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking at the code again, I'm confused by some aspects of the (existing) behaviour of clientHelloInfo, but double-checking that is out of the scope of this PR. Will do later.

@traefiker traefiker merged commit 4dc379c into traefik:master Jul 7, 2022
v2 automation moved this from To review to Done Jul 7, 2022
@saqeria saqeria mentioned this pull request May 22, 2023
Closed
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mpl mpl mpl approved these changes

@tomMoulard tomMoulard tomMoulard approved these changes

@rtribotte rtribotte rtribotte approved these changes

Assignees
No one assigned
Labels
area/rules area/tcp kind/enhancement a new or improved feature. size/S
Projects
No open projects
v2
Done
Milestone
2.9
Development

Successfully merging this pull request may close these issues.

Feature request: ALPN rule for tcp routers
5 participants
@dsseng @rtribotte @mpl @tomMoulard @traefiker