nicolas
/
itix-rpms
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

patch traefik for SNI wildcard

main
Nicolas Massé 5 years ago
parent
158e720bad
commit
2d918393e6
2 changed files with 95 additions and 12 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 69
      rpmbuild/SOURCES/traefik-sni.patch
  2. 38
      rpmbuild/SPECS/traefik.spec

69
rpmbuild/SOURCES/traefik-sni.patch
View File

@ -0,0 +1,69 @@
diff --git a/integration/fixtures/tcp/mixed.toml b/integration/fixtures/tcp/mixed.toml
index 38d852e7..0e02b45f 100644
--- a/integration/fixtures/tcp/mixed.toml
+++ b/integration/fixtures/tcp/mixed.toml
@@ -56,6 +56,13 @@
entryPoints = [ "tcp" ]
[tcp.routers.to-whoami-no-cert.tls]
+ [tcp.routers.to-whoami-wildcard]
+ rule = "HostSNI(`*.whoami-a.test`)"
+ service = "whoami-a"
+ entryPoints = [ "tcp" ]
+ [tcp.routers.to-whoami-wildcard.tls]
+ passthrough = true
+
[tcp.services.whoami-a.loadBalancer]
[[tcp.services.whoami-a.loadBalancer.servers]]
address = "localhost:8081"
diff --git a/integration/tcp_test.go b/integration/tcp_test.go
index 16b1c8e4..dc834abc 100644
--- a/integration/tcp_test.go
+++ b/integration/tcp_test.go
@@ -50,6 +50,11 @@ func (s *TCPSuite) TestMixed(c *check.C) {
c.Assert(err, checker.IsNil)
c.Assert(out, checker.Contains, "whoami-no-cert")
+ // Traefik passes through, termination of wildcard match handled by whoami-a
+ out, err = guessWho("127.0.0.1:8093", "wildcard.whoami-a.test", true)
+ c.Assert(err, checker.IsNil)
+ c.Assert(out, checker.Contains, "whoami-a")
+
tr1 := &http.Transport{
TLSClientConfig: &tls.Config{
InsecureSkipVerify: true,
diff --git a/pkg/tcp/router.go b/pkg/tcp/router.go
index ea0f406e..c3ca22ce 100644
--- a/pkg/tcp/router.go
+++ b/pkg/tcp/router.go
@@ -69,7 +69,7 @@ func (r *Router) ServeTCP(conn WriteCloser) {
// FIXME Optimize and test the routing table before helloServerName
serverName = types.CanonicalDomain(serverName)
if r.routingTable != nil && serverName != "" {
- if target, ok := r.routingTable[serverName]; ok {
+ if target, ok := r.GetTarget(serverName); ok {
target.ServeTCP(r.GetConn(conn, peeked))
return
}
@@ -88,6 +88,21 @@ func (r *Router) ServeTCP(conn WriteCloser) {
}
}
+// GetTarget finds a matching target allowing for wildcard domains.
+func (r *Router) GetTarget(serverName string) (Handler, bool) {
+ if target, ok := r.routingTable[serverName]; ok {
+ return target, true
+ }
+
+ for targetName, target := range r.routingTable {
+ if strings.HasPrefix(targetName, "*.") && strings.HasSuffix(serverName, targetName[1:]) {
+ return target, true
+ }
+ }
+
+ return nil, false
+}
+
// AddRoute defines a handler for a given sniHost (* is the only valid option).
func (r *Router) AddRoute(sniHost string, target Handler) {
if r.routingTable == nil {

38
rpmbuild/SPECS/traefik.spec
View File

@ -1,23 +1,32 @@
%global goipath github.com/traefik/traefik/v2
Version: 2.3.6
%gometa
%global common_description %{expand: Traefik (pronounced traffic) is a modern
HTTP reverse proxy and load balancer that makes deploying microservices easy.
Traefik integrates with your existing infrastructure components (Docker,
Swarm mode, Kubernetes, Marathon, Consul, Etcd, Rancher, Amazon ECS, ...)
and configures itself automatically and dynamically. Pointing Traefik at your
orchestrator should be the only onfiguration step you need.}
Name: traefik Name: traefik
Version: 2.3.4 Release: itix1
Release: itix2
Summary: The Cloud Native Application Proxy Summary: The Cloud Native Application Proxy
License: MIT License: MIT
Source0: https://github.com/traefik/%{name}/releases/download/v%{version}/%{name}_v%{version}_linux_amd64.tar.gz
ExclusiveArch: x86_64 ExclusiveArch: x86_64
URL: %{gourl}
Source0: %{gosource}
Source1: traefik.service Source1: traefik.service
Source2: traefik.yaml Source2: traefik.yaml
Patch0: traefik-sni.patch
Requires(pre): shadow-utils Requires(pre): shadow-utils
BuildRequires: systemd BuildRequires: systemd
BuildRequires: breezy
BuildRequires: golang >= 1.15
%description %description
%{common_description}
Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer
that makes deploying microservices easy. Traefik integrates with your existing
infrastructure components (Docker, Swarm mode, Kubernetes, Marathon, Consul,
Etcd, Rancher, Amazon ECS, ...) and configures itself automatically and
dynamically. Pointing Traefik at your orchestrator should be the only
onfiguration step you need.
# Since we don't recompile from source, disable the build_id checking # Since we don't recompile from source, disable the build_id checking
%global _missing_build_ids_terminate_build 0 %global _missing_build_ids_terminate_build 0
@ -25,17 +34,22 @@ onfiguration step you need.
%global debug_package %{nil} %global debug_package %{nil}
%prep %prep
%setup -q -c %setup -c
%goprep
%patch0 -p1
cp %{S:1} %{name}.service cp %{S:1} %{name}.service
cp %{S:2} %{name}.yaml cp %{S:2} %{name}.yaml
%build %build
GO111MODULE=off go get github.com/containous/go-bindata/...
go generate
CGO_ENABLED=0 GO111MODULE=on go build -o %{gobuilddir}/traefik %{goipath}/cmd/traefik
%install %install
install -d %{buildroot}/opt/%{name}/etc/ install -d %{buildroot}/opt/%{name}/etc/
install -d %{buildroot}/opt/%{name}/etc/conf.d install -d %{buildroot}/opt/%{name}/etc/conf.d
install -d %{buildroot}/srv/%{name}/ install -d %{buildroot}/srv/%{name}/
install -D traefik %{buildroot}/opt/%{name}/bin/traefik install -D %{gobuilddir}/traefik %{buildroot}/opt/traefik/bin/traefik
install -D -m 0644 %{name}.service %{buildroot}%{_unitdir}/%{name}.service install -D -m 0644 %{name}.service %{buildroot}%{_unitdir}/%{name}.service
install -D -m 0644 %{name}.yaml %{buildroot}/opt/%{name}/etc/%{name}.yaml install -D -m 0644 %{name}.yaml %{buildroot}/opt/%{name}/etc/%{name}.yaml
touch %{buildroot}/opt/%{name}/etc/%{name}.env touch %{buildroot}/opt/%{name}/etc/%{name}.env

Write Preview
Loading…
Cancel
Save