mirror of
https://github.com/traefik/traefik.git
synced 2025-11-04 02:11:15 +01:00
101 lines
2.9 KiB
Go
101 lines
2.9 KiB
Go
package server
|
|
|
|
import (
|
|
"crypto/tls"
|
|
"crypto/x509"
|
|
"errors"
|
|
"net"
|
|
"net/http"
|
|
"time"
|
|
|
|
"github.com/containous/traefik/v2/pkg/config/static"
|
|
"github.com/containous/traefik/v2/pkg/log"
|
|
traefiktls "github.com/containous/traefik/v2/pkg/tls"
|
|
"golang.org/x/net/http2"
|
|
)
|
|
|
|
type h2cTransportWrapper struct {
|
|
*http2.Transport
|
|
}
|
|
|
|
func (t *h2cTransportWrapper) RoundTrip(req *http.Request) (*http.Response, error) {
|
|
req.URL.Scheme = "http"
|
|
return t.Transport.RoundTrip(req)
|
|
}
|
|
|
|
// createHTTPTransport creates an http.Transport configured with the Transport configuration settings.
|
|
// For the settings that can't be configured in Traefik it uses the default http.Transport settings.
|
|
// An exception to this is the MaxIdleConns setting as we only provide the option MaxIdleConnsPerHost
|
|
// in Traefik at this point in time. Setting this value to the default of 100 could lead to confusing
|
|
// behavior and backwards compatibility issues.
|
|
func createHTTPTransport(transportConfiguration *static.ServersTransport) (*http.Transport, error) {
|
|
if transportConfiguration == nil {
|
|
return nil, errors.New("no transport configuration given")
|
|
}
|
|
|
|
dialer := &net.Dialer{
|
|
Timeout: 30 * time.Second,
|
|
KeepAlive: 30 * time.Second,
|
|
DualStack: true,
|
|
}
|
|
|
|
if transportConfiguration.ForwardingTimeouts != nil {
|
|
dialer.Timeout = time.Duration(transportConfiguration.ForwardingTimeouts.DialTimeout)
|
|
}
|
|
|
|
transport := &http.Transport{
|
|
Proxy: http.ProxyFromEnvironment,
|
|
DialContext: dialer.DialContext,
|
|
MaxIdleConnsPerHost: transportConfiguration.MaxIdleConnsPerHost,
|
|
IdleConnTimeout: 90 * time.Second,
|
|
TLSHandshakeTimeout: 10 * time.Second,
|
|
ExpectContinueTimeout: 1 * time.Second,
|
|
}
|
|
|
|
transport.RegisterProtocol("h2c", &h2cTransportWrapper{
|
|
Transport: &http2.Transport{
|
|
DialTLS: func(netw, addr string, cfg *tls.Config) (net.Conn, error) {
|
|
return net.Dial(netw, addr)
|
|
},
|
|
AllowHTTP: true,
|
|
},
|
|
})
|
|
|
|
if transportConfiguration.ForwardingTimeouts != nil {
|
|
transport.ResponseHeaderTimeout = time.Duration(transportConfiguration.ForwardingTimeouts.ResponseHeaderTimeout)
|
|
transport.IdleConnTimeout = time.Duration(transportConfiguration.ForwardingTimeouts.IdleConnTimeout)
|
|
}
|
|
|
|
if transportConfiguration.InsecureSkipVerify {
|
|
transport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
|
|
}
|
|
|
|
if len(transportConfiguration.RootCAs) > 0 {
|
|
transport.TLSClientConfig = &tls.Config{
|
|
RootCAs: createRootCACertPool(transportConfiguration.RootCAs),
|
|
}
|
|
}
|
|
|
|
err := http2.ConfigureTransport(transport)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return transport, nil
|
|
}
|
|
|
|
func createRootCACertPool(rootCAs []traefiktls.FileOrContent) *x509.CertPool {
|
|
roots := x509.NewCertPool()
|
|
|
|
for _, cert := range rootCAs {
|
|
certContent, err := cert.Read()
|
|
if err != nil {
|
|
log.WithoutContext().Error("Error while read RootCAs", err)
|
|
continue
|
|
}
|
|
roots.AppendCertsFromPEM(certContent)
|
|
}
|
|
|
|
return roots
|
|
}
|