Merge pull request #115 from junkurihara/feat/hyper-1.0

feat: hyper-1.0 along with some breaking changes and dramatic code refactoring

.dockerignore

@@ -4,3 +4,4 @@ bench/
 .private/
 .github/
 example-certs/
+legacy-lib/

.github/workflows/release.yml

@@ -44,35 +44,35 @@ jobs:
             platform: linux/arm64
             tags-suffix: "-s2n"
 
-          - target: "gnu"
-            build-feature: "-native-roots"
-            platform: linux/amd64
-            tags-suffix: "-native-roots"
-
-          - target: "gnu"
-            build-feature: "-native-roots"
-            platform: linux/arm64
-            tags-suffix: "-native-roots"
-
-          - target: "musl"
-            build-feature: "-native-roots"
-            platform: linux/amd64
-            tags-suffix: "-slim-native-roots"
-
-          - target: "musl"
-            build-feature: "-native-roots"
-            platform: linux/arm64
-            tags-suffix: "-slim-native-roots"
-
-          - target: "gnu"
-            build-feature: "-s2n-native-roots"
-            platform: linux/amd64
-            tags-suffix: "-s2n-native-roots"
-
-          - target: "gnu"
-            build-feature: "-s2n-native-roots"
-            platform: linux/arm64
-            tags-suffix: "-s2n-native-roots"
+          # - target: "gnu"
+          #   build-feature: "-native-roots"
+          #   platform: linux/amd64
+          #   tags-suffix: "-native-roots"
+
+          # - target: "gnu"
+          #   build-feature: "-native-roots"
+          #   platform: linux/arm64
+          #   tags-suffix: "-native-roots"
+
+          # - target: "musl"
+          #   build-feature: "-native-roots"
+          #   platform: linux/amd64
+          #   tags-suffix: "-slim-native-roots"
+
+          # - target: "musl"
+          #   build-feature: "-native-roots"
+          #   platform: linux/arm64
+          #   tags-suffix: "-slim-native-roots"
+
+          # - target: "gnu"
+          #   build-feature: "-s2n-native-roots"
+          #   platform: linux/amd64
+          #   tags-suffix: "-s2n-native-roots"
+
+          # - target: "gnu"
+          #   build-feature: "-s2n-native-roots"
+          #   platform: linux/arm64
+          #   tags-suffix: "-s2n-native-roots"
 
     steps:
       - run: "echo 'The relese triggering workflows passed'"
@@ -81,8 +81,8 @@ jobs:
         id: "set-env"
         run: |
           if [ ${{ matrix.platform }} == 'linux/amd64' ]; then PLATFORM_MAP="x86_64"; else PLATFORM_MAP="aarch64"; fi
-          if [ ${{ github.ref_name }} == 'develop' ]; then BUILD_NAME="-nightly"; else BUILD_NAME=""; fi
-          if [ ${{ github.ref_name }} == 'develop' ]; then BUILD_IMG="nightly"; else BUILD_IMG="latest"; fi
+          if [ ${{ github.ref_name == 'develop' && github.event.client_payload.pull_request.head == 'develop' && github.event.client_payload.pull_request.base == 'main' }} || ${{ github.ref_name == 'main' }}]; then BUILD_NAME=""; else BUILD_NAME="-nightly"; fi
+          if [ ${{ github.ref_name }} == 'main' ]; then BUILD_IMG="latest"; else BUILD_IMG="nightly"; fi
           echo "build_img=${BUILD_IMG}" >> $GITHUB_OUTPUT
           echo "target_name=rpxy${BUILD_NAME}-${PLATFORM_MAP}-unknown-linux-${{ matrix.target }}${{ matrix.build-feature }}" >> $GITHUB_OUTPUT
 
@@ -93,7 +93,7 @@ jobs:
           docker cp ${CONTAINER_ID}:/rpxy/bin/rpxy /tmp/${{ steps.set-env.outputs.target_name }}
 
       - name: "upload artifacts"
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: ${{ steps.set-env.outputs.target_name }}
           path: "/tmp/${{ steps.set-env.outputs.target_name }}"
@@ -122,7 +122,7 @@ jobs:
 
       - name: download artifacts
         if: ${{ steps.regex-match.outputs.match != ''}}
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           path: /tmp/rpxy
 

.github/workflows/release_docker.yml

@@ -44,7 +44,7 @@ jobs:
           - target: "s2n"
             dockerfile: ./docker/Dockerfile
             build-args: |
-              "CARGO_FEATURES=--no-default-features --features=http3-s2n,cache"
+              "CARGO_FEATURES=--no-default-features --features=http3-s2n,cache,native-tls-backend"
               "ADDITIONAL_DEPS=pkg-config libssl-dev cmake libclang1 gcc g++"
             platforms: linux/amd64,linux/arm64
             tags-suffix: "-s2n"
@@ -53,42 +53,42 @@ jobs:
               jqtype/rpxy:s2n
               ghcr.io/junkurihara/rust-rpxy:s2n
 
-          - target: "native-roots"
-            dockerfile: ./docker/Dockerfile
-            platforms: linux/amd64,linux/arm64
-            build-args: |
-              "CARGO_FEATURES=--no-default-features --features=http3-quinn,cache,native-roots"
-            tags-suffix: "-native-roots"
-            # Aliases must be used only for release builds
-            aliases: |
-              jqtype/rpxy:native-roots
-              ghcr.io/junkurihara/rust-rpxy:native-roots
-
-          - target: "slim-native-roots"
-            dockerfile: ./docker/Dockerfile-slim
-            build-args: |
-              "CARGO_FEATURES=--no-default-features --features=http3-quinn,cache,native-roots"
-            build-contexts: |
-              messense/rust-musl-cross:amd64-musl=docker-image://messense/rust-musl-cross:x86_64-musl
-              messense/rust-musl-cross:arm64-musl=docker-image://messense/rust-musl-cross:aarch64-musl
-            platforms: linux/amd64,linux/arm64
-            tags-suffix: "-slim-native-roots"
-            # Aliases must be used only for release builds
-            aliases: |
-              jqtype/rpxy:slim-native-roots
-              ghcr.io/junkurihara/rust-rpxy:slim-native-roots
-
-          - target: "s2n-native-roots"
-            dockerfile: ./docker/Dockerfile
-            build-args: |
-              "CARGO_FEATURES=--no-default-features --features=http3-s2n,cache,native-roots"
-              "ADDITIONAL_DEPS=pkg-config libssl-dev cmake libclang1 gcc g++"
-            platforms: linux/amd64,linux/arm64
-            tags-suffix: "-s2n-native-roots"
-            # Aliases must be used only for release builds
-            aliases: |
-              jqtype/rpxy:s2n-native-roots
-              ghcr.io/junkurihara/rust-rpxy:s2n-native-roots
+          # - target: "native-roots"
+          #   dockerfile: ./docker/Dockerfile
+          #   platforms: linux/amd64,linux/arm64
+          #   build-args: |
+          #     "CARGO_FEATURES=--no-default-features --features=http3-quinn,cache,native-roots"
+          #   tags-suffix: "-native-roots"
+          #   # Aliases must be used only for release builds
+          #   aliases: |
+          #     jqtype/rpxy:native-roots
+          #     ghcr.io/junkurihara/rust-rpxy:native-roots
+
+          # - target: "slim-native-roots"
+          #   dockerfile: ./docker/Dockerfile-slim
+          #   build-args: |
+          #     "CARGO_FEATURES=--no-default-features --features=http3-quinn,cache,native-roots"
+          #   build-contexts: |
+          #     messense/rust-musl-cross:amd64-musl=docker-image://messense/rust-musl-cross:x86_64-musl
+          #     messense/rust-musl-cross:arm64-musl=docker-image://messense/rust-musl-cross:aarch64-musl
+          #   platforms: linux/amd64,linux/arm64
+          #   tags-suffix: "-slim-native-roots"
+          #   # Aliases must be used only for release builds
+          #   aliases: |
+          #     jqtype/rpxy:slim-native-roots
+          #     ghcr.io/junkurihara/rust-rpxy:slim-native-roots
+
+          # - target: "s2n-native-roots"
+          #   dockerfile: ./docker/Dockerfile
+          #   build-args: |
+          #     "CARGO_FEATURES=--no-default-features --features=http3-s2n,cache,native-roots"
+          #     "ADDITIONAL_DEPS=pkg-config libssl-dev cmake libclang1 gcc g++"
+          #   platforms: linux/amd64,linux/arm64
+          #   tags-suffix: "-s2n-native-roots"
+          #   # Aliases must be used only for release builds
+          #   aliases: |
+          #     jqtype/rpxy:s2n-native-roots
+          #     ghcr.io/junkurihara/rust-rpxy:s2n-native-roots
 
     steps:
       - name: Checkout

.gitmodules

@@ -1,12 +1,6 @@
 [submodule "submodules/h3"]
 	path = submodules/h3
 	url = [email protected]:junkurihara/h3.git
-[submodule "submodules/quinn"]
-	path = submodules/quinn
-	url = [email protected]:junkurihara/quinn.git
-[submodule "submodules/s2n-quic"]
-	path = submodules/s2n-quic
-	url = [email protected]:junkurihara/s2n-quic.git
 [submodule "submodules/rusty-http-cache-semantics"]
 	path = submodules/rusty-http-cache-semantics
 	url = [email protected]:junkurihara/rusty-http-cache-semantics.git

CHANGELOG.md

@@ -2,6 +2,13 @@
 
 ## 0.7.0  (unreleased)
 
+- Breaking: `hyper`-1.0 for both server and client modules.
+- Breaking: Remove `override_host` option in upstream options. Add a reverse option, i.e., `disable_override_host`. That is, `rpxy` always override the host header by the upstream hostname by default.
+- Breaking: Introduced `native-tls-backend` feature to use the native TLS engine to access backend applications.
+- Redesigned: Cache structure is totally redesigned with more memory-efficient way to read from cache file, and more secure way to strongly bind memory-objects with files with hash values.
+- Redesigned: HTTP body handling flow is also redesigned with more memory-and-time efficient techniques without putting the whole objects on memory by using `futures::stream::Stream` and `futures::channel::mpsc`
+- Refactor: lots of minor improvements
+
 ## 0.6.2
 
 ### Improvement

README.md

@@ -104,11 +104,11 @@ If you want to host multiple and distinct domain names in a single IP address/po
 ```toml
 default_application = "app1"
 
-[app.app1]
+[apps.app1]
 server_name = "app1.example.com"
 #...
 
-[app.app2]
+[apps.app2]
 server_name = "app2.example.org"
 #...
 ```

TODO.md

@@ -1,9 +1,11 @@
 # TODO List
 
+- Support of `rustls-0.22` along with `hyper-1.0`. Maybe `hyper-rustls` is the most difficult part.
 - [Done in 0.6.0] But we need more sophistication on `Forwarder` struct. ~~Fix strategy for `h2c` requests on forwarded requests upstream. This needs to update forwarder definition. Also, maybe forwarder would have a cache corresponding to the following task.~~
 - [Initial implementation in v0.6.0] ~~**Cache option for the response with `Cache-Control: public` header directive ([#55](https://github.com/junkurihara/rust-rpxy/issues/55))**~~ Using `lru` crate might be inefficient in terms of the speed.
   - Consider more sophisticated architecture for cache
   - Persistent cache (if possible).
+  - More secure cache file object naming
   - etc etc
 - Improvement of path matcher
 - More flexible option for rewriting path

config-example.toml

@@ -57,8 +57,8 @@ upstream = [
 ]
 load_balance = "round_robin" # or "random" or "sticky" (sticky session) or "none" (fix to the first one, default)
 upstream_options = [
-  "override_host",
-  "force_http2_upstream", # mutually exclusive with "force_http11_upstream"
+  "disable_override_host", # do not overwrite HOST value with upstream hostname (like 192.168.xx.x seen from rpxy)
+  "force_http2_upstream",  # mutually exclusive with "force_http11_upstream"
 ]
 
 # Non-default destination in "localhost" app, which is routed by "path"
@@ -76,7 +76,7 @@ upstream = [
 ]
 load_balance = "random" # or "round_robin" or "sticky" (sticky session) or "none" (fix to the first one, default)
 upstream_options = [
-  "override_host",
+  "disable_override_host",
   "upgrade_insecure_requests",
   "force_http11_upstream",
 ]

legacy-lib/Cargo.toml

@@ -0,0 +1,89 @@
+[package]
+name = "rpxy-lib-legacy"
+version = "0.6.2"
+authors = ["Jun Kurihara"]
+homepage = "https://github.com/junkurihara/rust-rpxy"
+repository = "https://github.com/junkurihara/rust-rpxy"
+license = "MIT"
+readme = "../README.md"
+edition = "2021"
+publish = false
+
+# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
+
+[features]
+default = ["http3-quinn", "sticky-cookie", "cache"]
+http3-quinn = ["quinn", "h3", "h3-quinn", "socket2"]
+http3-s2n = ["h3", "s2n-quic", "s2n-quic-rustls", "s2n-quic-h3"]
+sticky-cookie = ["base64", "sha2", "chrono"]
+cache = ["http-cache-semantics", "lru"]
+native-roots = ["hyper-rustls/native-tokio"]
+
+[dependencies]
+rand = "0.8.5"
+rustc-hash = "1.1.0"
+bytes = "1.5.0"
+derive_builder = "0.12.0"
+futures = { version = "0.3.29", features = ["alloc", "async-await"] }
+tokio = { version = "1.34.0", default-features = false, features = [
+  "net",
+  "rt-multi-thread",
+  "time",
+  "sync",
+  "macros",
+  "fs",
+] }
+async-trait = "0.1.74"
+hot_reload = "0.1.4" # reloading certs
+
+# Error handling
+anyhow = "1.0.75"
+thiserror = "1.0.50"
+
+# http and tls
+http = "1.0.0"
+http-body-util = "0.1.0"
+hyper = { version = "1.0.1", default-features = false }
+hyper-util = { version = "0.1.1", features = ["full"] }
+hyper-rustls = { version = "0.24.2", default-features = false, features = [
+  "tokio-runtime",
+  "webpki-tokio",
+  "http1",
+  "http2",
+] }
+tokio-rustls = { version = "0.24.1", features = ["early-data"] }
+rustls = { version = "0.21.9", default-features = false }
+webpki = "0.22.4"
+x509-parser = "0.15.1"
+
+# logging
+tracing = { version = "0.1.40" }
+
+# http/3
+quinn = { version = "0.10.2", optional = true }
+h3 = { path = "../submodules/h3/h3/", optional = true }
+h3-quinn = { path = "../submodules/h3/h3-quinn/", optional = true }
+s2n-quic = { version = "1.31.0", default-features = false, features = [
+  "provider-tls-rustls",
+], optional = true }
+s2n-quic-h3 = { path = "../submodules/s2n-quic-h3/", optional = true }
+s2n-quic-rustls = { version = "0.31.0", optional = true }
+# for UDP socket wit SO_REUSEADDR when h3 with quinn
+socket2 = { version = "0.5.5", features = ["all"], optional = true }
+
+# cache
+http-cache-semantics = { path = "../submodules/rusty-http-cache-semantics/", optional = true }
+lru = { version = "0.12.0", optional = true }
+
+# cookie handling for sticky cookie
+chrono = { version = "0.4.31", default-features = false, features = [
+  "unstable-locales",
+  "alloc",
+  "clock",
+], optional = true }
+base64 = { version = "0.21.5", optional = true }
+sha2 = { version = "0.10.8", default-features = false, optional = true }
+
+
+[dev-dependencies]
+# http and tls