2019-05-16 08:58:06 +00:00
|
|
|
package tcp
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
2020-12-09 13:16:03 +00:00
|
|
|
"crypto/tls"
|
2024-04-02 15:04:05 +00:00
|
|
|
"math"
|
2020-12-09 13:16:03 +00:00
|
|
|
"net/http"
|
|
|
|
"net/http/httptest"
|
2019-05-16 08:58:06 +00:00
|
|
|
"testing"
|
|
|
|
|
|
|
|
"github.com/stretchr/testify/assert"
|
2020-12-09 13:16:03 +00:00
|
|
|
"github.com/stretchr/testify/require"
|
2023-02-03 14:24:05 +00:00
|
|
|
"github.com/traefik/traefik/v3/pkg/config/dynamic"
|
|
|
|
"github.com/traefik/traefik/v3/pkg/config/runtime"
|
|
|
|
tcpmiddleware "github.com/traefik/traefik/v3/pkg/server/middleware/tcp"
|
|
|
|
"github.com/traefik/traefik/v3/pkg/server/service/tcp"
|
|
|
|
tcp2 "github.com/traefik/traefik/v3/pkg/tcp"
|
|
|
|
traefiktls "github.com/traefik/traefik/v3/pkg/tls"
|
2019-05-16 08:58:06 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
func TestRuntimeConfiguration(t *testing.T) {
|
|
|
|
testCases := []struct {
|
2020-12-09 13:16:03 +00:00
|
|
|
desc string
|
|
|
|
httpServiceConfig map[string]*runtime.ServiceInfo
|
|
|
|
httpRouterConfig map[string]*runtime.RouterInfo
|
|
|
|
tcpServiceConfig map[string]*runtime.TCPServiceInfo
|
|
|
|
tcpRouterConfig map[string]*runtime.TCPRouterInfo
|
|
|
|
expectedError int
|
2019-05-16 08:58:06 +00:00
|
|
|
}{
|
|
|
|
{
|
|
|
|
desc: "No error",
|
2020-12-09 13:16:03 +00:00
|
|
|
tcpServiceConfig: map[string]*runtime.TCPServiceInfo{
|
2019-05-16 08:58:06 +00:00
|
|
|
"foo-service": {
|
2019-07-10 07:26:04 +00:00
|
|
|
TCPService: &dynamic.TCPService{
|
2019-09-13 18:00:06 +00:00
|
|
|
LoadBalancer: &dynamic.TCPServersLoadBalancer{
|
2019-07-10 07:26:04 +00:00
|
|
|
Servers: []dynamic.TCPServer{
|
2019-05-16 08:58:06 +00:00
|
|
|
{
|
|
|
|
Port: "8085",
|
|
|
|
Address: "127.0.0.1:8085",
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Address: "127.0.0.1:8086",
|
|
|
|
Port: "8086",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
2020-12-09 13:16:03 +00:00
|
|
|
tcpRouterConfig: map[string]*runtime.TCPRouterInfo{
|
2019-05-16 08:58:06 +00:00
|
|
|
"foo": {
|
2019-07-10 07:26:04 +00:00
|
|
|
TCPRouter: &dynamic.TCPRouter{
|
2019-05-16 08:58:06 +00:00
|
|
|
EntryPoints: []string{"web"},
|
|
|
|
Service: "foo-service",
|
|
|
|
Rule: "HostSNI(`bar.foo`)",
|
2019-07-10 07:26:04 +00:00
|
|
|
TLS: &dynamic.RouterTCPTLSConfig{
|
2019-06-17 16:14:08 +00:00
|
|
|
Passthrough: false,
|
|
|
|
Options: "foo",
|
|
|
|
},
|
2019-05-16 08:58:06 +00:00
|
|
|
},
|
|
|
|
},
|
|
|
|
"bar": {
|
2019-07-10 07:26:04 +00:00
|
|
|
TCPRouter: &dynamic.TCPRouter{
|
2019-05-16 08:58:06 +00:00
|
|
|
EntryPoints: []string{"web"},
|
|
|
|
Service: "foo-service",
|
|
|
|
Rule: "HostSNI(`foo.bar`)",
|
2019-07-10 07:26:04 +00:00
|
|
|
TLS: &dynamic.RouterTCPTLSConfig{
|
2019-06-17 16:14:08 +00:00
|
|
|
Passthrough: false,
|
|
|
|
Options: "bar",
|
|
|
|
},
|
2019-05-16 08:58:06 +00:00
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
expectedError: 0,
|
|
|
|
},
|
2021-03-22 20:16:04 +00:00
|
|
|
{
|
|
|
|
desc: "Non-ASCII domain error",
|
|
|
|
tcpServiceConfig: map[string]*runtime.TCPServiceInfo{
|
|
|
|
"foo-service": {
|
|
|
|
TCPService: &dynamic.TCPService{
|
|
|
|
LoadBalancer: &dynamic.TCPServersLoadBalancer{
|
|
|
|
Servers: []dynamic.TCPServer{
|
|
|
|
{
|
|
|
|
Port: "8085",
|
|
|
|
Address: "127.0.0.1:8085",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
tcpRouterConfig: map[string]*runtime.TCPRouterInfo{
|
|
|
|
"foo": {
|
|
|
|
TCPRouter: &dynamic.TCPRouter{
|
|
|
|
EntryPoints: []string{"web"},
|
|
|
|
Service: "foo-service",
|
|
|
|
Rule: "HostSNI(`bàr.foo`)",
|
|
|
|
TLS: &dynamic.RouterTCPTLSConfig{
|
|
|
|
Passthrough: false,
|
|
|
|
Options: "foo",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
expectedError: 1,
|
|
|
|
},
|
2020-12-09 13:16:03 +00:00
|
|
|
{
|
|
|
|
desc: "HTTP routers with same domain but different TLS options",
|
|
|
|
httpServiceConfig: map[string]*runtime.ServiceInfo{
|
|
|
|
"foo-service": {
|
|
|
|
Service: &dynamic.Service{
|
|
|
|
LoadBalancer: &dynamic.ServersLoadBalancer{
|
|
|
|
Servers: []dynamic.Server{
|
|
|
|
{
|
|
|
|
Port: "8085",
|
|
|
|
URL: "127.0.0.1:8085",
|
|
|
|
},
|
|
|
|
{
|
|
|
|
URL: "127.0.0.1:8086",
|
|
|
|
Port: "8086",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
httpRouterConfig: map[string]*runtime.RouterInfo{
|
|
|
|
"foo": {
|
|
|
|
Router: &dynamic.Router{
|
|
|
|
EntryPoints: []string{"web"},
|
|
|
|
Service: "foo-service",
|
|
|
|
Rule: "Host(`bar.foo`)",
|
|
|
|
TLS: &dynamic.RouterTLSConfig{
|
|
|
|
Options: "foo",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
"bar": {
|
|
|
|
Router: &dynamic.Router{
|
|
|
|
EntryPoints: []string{"web"},
|
|
|
|
Service: "foo-service",
|
|
|
|
Rule: "Host(`bar.foo`) && PathPrefix(`/path`)",
|
|
|
|
TLS: &dynamic.RouterTLSConfig{
|
|
|
|
Options: "bar",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
expectedError: 2,
|
|
|
|
},
|
2019-05-16 08:58:06 +00:00
|
|
|
{
|
|
|
|
desc: "One router with wrong rule",
|
2020-12-09 13:16:03 +00:00
|
|
|
tcpServiceConfig: map[string]*runtime.TCPServiceInfo{
|
2019-05-16 08:58:06 +00:00
|
|
|
"foo-service": {
|
2019-07-10 07:26:04 +00:00
|
|
|
TCPService: &dynamic.TCPService{
|
2019-09-13 18:00:06 +00:00
|
|
|
LoadBalancer: &dynamic.TCPServersLoadBalancer{
|
2019-07-10 07:26:04 +00:00
|
|
|
Servers: []dynamic.TCPServer{
|
2019-05-16 08:58:06 +00:00
|
|
|
{
|
|
|
|
Address: "127.0.0.1:80",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
2020-12-09 13:16:03 +00:00
|
|
|
tcpRouterConfig: map[string]*runtime.TCPRouterInfo{
|
2019-05-16 08:58:06 +00:00
|
|
|
"foo": {
|
2019-07-10 07:26:04 +00:00
|
|
|
TCPRouter: &dynamic.TCPRouter{
|
2019-05-16 08:58:06 +00:00
|
|
|
EntryPoints: []string{"web"},
|
|
|
|
Service: "foo-service",
|
|
|
|
Rule: "WrongRule(`bar.foo`)",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
|
|
|
|
"bar": {
|
2019-07-10 07:26:04 +00:00
|
|
|
TCPRouter: &dynamic.TCPRouter{
|
2019-05-16 08:58:06 +00:00
|
|
|
EntryPoints: []string{"web"},
|
|
|
|
Service: "foo-service",
|
|
|
|
Rule: "HostSNI(`foo.bar`)",
|
2022-03-17 17:02:08 +00:00
|
|
|
TLS: &dynamic.RouterTCPTLSConfig{},
|
2019-05-16 08:58:06 +00:00
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
expectedError: 1,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
desc: "All router with wrong rule",
|
2020-12-09 13:16:03 +00:00
|
|
|
tcpServiceConfig: map[string]*runtime.TCPServiceInfo{
|
2019-05-16 08:58:06 +00:00
|
|
|
"foo-service": {
|
2019-07-10 07:26:04 +00:00
|
|
|
TCPService: &dynamic.TCPService{
|
2019-09-13 18:00:06 +00:00
|
|
|
LoadBalancer: &dynamic.TCPServersLoadBalancer{
|
2019-07-10 07:26:04 +00:00
|
|
|
Servers: []dynamic.TCPServer{
|
2019-05-16 08:58:06 +00:00
|
|
|
{
|
|
|
|
Address: "127.0.0.1:80",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
2020-12-09 13:16:03 +00:00
|
|
|
tcpRouterConfig: map[string]*runtime.TCPRouterInfo{
|
2019-05-16 08:58:06 +00:00
|
|
|
"foo": {
|
2019-07-10 07:26:04 +00:00
|
|
|
TCPRouter: &dynamic.TCPRouter{
|
2019-05-16 08:58:06 +00:00
|
|
|
EntryPoints: []string{"web"},
|
|
|
|
Service: "foo-service",
|
|
|
|
Rule: "WrongRule(`bar.foo`)",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
"bar": {
|
2019-07-10 07:26:04 +00:00
|
|
|
TCPRouter: &dynamic.TCPRouter{
|
2019-05-16 08:58:06 +00:00
|
|
|
EntryPoints: []string{"web"},
|
|
|
|
Service: "foo-service",
|
|
|
|
Rule: "WrongRule(`foo.bar`)",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
expectedError: 2,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
desc: "Router with unknown service",
|
2020-12-09 13:16:03 +00:00
|
|
|
tcpServiceConfig: map[string]*runtime.TCPServiceInfo{
|
2019-05-16 08:58:06 +00:00
|
|
|
"foo-service": {
|
2019-07-10 07:26:04 +00:00
|
|
|
TCPService: &dynamic.TCPService{
|
2019-09-13 18:00:06 +00:00
|
|
|
LoadBalancer: &dynamic.TCPServersLoadBalancer{
|
2019-07-10 07:26:04 +00:00
|
|
|
Servers: []dynamic.TCPServer{
|
2019-05-16 08:58:06 +00:00
|
|
|
{
|
|
|
|
Address: "127.0.0.1:80",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
2020-12-09 13:16:03 +00:00
|
|
|
tcpRouterConfig: map[string]*runtime.TCPRouterInfo{
|
2019-05-16 08:58:06 +00:00
|
|
|
"foo": {
|
2019-07-10 07:26:04 +00:00
|
|
|
TCPRouter: &dynamic.TCPRouter{
|
2019-05-16 08:58:06 +00:00
|
|
|
EntryPoints: []string{"web"},
|
|
|
|
Service: "wrong-service",
|
|
|
|
Rule: "HostSNI(`bar.foo`)",
|
2022-03-17 17:02:08 +00:00
|
|
|
TLS: &dynamic.RouterTCPTLSConfig{},
|
2019-05-16 08:58:06 +00:00
|
|
|
},
|
|
|
|
},
|
|
|
|
"bar": {
|
2019-07-10 07:26:04 +00:00
|
|
|
TCPRouter: &dynamic.TCPRouter{
|
2019-05-16 08:58:06 +00:00
|
|
|
EntryPoints: []string{"web"},
|
|
|
|
Service: "foo-service",
|
|
|
|
Rule: "HostSNI(`foo.bar`)",
|
2022-03-17 17:02:08 +00:00
|
|
|
TLS: &dynamic.RouterTCPTLSConfig{},
|
2019-05-16 08:58:06 +00:00
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
expectedError: 1,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
desc: "Router with broken service",
|
2020-12-09 13:16:03 +00:00
|
|
|
tcpServiceConfig: map[string]*runtime.TCPServiceInfo{
|
2019-05-16 08:58:06 +00:00
|
|
|
"foo-service": {
|
2019-07-10 07:26:04 +00:00
|
|
|
TCPService: &dynamic.TCPService{
|
2019-05-16 08:58:06 +00:00
|
|
|
LoadBalancer: nil,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
2020-12-09 13:16:03 +00:00
|
|
|
tcpRouterConfig: map[string]*runtime.TCPRouterInfo{
|
2019-05-16 08:58:06 +00:00
|
|
|
"bar": {
|
2019-07-10 07:26:04 +00:00
|
|
|
TCPRouter: &dynamic.TCPRouter{
|
2019-05-16 08:58:06 +00:00
|
|
|
EntryPoints: []string{"web"},
|
|
|
|
Service: "foo-service",
|
|
|
|
Rule: "HostSNI(`foo.bar`)",
|
2024-03-25 10:08:04 +00:00
|
|
|
TLS: &dynamic.RouterTCPTLSConfig{},
|
2019-05-16 08:58:06 +00:00
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
expectedError: 2,
|
|
|
|
},
|
2024-04-02 15:04:05 +00:00
|
|
|
{
|
|
|
|
desc: "Router with priority exceeding the max user-defined priority",
|
|
|
|
tcpServiceConfig: map[string]*runtime.TCPServiceInfo{
|
|
|
|
"foo-service": {
|
|
|
|
TCPService: &dynamic.TCPService{
|
|
|
|
LoadBalancer: &dynamic.TCPServersLoadBalancer{
|
|
|
|
Servers: []dynamic.TCPServer{
|
|
|
|
{
|
|
|
|
Port: "8085",
|
|
|
|
Address: "127.0.0.1:8085",
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Address: "127.0.0.1:8086",
|
|
|
|
Port: "8086",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
tcpRouterConfig: map[string]*runtime.TCPRouterInfo{
|
|
|
|
"bar": {
|
|
|
|
TCPRouter: &dynamic.TCPRouter{
|
|
|
|
EntryPoints: []string{"web"},
|
|
|
|
Service: "foo-service",
|
|
|
|
Rule: "HostSNI(`foo.bar`)",
|
|
|
|
TLS: &dynamic.RouterTCPTLSConfig{},
|
|
|
|
Priority: math.MaxInt,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
expectedError: 1,
|
|
|
|
},
|
2022-03-17 17:02:08 +00:00
|
|
|
{
|
|
|
|
desc: "Router with HostSNI but no TLS",
|
|
|
|
tcpServiceConfig: map[string]*runtime.TCPServiceInfo{
|
|
|
|
"foo-service": {
|
|
|
|
TCPService: &dynamic.TCPService{
|
|
|
|
LoadBalancer: &dynamic.TCPServersLoadBalancer{
|
|
|
|
Servers: []dynamic.TCPServer{
|
|
|
|
{
|
|
|
|
Address: "127.0.0.1:80",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
tcpRouterConfig: map[string]*runtime.TCPRouterInfo{
|
|
|
|
"foo": {
|
|
|
|
TCPRouter: &dynamic.TCPRouter{
|
|
|
|
EntryPoints: []string{"web"},
|
|
|
|
Service: "foo-service",
|
|
|
|
Rule: "HostSNI(`bar.foo`)",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
expectedError: 1,
|
|
|
|
},
|
2019-05-16 08:58:06 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
for _, test := range testCases {
|
|
|
|
t.Run(test.desc, func(t *testing.T) {
|
|
|
|
t.Parallel()
|
|
|
|
|
|
|
|
entryPoints := []string{"web"}
|
|
|
|
|
2019-07-15 15:04:04 +00:00
|
|
|
conf := &runtime.Configuration{
|
2020-12-09 13:16:03 +00:00
|
|
|
Services: test.httpServiceConfig,
|
|
|
|
Routers: test.httpRouterConfig,
|
|
|
|
TCPServices: test.tcpServiceConfig,
|
|
|
|
TCPRouters: test.tcpRouterConfig,
|
2019-05-16 08:58:06 +00:00
|
|
|
}
|
2022-12-09 08:58:05 +00:00
|
|
|
dialerManager := tcp2.NewDialerManager(nil)
|
|
|
|
dialerManager.Update(map[string]*dynamic.TCPServersTransport{"default@internal": {}})
|
|
|
|
serviceManager := tcp.NewManager(conf, dialerManager)
|
2020-12-09 13:16:03 +00:00
|
|
|
tlsManager := traefiktls.NewManager()
|
2019-06-17 16:14:08 +00:00
|
|
|
tlsManager.UpdateConfigs(
|
2019-09-13 17:28:04 +00:00
|
|
|
context.Background(),
|
2020-12-09 13:16:03 +00:00
|
|
|
map[string]traefiktls.Store{},
|
|
|
|
map[string]traefiktls.Options{
|
2019-06-21 15:18:05 +00:00
|
|
|
"default": {
|
|
|
|
MinVersion: "VersionTLS10",
|
|
|
|
},
|
2019-06-17 16:14:08 +00:00
|
|
|
"foo": {
|
|
|
|
MinVersion: "VersionTLS12",
|
|
|
|
},
|
|
|
|
"bar": {
|
|
|
|
MinVersion: "VersionTLS11",
|
|
|
|
},
|
|
|
|
},
|
2020-12-09 13:16:03 +00:00
|
|
|
[]*traefiktls.CertAndStores{})
|
2019-06-17 16:14:08 +00:00
|
|
|
|
2021-06-11 13:30:05 +00:00
|
|
|
middlewaresBuilder := tcpmiddleware.NewBuilder(conf.TCPMiddlewares)
|
|
|
|
|
|
|
|
routerManager := NewManager(conf, serviceManager, middlewaresBuilder,
|
2019-06-17 16:14:08 +00:00
|
|
|
nil, nil, tlsManager)
|
2019-05-16 08:58:06 +00:00
|
|
|
|
|
|
|
_ = routerManager.BuildHandlers(context.Background(), entryPoints)
|
|
|
|
|
|
|
|
// even though conf was passed by argument to the manager builders above,
|
|
|
|
// it's ok to use it as the result we check, because everything worth checking
|
|
|
|
// can be accessed by pointers in it.
|
|
|
|
var allErrors int
|
|
|
|
for _, v := range conf.TCPServices {
|
|
|
|
if v.Err != nil {
|
|
|
|
allErrors++
|
|
|
|
}
|
|
|
|
}
|
|
|
|
for _, v := range conf.TCPRouters {
|
2019-07-19 14:42:04 +00:00
|
|
|
if len(v.Err) > 0 {
|
2019-05-16 08:58:06 +00:00
|
|
|
allErrors++
|
|
|
|
}
|
|
|
|
}
|
2020-12-09 13:16:03 +00:00
|
|
|
for _, v := range conf.Services {
|
|
|
|
if v.Err != nil {
|
|
|
|
allErrors++
|
|
|
|
}
|
|
|
|
}
|
|
|
|
for _, v := range conf.Routers {
|
|
|
|
if len(v.Err) > 0 {
|
|
|
|
allErrors++
|
|
|
|
}
|
|
|
|
}
|
2019-05-16 08:58:06 +00:00
|
|
|
assert.Equal(t, test.expectedError, allErrors)
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
2020-12-09 13:16:03 +00:00
|
|
|
|
|
|
|
func TestDomainFronting(t *testing.T) {
|
2022-02-10 09:42:07 +00:00
|
|
|
tlsOptionsBase := map[string]traefiktls.Options{
|
|
|
|
"default": {
|
|
|
|
MinVersion: "VersionTLS10",
|
|
|
|
},
|
|
|
|
"host1@file": {
|
|
|
|
MinVersion: "VersionTLS12",
|
|
|
|
},
|
|
|
|
"host1@crd": {
|
|
|
|
MinVersion: "VersionTLS12",
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
entryPoints := []string{"web"}
|
|
|
|
|
2020-12-09 13:16:03 +00:00
|
|
|
tests := []struct {
|
|
|
|
desc string
|
|
|
|
routers map[string]*runtime.RouterInfo
|
2022-02-10 09:42:07 +00:00
|
|
|
tlsOptions map[string]traefiktls.Options
|
|
|
|
host string
|
|
|
|
ServerName string
|
2020-12-09 13:16:03 +00:00
|
|
|
expectedStatus int
|
|
|
|
}{
|
|
|
|
{
|
|
|
|
desc: "Request is misdirected when TLS options are different",
|
|
|
|
routers: map[string]*runtime.RouterInfo{
|
|
|
|
"router-1@file": {
|
|
|
|
Router: &dynamic.Router{
|
2022-02-10 09:42:07 +00:00
|
|
|
EntryPoints: entryPoints,
|
2020-12-09 13:16:03 +00:00
|
|
|
Rule: "Host(`host1.local`)",
|
|
|
|
TLS: &dynamic.RouterTLSConfig{
|
|
|
|
Options: "host1",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
"router-2@file": {
|
|
|
|
Router: &dynamic.Router{
|
2022-02-10 09:42:07 +00:00
|
|
|
EntryPoints: entryPoints,
|
2020-12-09 13:16:03 +00:00
|
|
|
Rule: "Host(`host2.local`)",
|
|
|
|
TLS: &dynamic.RouterTLSConfig{},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
2022-02-10 09:42:07 +00:00
|
|
|
tlsOptions: tlsOptionsBase,
|
|
|
|
host: "host1.local",
|
|
|
|
ServerName: "host2.local",
|
2020-12-09 13:16:03 +00:00
|
|
|
expectedStatus: http.StatusMisdirectedRequest,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
desc: "Request is OK when TLS options are the same",
|
|
|
|
routers: map[string]*runtime.RouterInfo{
|
|
|
|
"router-1@file": {
|
|
|
|
Router: &dynamic.Router{
|
2022-02-10 09:42:07 +00:00
|
|
|
EntryPoints: entryPoints,
|
2020-12-09 13:16:03 +00:00
|
|
|
Rule: "Host(`host1.local`)",
|
|
|
|
TLS: &dynamic.RouterTLSConfig{
|
|
|
|
Options: "host1",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
"router-2@file": {
|
|
|
|
Router: &dynamic.Router{
|
2022-02-10 09:42:07 +00:00
|
|
|
EntryPoints: entryPoints,
|
2020-12-09 13:16:03 +00:00
|
|
|
Rule: "Host(`host2.local`)",
|
|
|
|
TLS: &dynamic.RouterTLSConfig{
|
|
|
|
Options: "host1",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
2022-02-10 09:42:07 +00:00
|
|
|
tlsOptions: tlsOptionsBase,
|
|
|
|
host: "host1.local",
|
|
|
|
ServerName: "host2.local",
|
2020-12-09 13:16:03 +00:00
|
|
|
expectedStatus: http.StatusOK,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
desc: "Default TLS options is used when options are ambiguous for the same host",
|
|
|
|
routers: map[string]*runtime.RouterInfo{
|
|
|
|
"router-1@file": {
|
|
|
|
Router: &dynamic.Router{
|
2022-02-10 09:42:07 +00:00
|
|
|
EntryPoints: entryPoints,
|
2020-12-09 13:16:03 +00:00
|
|
|
Rule: "Host(`host1.local`)",
|
|
|
|
TLS: &dynamic.RouterTLSConfig{
|
|
|
|
Options: "host1",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
"router-2@file": {
|
|
|
|
Router: &dynamic.Router{
|
2022-02-10 09:42:07 +00:00
|
|
|
EntryPoints: entryPoints,
|
2020-12-09 13:16:03 +00:00
|
|
|
Rule: "Host(`host1.local`) && PathPrefix(`/foo`)",
|
|
|
|
TLS: &dynamic.RouterTLSConfig{
|
|
|
|
Options: "default",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
"router-3@file": {
|
|
|
|
Router: &dynamic.Router{
|
2022-02-10 09:42:07 +00:00
|
|
|
EntryPoints: entryPoints,
|
2020-12-09 13:16:03 +00:00
|
|
|
Rule: "Host(`host2.local`)",
|
|
|
|
TLS: &dynamic.RouterTLSConfig{
|
|
|
|
Options: "host1",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
2022-02-10 09:42:07 +00:00
|
|
|
tlsOptions: tlsOptionsBase,
|
|
|
|
host: "host1.local",
|
|
|
|
ServerName: "host2.local",
|
2020-12-09 13:16:03 +00:00
|
|
|
expectedStatus: http.StatusMisdirectedRequest,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
desc: "Default TLS options should not be used when options are the same for the same host",
|
|
|
|
routers: map[string]*runtime.RouterInfo{
|
|
|
|
"router-1@file": {
|
|
|
|
Router: &dynamic.Router{
|
2022-02-10 09:42:07 +00:00
|
|
|
EntryPoints: entryPoints,
|
2020-12-09 13:16:03 +00:00
|
|
|
Rule: "Host(`host1.local`)",
|
|
|
|
TLS: &dynamic.RouterTLSConfig{
|
|
|
|
Options: "host1",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
"router-2@file": {
|
|
|
|
Router: &dynamic.Router{
|
2022-02-10 09:42:07 +00:00
|
|
|
EntryPoints: entryPoints,
|
2020-12-09 13:16:03 +00:00
|
|
|
Rule: "Host(`host1.local`) && PathPrefix(`/bar`)",
|
|
|
|
TLS: &dynamic.RouterTLSConfig{
|
|
|
|
Options: "host1",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
"router-3@file": {
|
|
|
|
Router: &dynamic.Router{
|
2022-02-10 09:42:07 +00:00
|
|
|
EntryPoints: entryPoints,
|
2020-12-09 13:16:03 +00:00
|
|
|
Rule: "Host(`host2.local`)",
|
|
|
|
TLS: &dynamic.RouterTLSConfig{
|
|
|
|
Options: "host1",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
2022-02-10 09:42:07 +00:00
|
|
|
tlsOptions: tlsOptionsBase,
|
|
|
|
host: "host1.local",
|
|
|
|
ServerName: "host2.local",
|
2020-12-09 13:16:03 +00:00
|
|
|
expectedStatus: http.StatusOK,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
desc: "Request is misdirected when TLS options have the same name but from different providers",
|
|
|
|
routers: map[string]*runtime.RouterInfo{
|
|
|
|
"router-1@file": {
|
|
|
|
Router: &dynamic.Router{
|
2022-02-10 09:42:07 +00:00
|
|
|
EntryPoints: entryPoints,
|
2020-12-09 13:16:03 +00:00
|
|
|
Rule: "Host(`host1.local`)",
|
|
|
|
TLS: &dynamic.RouterTLSConfig{
|
|
|
|
Options: "host1",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
"router-2@crd": {
|
|
|
|
Router: &dynamic.Router{
|
2022-02-10 09:42:07 +00:00
|
|
|
EntryPoints: entryPoints,
|
2020-12-09 13:16:03 +00:00
|
|
|
Rule: "Host(`host2.local`)",
|
|
|
|
TLS: &dynamic.RouterTLSConfig{
|
|
|
|
Options: "host1",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
2022-02-10 09:42:07 +00:00
|
|
|
tlsOptions: tlsOptionsBase,
|
|
|
|
host: "host1.local",
|
|
|
|
ServerName: "host2.local",
|
2020-12-09 13:16:03 +00:00
|
|
|
expectedStatus: http.StatusMisdirectedRequest,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
desc: "Request is OK when TLS options reference from a different provider is the same",
|
|
|
|
routers: map[string]*runtime.RouterInfo{
|
|
|
|
"router-1@file": {
|
|
|
|
Router: &dynamic.Router{
|
2022-02-10 09:42:07 +00:00
|
|
|
EntryPoints: entryPoints,
|
2020-12-09 13:16:03 +00:00
|
|
|
Rule: "Host(`host1.local`)",
|
|
|
|
TLS: &dynamic.RouterTLSConfig{
|
|
|
|
Options: "host1@crd",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
"router-2@crd": {
|
|
|
|
Router: &dynamic.Router{
|
2022-02-10 09:42:07 +00:00
|
|
|
EntryPoints: entryPoints,
|
2020-12-09 13:16:03 +00:00
|
|
|
Rule: "Host(`host2.local`)",
|
|
|
|
TLS: &dynamic.RouterTLSConfig{
|
|
|
|
Options: "host1@crd",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
2022-02-10 09:42:07 +00:00
|
|
|
tlsOptions: tlsOptionsBase,
|
|
|
|
host: "host1.local",
|
|
|
|
ServerName: "host2.local",
|
2020-12-09 13:16:03 +00:00
|
|
|
expectedStatus: http.StatusOK,
|
|
|
|
},
|
2022-02-10 09:42:07 +00:00
|
|
|
{
|
|
|
|
desc: "Request is misdirected when server name is empty and the host name is an FQDN, but router's rule is not",
|
|
|
|
routers: map[string]*runtime.RouterInfo{
|
|
|
|
"router-1@file": {
|
|
|
|
Router: &dynamic.Router{
|
|
|
|
EntryPoints: entryPoints,
|
|
|
|
Rule: "Host(`host1.local`)",
|
|
|
|
TLS: &dynamic.RouterTLSConfig{
|
|
|
|
Options: "host1@file",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
tlsOptions: map[string]traefiktls.Options{
|
2020-12-09 13:16:03 +00:00
|
|
|
"default": {
|
2022-02-10 09:42:07 +00:00
|
|
|
MinVersion: "VersionTLS13",
|
2020-12-09 13:16:03 +00:00
|
|
|
},
|
|
|
|
"host1@file": {
|
|
|
|
MinVersion: "VersionTLS12",
|
|
|
|
},
|
2022-02-10 09:42:07 +00:00
|
|
|
},
|
|
|
|
host: "host1.local.",
|
|
|
|
expectedStatus: http.StatusMisdirectedRequest,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
desc: "Request is misdirected when server name is empty and the host name is not FQDN, but router's rule is",
|
|
|
|
routers: map[string]*runtime.RouterInfo{
|
|
|
|
"router-1@file": {
|
|
|
|
Router: &dynamic.Router{
|
|
|
|
EntryPoints: entryPoints,
|
|
|
|
Rule: "Host(`host1.local.`)",
|
|
|
|
TLS: &dynamic.RouterTLSConfig{
|
|
|
|
Options: "host1@file",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
tlsOptions: map[string]traefiktls.Options{
|
|
|
|
"default": {
|
|
|
|
MinVersion: "VersionTLS13",
|
|
|
|
},
|
|
|
|
"host1@file": {
|
2020-12-09 13:16:03 +00:00
|
|
|
MinVersion: "VersionTLS12",
|
|
|
|
},
|
2022-02-10 09:42:07 +00:00
|
|
|
},
|
|
|
|
host: "host1.local",
|
|
|
|
expectedStatus: http.StatusMisdirectedRequest,
|
|
|
|
},
|
|
|
|
}
|
2020-12-09 13:16:03 +00:00
|
|
|
|
2022-02-10 09:42:07 +00:00
|
|
|
for _, test := range tests {
|
|
|
|
t.Run(test.desc, func(t *testing.T) {
|
2020-12-09 13:16:03 +00:00
|
|
|
conf := &runtime.Configuration{
|
|
|
|
Routers: test.routers,
|
|
|
|
}
|
|
|
|
|
2022-12-09 08:58:05 +00:00
|
|
|
serviceManager := tcp.NewManager(conf, tcp2.NewDialerManager(nil))
|
2020-12-09 13:16:03 +00:00
|
|
|
|
|
|
|
tlsManager := traefiktls.NewManager()
|
2022-02-10 09:42:07 +00:00
|
|
|
tlsManager.UpdateConfigs(context.Background(), map[string]traefiktls.Store{}, test.tlsOptions, []*traefiktls.CertAndStores{})
|
2020-12-09 13:16:03 +00:00
|
|
|
|
|
|
|
httpsHandler := map[string]http.Handler{
|
|
|
|
"web": http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {}),
|
|
|
|
}
|
|
|
|
|
2021-06-11 13:30:05 +00:00
|
|
|
middlewaresBuilder := tcpmiddleware.NewBuilder(conf.TCPMiddlewares)
|
|
|
|
|
|
|
|
routerManager := NewManager(conf, serviceManager, middlewaresBuilder, nil, httpsHandler, tlsManager)
|
2020-12-09 13:16:03 +00:00
|
|
|
|
|
|
|
routers := routerManager.BuildHandlers(context.Background(), entryPoints)
|
|
|
|
|
|
|
|
router, ok := routers["web"]
|
|
|
|
require.True(t, ok)
|
|
|
|
|
|
|
|
req := httptest.NewRequest(http.MethodGet, "/", nil)
|
2022-02-10 09:42:07 +00:00
|
|
|
req.Host = test.host
|
2020-12-09 13:16:03 +00:00
|
|
|
req.TLS = &tls.ConnectionState{
|
2022-02-10 09:42:07 +00:00
|
|
|
ServerName: test.ServerName,
|
2020-12-09 13:16:03 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
rw := httptest.NewRecorder()
|
|
|
|
|
|
|
|
router.GetHTTPSHandler().ServeHTTP(rw, req)
|
|
|
|
|
|
|
|
assert.Equal(t, test.expectedStatus, rw.Code)
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|