traefik/pkg/server/server_entrypoint_tcp_http3_test.go

package server

import (
	"bufio"
	"context"
	"crypto/tls"
	"net/http"
	"testing"

	"github.com/stretchr/testify/assert"
	"github.com/stretchr/testify/require"
	"github.com/traefik/traefik/v2/pkg/config/static"
	"github.com/traefik/traefik/v2/pkg/tcp"
	traefiktls "github.com/traefik/traefik/v2/pkg/tls"
)

// LocalhostCert is a PEM-encoded TLS cert with SAN IPs
// "127.0.0.1" and "[::1]", expiring at Jan 29 16:00:00 2084 GMT.
// generated from src/crypto/tls:
// go run generate_cert.go  --rsa-bits 1024 --host 127.0.0.1,::1,example.com --ca --start-date "Jan 1 00:00:00 1970" --duration=1000000h
var (
	localhostCert = traefiktls.FileOrContent(`-----BEGIN CERTIFICATE-----
MIICEzCCAXygAwIBAgIQMIMChMLGrR+QvmQvpwAU6zANBgkqhkiG9w0BAQsFADAS
MRAwDgYDVQQKEwdBY21lIENvMCAXDTcwMDEwMTAwMDAwMFoYDzIwODQwMTI5MTYw
MDAwWjASMRAwDgYDVQQKEwdBY21lIENvMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
iQKBgQDuLnQAI3mDgey3VBzWnB2L39JUU4txjeVE6myuDqkM/uGlfjb9SjY1bIw4
iA5sBBZzHi3z0h1YV8QPuxEbi4nW91IJm2gsvvZhIrCHS3l6afab4pZBl2+XsDul
rKBxKKtD1rGxlG4LjncdabFn9gvLZad2bSysqz/qTAUStTvqJQIDAQABo2gwZjAO
BgNVHQ8BAf8EBAMCAqQwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0TAQH/BAUw
AwEB/zAuBgNVHREEJzAlggtleGFtcGxlLmNvbYcEfwAAAYcQAAAAAAAAAAAAAAAA
AAAAATANBgkqhkiG9w0BAQsFAAOBgQCEcetwO59EWk7WiJsG4x8SY+UIAA+flUI9
tyC4lNhbcF2Idq9greZwbYCqTTTr2XiRNSMLCOjKyI7ukPoPjo16ocHj+P3vZGfs
h1fIw3cSS2OolhloGw/XM6RWPWtPAlGykKLciQrBru5NAPvCMsb/I1DAceTiotQM
fblo6RBxUQ==
-----END CERTIFICATE-----`)

	// LocalhostKey is the private key for localhostCert.
	localhostKey = traefiktls.FileOrContent(`-----BEGIN RSA PRIVATE KEY-----
MIICXgIBAAKBgQDuLnQAI3mDgey3VBzWnB2L39JUU4txjeVE6myuDqkM/uGlfjb9
SjY1bIw4iA5sBBZzHi3z0h1YV8QPuxEbi4nW91IJm2gsvvZhIrCHS3l6afab4pZB
l2+XsDulrKBxKKtD1rGxlG4LjncdabFn9gvLZad2bSysqz/qTAUStTvqJQIDAQAB
AoGAGRzwwir7XvBOAy5tM/uV6e+Zf6anZzus1s1Y1ClbjbE6HXbnWWF/wbZGOpet
3Zm4vD6MXc7jpTLryzTQIvVdfQbRc6+MUVeLKwZatTXtdZrhu+Jk7hx0nTPy8Jcb
uJqFk541aEw+mMogY/xEcfbWd6IOkp+4xqjlFLBEDytgbIECQQDvH/E6nk+hgN4H
qzzVtxxr397vWrjrIgPbJpQvBsafG7b0dA4AFjwVbFLmQcj2PprIMmPcQrooz8vp
jy4SHEg1AkEA/v13/5M47K9vCxmb8QeD/asydfsgS5TeuNi8DoUBEmiSJwma7FXY
fFUtxuvL7XvjwjN5B30pNEbc6Iuyt7y4MQJBAIt21su4b3sjXNueLKH85Q+phy2U
fQtuUE9txblTu14q3N7gHRZB4ZMhFYyDy8CKrN2cPg/Fvyt0Xlp/DoCzjA0CQQDU
y2ptGsuSmgUtWj3NM9xuwYPm+Z/F84K6+ARYiZ6PYj013sovGKUFfYAqVXVlxtIX
qyUBnu3X9ps8ZfjLZO7BAkEAlT4R5Yl6cGhaJQYZHOde3JEMhNRcVFMO8dJDaFeo
f9Oeos0UUothgiDktdQHxdNEwLjQf7lJJBzV+5OtwswCWA==
-----END RSA PRIVATE KEY-----`)
)

func TestHTTP3AdvertisedPort(t *testing.T) {
	certContent, err := localhostCert.Read()
	require.NoError(t, err)

	keyContent, err := localhostKey.Read()
	require.NoError(t, err)

	tlsCert, err := tls.X509KeyPair(certContent, keyContent)
	require.NoError(t, err)

	epConfig := &static.EntryPointsTransport{}
	epConfig.SetDefaults()

	entryPoint, err := NewTCPEntryPoint(context.Background(), &static.EntryPoint{
		Address:          "127.0.0.1:8090",
		Transport:        epConfig,
		ForwardedHeaders: &static.ForwardedHeaders{},
		HTTP3: &static.HTTP3Config{
			AdvertisedPort: 8080,
		},
	})
	require.NoError(t, err)

	router := &tcp.Router{}
	router.AddRouteHTTPTLS("*", &tls.Config{
		Certificates: []tls.Certificate{tlsCert},
	})
	router.HTTPSHandler(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
		rw.WriteHeader(http.StatusOK)
	}), nil)

	go entryPoint.Start(context.Background())
	entryPoint.SwitchRouter(router)

	conn, err := tls.Dial("tcp", "127.0.0.1:8090", &tls.Config{
		InsecureSkipVerify: true,
	})
	require.NoError(t, err)

	request, err := http.NewRequest(http.MethodGet, "https://127.0.0.1:8090", nil)
	require.NoError(t, err)

	err = request.Write(conn)
	require.NoError(t, err)

	r, err := http.ReadResponse(bufio.NewReader(conn), nil)
	require.NoError(t, err)

	assert.NotContains(t, r.Header.Get("Alt-Svc"), ":8090")
	assert.Contains(t, r.Header.Get("Alt-Svc"), ":8080")
}
Add HTTP3Config 2021-09-10 12:58:13 +00:00			`package server`

			`import (`
			`"bufio"`
			`"context"`
			`"crypto/tls"`
			`"net/http"`
			`"testing"`

			`"github.com/stretchr/testify/assert"`
			`"github.com/stretchr/testify/require"`
			`"github.com/traefik/traefik/v2/pkg/config/static"`
			`"github.com/traefik/traefik/v2/pkg/tcp"`
			`traefiktls "github.com/traefik/traefik/v2/pkg/tls"`
			`)`

			`// LocalhostCert is a PEM-encoded TLS cert with SAN IPs`
			`// "127.0.0.1" and "[::1]", expiring at Jan 29 16:00:00 2084 GMT.`
			`// generated from src/crypto/tls:`
			`// go run generate_cert.go --rsa-bits 1024 --host 127.0.0.1,::1,example.com --ca --start-date "Jan 1 00:00:00 1970" --duration=1000000h`
			`var (`
			localhostCert = traefiktls.FileOrContent(`-----BEGIN CERTIFICATE-----
			`MIICEzCCAXygAwIBAgIQMIMChMLGrR+QvmQvpwAU6zANBgkqhkiG9w0BAQsFADAS`
			`MRAwDgYDVQQKEwdBY21lIENvMCAXDTcwMDEwMTAwMDAwMFoYDzIwODQwMTI5MTYw`
			`MDAwWjASMRAwDgYDVQQKEwdBY21lIENvMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB`
			`iQKBgQDuLnQAI3mDgey3VBzWnB2L39JUU4txjeVE6myuDqkM/uGlfjb9SjY1bIw4`
			`iA5sBBZzHi3z0h1YV8QPuxEbi4nW91IJm2gsvvZhIrCHS3l6afab4pZBl2+XsDul`
			`rKBxKKtD1rGxlG4LjncdabFn9gvLZad2bSysqz/qTAUStTvqJQIDAQABo2gwZjAO`
			`BgNVHQ8BAf8EBAMCAqQwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0TAQH/BAUw`
			`AwEB/zAuBgNVHREEJzAlggtleGFtcGxlLmNvbYcEfwAAAYcQAAAAAAAAAAAAAAAA`
			`AAAAATANBgkqhkiG9w0BAQsFAAOBgQCEcetwO59EWk7WiJsG4x8SY+UIAA+flUI9`
			`tyC4lNhbcF2Idq9greZwbYCqTTTr2XiRNSMLCOjKyI7ukPoPjo16ocHj+P3vZGfs`
			`h1fIw3cSS2OolhloGw/XM6RWPWtPAlGykKLciQrBru5NAPvCMsb/I1DAceTiotQM`
			`fblo6RBxUQ==`
			-----END CERTIFICATE-----`)

			`// LocalhostKey is the private key for localhostCert.`
			localhostKey = traefiktls.FileOrContent(`-----BEGIN RSA PRIVATE KEY-----
			`MIICXgIBAAKBgQDuLnQAI3mDgey3VBzWnB2L39JUU4txjeVE6myuDqkM/uGlfjb9`
			`SjY1bIw4iA5sBBZzHi3z0h1YV8QPuxEbi4nW91IJm2gsvvZhIrCHS3l6afab4pZB`
			`l2+XsDulrKBxKKtD1rGxlG4LjncdabFn9gvLZad2bSysqz/qTAUStTvqJQIDAQAB`
			`AoGAGRzwwir7XvBOAy5tM/uV6e+Zf6anZzus1s1Y1ClbjbE6HXbnWWF/wbZGOpet`
			`3Zm4vD6MXc7jpTLryzTQIvVdfQbRc6+MUVeLKwZatTXtdZrhu+Jk7hx0nTPy8Jcb`
			`uJqFk541aEw+mMogY/xEcfbWd6IOkp+4xqjlFLBEDytgbIECQQDvH/E6nk+hgN4H`
			`qzzVtxxr397vWrjrIgPbJpQvBsafG7b0dA4AFjwVbFLmQcj2PprIMmPcQrooz8vp`
			`jy4SHEg1AkEA/v13/5M47K9vCxmb8QeD/asydfsgS5TeuNi8DoUBEmiSJwma7FXY`
			`fFUtxuvL7XvjwjN5B30pNEbc6Iuyt7y4MQJBAIt21su4b3sjXNueLKH85Q+phy2U`
			`fQtuUE9txblTu14q3N7gHRZB4ZMhFYyDy8CKrN2cPg/Fvyt0Xlp/DoCzjA0CQQDU`
			`y2ptGsuSmgUtWj3NM9xuwYPm+Z/F84K6+ARYiZ6PYj013sovGKUFfYAqVXVlxtIX`
			`qyUBnu3X9ps8ZfjLZO7BAkEAlT4R5Yl6cGhaJQYZHOde3JEMhNRcVFMO8dJDaFeo`
			`f9Oeos0UUothgiDktdQHxdNEwLjQf7lJJBzV+5OtwswCWA==`
			-----END RSA PRIVATE KEY-----`)
			`)`

			`func TestHTTP3AdvertisedPort(t *testing.T) {`
			`certContent, err := localhostCert.Read()`
			`require.NoError(t, err)`

			`keyContent, err := localhostKey.Read()`
			`require.NoError(t, err)`

			`tlsCert, err := tls.X509KeyPair(certContent, keyContent)`
			`require.NoError(t, err)`

			`epConfig := &static.EntryPointsTransport{}`
			`epConfig.SetDefaults()`

			`entryPoint, err := NewTCPEntryPoint(context.Background(), &static.EntryPoint{`
			`Address: "127.0.0.1:8090",`
			`Transport: epConfig,`
			`ForwardedHeaders: &static.ForwardedHeaders{},`
			`HTTP3: &static.HTTP3Config{`
			`AdvertisedPort: 8080,`
			`},`
			`})`
			`require.NoError(t, err)`

			`router := &tcp.Router{}`
			`router.AddRouteHTTPTLS("*", &tls.Config{`
			`Certificates: []tls.Certificate{tlsCert},`
			`})`
			`router.HTTPSHandler(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {`
			`rw.WriteHeader(http.StatusOK)`
			`}), nil)`

			`go entryPoint.Start(context.Background())`
			`entryPoint.SwitchRouter(router)`

			`conn, err := tls.Dial("tcp", "127.0.0.1:8090", &tls.Config{`
			`InsecureSkipVerify: true,`
			`})`
			`require.NoError(t, err)`

			`request, err := http.NewRequest(http.MethodGet, "https://127.0.0.1:8090", nil)`
			`require.NoError(t, err)`

			`err = request.Write(conn)`
			`require.NoError(t, err)`

			`r, err := http.ReadResponse(bufio.NewReader(conn), nil)`
			`require.NoError(t, err)`

			`assert.NotContains(t, r.Header.Get("Alt-Svc"), ":8090")`
			`assert.Contains(t, r.Header.Get("Alt-Svc"), ":8080")`
			`}`