Enforce failure for TCP HostSNI with hostname

Co-authored-by: Romain <rtribotte@users.noreply.github.com>
This commit is contained in:
Baptiste Mayelle 2024-03-25 11:08:04 +01:00 committed by GitHub
parent 141abce2d5
commit d94e676083
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 4 additions and 0 deletions

View file

@ -23,10 +23,12 @@
[tcp.routers.router1] [tcp.routers.router1]
service = "service1" service = "service1"
rule = "HostSNI(`snitest.net`)" rule = "HostSNI(`snitest.net`)"
[tcp.routers.router1.tls]
[tcp.routers.router2] [tcp.routers.router2]
service = "service2" service = "service2"
rule = "HostSNI(`snitest.com`)" rule = "HostSNI(`snitest.com`)"
[tcp.routers.router2.tls]
[tcp.services] [tcp.services]
[tcp.services.service1] [tcp.services.service1]

View file

@ -288,6 +288,7 @@ func (m *Manager) addTCPHandlers(ctx context.Context, configs map[string]*runtim
routerErr := fmt.Errorf("invalid rule: %q , has HostSNI matcher, but no TLS on router", routerConfig.Rule) routerErr := fmt.Errorf("invalid rule: %q , has HostSNI matcher, but no TLS on router", routerConfig.Rule)
routerConfig.AddError(routerErr, true) routerConfig.AddError(routerErr, true)
logger.Error(routerErr) logger.Error(routerErr)
continue
} }
var handler tcp.Handler var handler tcp.Handler

View file

@ -264,6 +264,7 @@ func TestRuntimeConfiguration(t *testing.T) {
EntryPoints: []string{"web"}, EntryPoints: []string{"web"},
Service: "foo-service", Service: "foo-service",
Rule: "HostSNI(`foo.bar`)", Rule: "HostSNI(`foo.bar`)",
TLS: &dynamic.RouterTCPTLSConfig{},
}, },
}, },
}, },