feat: support specifying https in upstream to talk with https backend (#3430)

Fix #3336 Signed-off-by: spacewander <spacewanderlzx@gmail.com>
2024-12-04 13:07:34 +08:00 · 2021-01-27 20:18:57 +08:00 · 2021-01-27 20:18:57 +08:00 · 3a09f8a8d5
commit 3a09f8a8d5
parent d752b6f364
4 changed files with 106 additions and 7 deletions
--- a/apisix/schema_def.lua
+++ b/apisix/schema_def.lua
@ -343,7 +343,7 @@ local upstream_schema = {
        },
        scheme = {
            default = "http",
-            enum = {"grpc", "grpcs", "http"}
+            enum = {"grpc", "grpcs", "http", "https"}
        },
        labels = {
            description = "key/value pairs to specify attributes",
--- a/doc/admin-api.md
+++ b/doc/admin-api.md
@ -524,7 +524,7 @@ In addition to the basic complex equalization algorithm selection, APISIX's Upst
 |desc     |optional|upstream usage scenarios, and more.|
 |pass_host            |optional|`pass` pass the client request host, `node` not pass the client request host, using the upstream node host, `rewrite` rewrite host by the configured `upstream_host`.|
 |upstream_host    |optional|This option is only valid if the `pass_host` is `rewrite`.|
-|scheme|optional |The scheme used when talk with the upstream. The value is one of ['http', 'grpc', 'grpcs'], default to 'http'.|
+|scheme|optional |The scheme used when talk with the upstream. The value is one of ['http', 'https', 'grpc', 'grpcs'], default to 'http'.|
 |labels|optional |Key/value pairs to specify attributes|{"version":"v2","build":"16","env":"production"}|
 |create_time|optional| epoch timestamp in second, like `1602883670`, will be created automatically if missing|
 |update_time|optional| epoch timestamp in second, like `1602883670`, will be created automatically if missing|
--- a/doc/zh-cn/admin-api.md
+++ b/doc/zh-cn/admin-api.md
@ -533,7 +533,7 @@ APISIX 的 Upstream 除了基本的复杂均衡算法选择外，还支持对上
 |desc     |可选 |辅助|上游服务描述、使用场景等。||
 |pass_host            |可选|枚举|`pass` 透传客户端请求的 host, `node` 不透传客户端请求的 host, 使用 upstream node 配置的 host, `rewrite` 使用 `upstream_host` 配置的值重写 host 。||
 |upstream_host    |可选|辅助|只在 `pass_host` 配置为 `rewrite` 时有效。||
-|scheme|可选 |辅助|跟上游通信时使用的 scheme。需要是 ['http', 'grpc', 'grpcs'] 其中的一个，默认是 'http'。|
+|scheme|可选 |辅助|跟上游通信时使用的 scheme。需要是 ['http', 'https', 'grpc', 'grpcs'] 其中的一个，默认是 'http'。|
 |labels   |可选 |匹配规则|标识附加属性的键值对|{"version":"v2","build":"16","env":"production"}|
 |create_time|可选|辅助|单位为秒的 epoch 时间戳，如果不指定则自动创建|1602883670|
 |update_time|可选|辅助|单位为秒的 epoch 时间戳，如果不指定则自动创建|1602883670|
--- a/t/node/proxy_https.t
+++ b/t/node/proxy_https.t
@ -21,11 +21,21 @@ no_long_string();
 no_root_location();
 log_level("info");

+add_block_preprocessor(sub {
+    my ($block) = @_;
+
+    if (!$block->error_log && !$block->no_error_log) {
+        $block->set_value("no_error_log", "[error]");
+    }
+
+    $block;
+});
+
 run_tests;

 __DATA__

-=== TEST 1: add route
+=== TEST 1: add route to HTTPS upstream (old way)
 --- config
    location /t {
        content_by_lua_block {
@ -59,12 +69,101 @@ __DATA__
 GET /t
 --- response_body
 passed
--- no_error_log
-[error]



-=== TEST 2: get upstream carrying host
+=== TEST 2: hit the upstream (old way)
+--- request
+GET /hello
+--- more_headers
+host: www.sni.com
+--- error_log
+Receive SNI: www.sni.com
+
+
+
+=== TEST 3: add route to HTTPS upstream
+--- config
+    location /t {
+        content_by_lua_block {
+            local t = require("lib.test_admin").test
+            local code, body = t('/apisix/admin/routes/1',
+                ngx.HTTP_PUT,
+                [[{
+                    "methods": ["GET"],
+                    "upstream": {
+                        "scheme": "https",
+                        "type": "roundrobin",
+                        "nodes": {
+                            "127.0.0.1:1983": 1
+                        }
+                    },
+                    "uri": "/hello"
+                }]]
+                )
+
+            if code >= 300 then
+                ngx.status = code
+            end
+            ngx.say(body)
+        }
+    }
+--- request
+GET /t
+--- response_body
+passed
+
+
+
+=== TEST 4: hit the upstream
+--- request
+GET /hello
+--- more_headers
+host: www.sni.com
+--- error_log
+Receive SNI: www.sni.com
+
+
+
+=== TEST 5: add route to HTTPS upstream (mix)
+--- config
+    location /t {
+        content_by_lua_block {
+            local t = require("lib.test_admin").test
+            local code, body = t('/apisix/admin/routes/1',
+                ngx.HTTP_PUT,
+                [[{
+                    "methods": ["GET"],
+                    "plugins": {
+                        "proxy-rewrite": {
+                            "scheme": "https"
+                        }
+                    },
+                    "upstream": {
+                        "scheme": "https",
+                        "type": "roundrobin",
+                        "nodes": {
+                            "127.0.0.1:1983": 1
+                        }
+                    },
+                    "uri": "/hello"
+                }]]
+                )
+
+            if code >= 300 then
+                ngx.status = code
+            end
+            ngx.say(body)
+        }
+    }
+--- request
+GET /t
+--- response_body
+passed
+
+
+
+=== TEST 6: hit the upstream
 --- request
 GET /hello
 --- more_headers