From 3a09f8a8d58d92d6f9252e4437940cd736cb2eff Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E7=BD=97=E6=B3=BD=E8=BD=A9?= <spacewanderlzx@gmail.com>
Date: Wed, 27 Jan 2021 20:18:57 +0800
Subject: [PATCH] feat: support specifying https in upstream to talk with https
 backend (#3430)

Fix #3336
Signed-off-by: spacewander <spacewanderlzx@gmail.com>
---
 apisix/schema_def.lua  |   2 +-
 doc/admin-api.md       |   2 +-
 doc/zh-cn/admin-api.md |   2 +-
 t/node/proxy_https.t   | 107 +++++++++++++++++++++++++++++++++++++++--
 4 files changed, 106 insertions(+), 7 deletions(-)

diff --git a/apisix/schema_def.lua b/apisix/schema_def.lua
index 78c1908e..3404cc01 100644
--- a/apisix/schema_def.lua
+++ b/apisix/schema_def.lua
@@ -343,7 +343,7 @@ local upstream_schema = {
         },
         scheme = {
             default = "http",
-            enum = {"grpc", "grpcs", "http"}
+            enum = {"grpc", "grpcs", "http", "https"}
         },
         labels = {
             description = "key/value pairs to specify attributes",
diff --git a/doc/admin-api.md b/doc/admin-api.md
index 3744131c..29eae707 100644
--- a/doc/admin-api.md
+++ b/doc/admin-api.md
@@ -524,7 +524,7 @@ In addition to the basic complex equalization algorithm selection, APISIX's Upst
 |desc     |optional|upstream usage scenarios, and more.|
 |pass_host            |optional|`pass` pass the client request host, `node` not pass the client request host, using the upstream node host, `rewrite` rewrite host by the configured `upstream_host`.|
 |upstream_host    |optional|This option is only valid if the `pass_host` is `rewrite`.|
-|scheme|optional |The scheme used when talk with the upstream. The value is one of ['http', 'grpc', 'grpcs'], default to 'http'.|
+|scheme|optional |The scheme used when talk with the upstream. The value is one of ['http', 'https', 'grpc', 'grpcs'], default to 'http'.|
 |labels|optional |Key/value pairs to specify attributes|{"version":"v2","build":"16","env":"production"}|
 |create_time|optional| epoch timestamp in second, like `1602883670`, will be created automatically if missing|
 |update_time|optional| epoch timestamp in second, like `1602883670`, will be created automatically if missing|
diff --git a/doc/zh-cn/admin-api.md b/doc/zh-cn/admin-api.md
index 55be467c..771b0726 100644
--- a/doc/zh-cn/admin-api.md
+++ b/doc/zh-cn/admin-api.md
@@ -533,7 +533,7 @@ APISIX 的 Upstream 除了基本的复杂均衡算法选择外，还支持对上
 |desc     |可选 |辅助|上游服务描述、使用场景等。||
 |pass_host            |可选|枚举|`pass` 透传客户端请求的 host, `node` 不透传客户端请求的 host, 使用 upstream node 配置的 host, `rewrite` 使用 `upstream_host` 配置的值重写 host 。||
 |upstream_host    |可选|辅助|只在 `pass_host` 配置为 `rewrite` 时有效。||
-|scheme|可选 |辅助|跟上游通信时使用的 scheme。需要是 ['http', 'grpc', 'grpcs'] 其中的一个，默认是 'http'。|
+|scheme|可选 |辅助|跟上游通信时使用的 scheme。需要是 ['http', 'https', 'grpc', 'grpcs'] 其中的一个，默认是 'http'。|
 |labels   |可选 |匹配规则|标识附加属性的键值对|{"version":"v2","build":"16","env":"production"}|
 |create_time|可选|辅助|单位为秒的 epoch 时间戳，如果不指定则自动创建|1602883670|
 |update_time|可选|辅助|单位为秒的 epoch 时间戳，如果不指定则自动创建|1602883670|
diff --git a/t/node/proxy_https.t b/t/node/proxy_https.t
index 0c3daf0e..58a44100 100644
--- a/t/node/proxy_https.t
+++ b/t/node/proxy_https.t
@@ -21,11 +21,21 @@ no_long_string();
 no_root_location();
 log_level("info");
 
+add_block_preprocessor(sub {
+    my ($block) = @_;
+
+    if (!$block->error_log && !$block->no_error_log) {
+        $block->set_value("no_error_log", "[error]");
+    }
+
+    $block;
+});
+
 run_tests;
 
 __DATA__
 
-=== TEST 1: add route
+=== TEST 1: add route to HTTPS upstream (old way)
 --- config
     location /t {
         content_by_lua_block {
@@ -59,12 +69,101 @@ __DATA__
 GET /t
 --- response_body
 passed
---- no_error_log
-[error]
 
 
 
-=== TEST 2: get upstream carrying host
+=== TEST 2: hit the upstream (old way)
+--- request
+GET /hello
+--- more_headers
+host: www.sni.com
+--- error_log
+Receive SNI: www.sni.com
+
+
+
+=== TEST 3: add route to HTTPS upstream
+--- config
+    location /t {
+        content_by_lua_block {
+            local t = require("lib.test_admin").test
+            local code, body = t('/apisix/admin/routes/1',
+                ngx.HTTP_PUT,
+                [[{
+                    "methods": ["GET"],
+                    "upstream": {
+                        "scheme": "https",
+                        "type": "roundrobin",
+                        "nodes": {
+                            "127.0.0.1:1983": 1
+                        }
+                    },
+                    "uri": "/hello"
+                }]]
+                )
+
+            if code >= 300 then
+                ngx.status = code
+            end
+            ngx.say(body)
+        }
+    }
+--- request
+GET /t
+--- response_body
+passed
+
+
+
+=== TEST 4: hit the upstream
+--- request
+GET /hello
+--- more_headers
+host: www.sni.com
+--- error_log
+Receive SNI: www.sni.com
+
+
+
+=== TEST 5: add route to HTTPS upstream (mix)
+--- config
+    location /t {
+        content_by_lua_block {
+            local t = require("lib.test_admin").test
+            local code, body = t('/apisix/admin/routes/1',
+                ngx.HTTP_PUT,
+                [[{
+                    "methods": ["GET"],
+                    "plugins": {
+                        "proxy-rewrite": {
+                            "scheme": "https"
+                        }
+                    },
+                    "upstream": {
+                        "scheme": "https",
+                        "type": "roundrobin",
+                        "nodes": {
+                            "127.0.0.1:1983": 1
+                        }
+                    },
+                    "uri": "/hello"
+                }]]
+                )
+
+            if code >= 300 then
+                ngx.status = code
+            end
+            ngx.say(body)
+        }
+    }
+--- request
+GET /t
+--- response_body
+passed
+
+
+
+=== TEST 6: hit the upstream
 --- request
 GET /hello
 --- more_headers