From ba2cf4136656dcbf6da6606bc1fe7caa74552322 Mon Sep 17 00:00:00 2001 From: zll600 <3400692417@qq.com> Date: Mon, 26 Feb 2024 20:51:25 +0800 Subject: [PATCH 01/14] feat: support enable quic --- .github/workflows/quic.yml | 191 ++++++++++++++++++++++++++++++++ apisix/cli/ngx_tpl.lua | 3 + apisix/cli/ops.lua | 30 +++-- apisix/cli/schema.lua | 5 +- ci/common.sh | 11 +- ci/linux_install_static_curl.sh | 22 ++++ conf/config-default.yaml | 2 + t/APISIX.pm | 4 +- t/node/grpc-proxy.t | 2 +- t/node/http_host.t | 2 +- t/plugin/cas-auth.t | 2 +- t/plugin/hmac-auth2.t | 6 +- t/plugin/openid-connect.t | 4 +- t/quic/admin/basic.t | 108 ++++++++++++++++++ 14 files changed, 374 insertions(+), 18 deletions(-) create mode 100644 .github/workflows/quic.yml create mode 100755 ci/linux_install_static_curl.sh create mode 100644 t/quic/admin/basic.t diff --git a/.github/workflows/quic.yml b/.github/workflows/quic.yml new file mode 100644 index 000000000000..593cbc77ba3a --- /dev/null +++ b/.github/workflows/quic.yml @@ -0,0 +1,191 @@ +name: QUIC + +on: + push: + branches: [master, 'release/**'] + paths-ignore: + - 'docs/**' + - '**/*.md' + pull_request: + branches: [master, 'release/**'] + paths-ignore: + - 'docs/**' + - '**/*.md' + +concurrency: + group: ${{ github.workflow }}-${{ github.ref == 'refs/heads/master' && github.run_number || github.ref }} + cancel-in-progress: true + +permissions: + contents: read + +jobs: + build: + strategy: + fail-fast: false + matrix: + platform: + - ubuntu-20.04 + os_name: + - linux_openresty + events_module: + - lua-resty-worker-events + - lua-resty-events + test_dir: + - t/quic/admin + + runs-on: ${{ matrix.platform }} + timeout-minutes: 90 + env: + SERVER_NAME: ${{ matrix.os_name }} + OPENRESTY_VERSION: default + + steps: + - name: Check out code + uses: actions/checkout@v4 + with: + submodules: recursive + + - name: Setup Go + uses: actions/setup-go@v5 + with: + go-version: "1.17" + + - name: Cache deps + uses: actions/cache@v4 + env: + cache-name: cache-deps + with: + path: deps + key: ${{ runner.os }}-${{ env.cache-name }}-${{ matrix.os_name }}-${{ hashFiles('apisix-master-0.rockspec') }} + + - name: Extract branch name + if: ${{ startsWith(github.ref, 'refs/heads/release/') }} + id: branch_env + shell: bash + run: | + echo "version=${GITHUB_REF##*/}" >>$GITHUB_OUTPUT + echo "fullname=apache-apisix-${GITHUB_REF##*/}-src.tgz" >>$GITHUB_OUTPUT + + - name: Extract test type + shell: bash + id: test_env + run: | + test_dir="${{ matrix.test_dir }}" + if [[ $test_dir =~ 't/quic/plugin' ]]; then + echo "type=plugin" >>$GITHUB_OUTPUT + fi + if [[ $test_dir =~ 't/quic/admin' ]]; then + echo "type=first" >>$GITHUB_OUTPUT + fi + if [[ $test_dir =~ ' t/quic/xrpc' ]]; then + echo "type=last" >>$GITHUB_OUTPUT + fi + + - name: Free disk space + run: | + bash ./ci/free_disk_space.sh + + - name: Linux launch common services + run: | + make ci-env-up project_compose_ci=ci/pod/docker-compose.common.yml + sudo ./ci/init-common-test-service.sh + + - name: Create tarball + if: ${{ startsWith(github.ref, 'refs/heads/release/') }} + run: | + make compress-tar VERSION=${{ steps.branch_env.outputs.version }} + + - name: Remove source code + if: ${{ startsWith(github.ref, 'refs/heads/release/') }} + run: | + rm -rf $(ls -1 --ignore=*.tgz --ignore=ci --ignore=t --ignore=utils --ignore=.github) + tar zxvf ${{ steps.branch_env.outputs.fullname }} + + - name: Cache images + id: cache-images + uses: actions/cache@v4 + env: + cache-name: cache-apisix-docker-images + with: + path: docker-images-backup + key: ${{ runner.os }}-${{ env.cache-name }}-${{ steps.test_env.outputs.type }}-${{ hashFiles(format('./ci/pod/docker-compose.{0}.yml', steps.test_env.outputs.type )) }} + + - if: ${{ steps.cache-images.outputs.cache-hit == 'true' }} + name: Load saved docker images + run: | + if [[ -f docker-images-backup/apisix-images.tar ]]; then + [[ ${{ steps.test_env.outputs.type }} != first ]] && sudo ./ci/init-${{ steps.test_env.outputs.type }}-test-service.sh before + docker load --input docker-images-backup/apisix-images.tar + echo "loaded docker images" + + # preserve storage space + rm docker-images-backup/apisix-images.tar + + make ci-env-up project_compose_ci=ci/pod/docker-compose.${{ steps.test_env.outputs.type }}.yml + if [[ ${{ steps.test_env.outputs.type }} != first ]]; then + sudo ./ci/init-${{ steps.test_env.outputs.type }}-test-service.sh after + fi + fi + - if: ${{ steps.cache-images.outputs.cache-hit != 'true' }} + name: Linux launch services + run: | + [[ ${{ steps.test_env.outputs.type }} != first ]] && sudo ./ci/init-${{ steps.test_env.outputs.type }}-test-service.sh before + [[ ${{ steps.test_env.outputs.type }} == plugin ]] && ./ci/pod/openfunction/build-function-image.sh + make ci-env-up project_compose_ci=ci/pod/docker-compose.${{ steps.test_env.outputs.type }}.yml + [[ ${{ steps.test_env.outputs.type }} != first ]] && sudo ./ci/init-${{ steps.test_env.outputs.type }}-test-service.sh after + echo "Linux launch services, done." + - name: Start Dubbo Backend + if: matrix.os_name == 'linux_openresty' && (steps.test_env.outputs.type == 'plugin' || steps.test_env.outputs.type == 'last') + run: | + cur_dir=$(pwd) + sudo apt update + sudo apt install -y maven + cd t/lib/dubbo-backend + mvn package + cd dubbo-backend-provider/target + java -Djava.net.preferIPv4Stack=true -jar dubbo-demo-provider.one-jar.jar > /tmp/java.log & + cd $cur_dir/t/lib/dubbo-serialization-backend + mvn package + cd dubbo-serialization-backend-provider/target + java -Djava.net.preferIPv4Stack=true -jar dubbo-demo-provider.one-jar.jar > /tmp/java2.log & + + - name: Build xDS library + if: steps.test_env.outputs.type == 'last' + run: | + cd t/xds-library + go build -o libxds.so -buildmode=c-shared main.go export.go + + - name: Build wasm code + if: matrix.os_name == 'linux_openresty' && steps.test_env.outputs.type == 'last' + run: | + export TINYGO_VER=0.20.0 + wget https://github.com/tinygo-org/tinygo/releases/download/v${TINYGO_VER}/tinygo_${TINYGO_VER}_amd64.deb 2>/dev/null + sudo dpkg -i tinygo_${TINYGO_VER}_amd64.deb + cd t/wasm && find . -type f -name "*.go" | xargs -Ip tinygo build -o p.wasm -scheduler=none -target=wasi p + + - name: Linux Before install + run: sudo ./ci/${{ matrix.os_name }}_runner.sh before_install + + - name: Linux Install + run: | + sudo --preserve-env=OPENRESTY_VERSION \ + ./ci/${{ matrix.os_name }}_runner.sh do_install + + - name: Linux Install static-curl + shell: bash + run: | + ./ci/linux_install_static_curl.sh + + - name: Linux Script + env: + TEST_FILE_SUB_DIR: ${{ matrix.test_dir }} + TEST_EVENTS_MODULE: ${{ matrix.events_module }} + run: sudo -E ./ci/${{ matrix.os_name }}_runner.sh script + + - if: ${{ steps.cache-images.outputs.cache-hit != 'true' }} + name: Save docker images + run: | + echo "start backing up, $(date)" + bash ./ci/backup-docker-images.sh ${{ steps.test_env.outputs.type }} + echo "backup done, $(date)" diff --git a/apisix/cli/ngx_tpl.lua b/apisix/cli/ngx_tpl.lua index 121f39f0501f..e41f0637262e 100644 --- a/apisix/cli/ngx_tpl.lua +++ b/apisix/cli/ngx_tpl.lua @@ -637,6 +637,9 @@ http { {% if ssl.enable then %} {% for _, item in ipairs(ssl.listen) do %} listen {* item.ip *}:{* item.port *} ssl default_server {% if enable_reuseport then %} reuseport {% end %}; + {% if item.enable_quic then %} + listen {* item.ip *}:{* item.port *} quic default_server; + {% end %} {% end %} {% end %} {% if proxy_protocol and proxy_protocol.listen_http_port then %} diff --git a/apisix/cli/ops.lua b/apisix/cli/ops.lua index 918d1c81bdfb..73b9c1d1336e 100644 --- a/apisix/cli/ops.lua +++ b/apisix/cli/ops.lua @@ -379,7 +379,8 @@ Please modify "admin_key" in conf/config.yaml . local ip_port_to_check = {} - local function listen_table_insert(listen_table, scheme, ip, port, enable_http2, enable_ipv6) + local function listen_table_insert(listen_table, scheme, ip, port, + enable_http2, enable_quic, enable_ipv6) if type(ip) ~= "string" then util.die(scheme, " listen ip format error, must be string", "\n") end @@ -397,7 +398,12 @@ Please modify "admin_key" in conf/config.yaml . if ip_port_to_check[addr] == nil then table_insert(listen_table, - {ip = ip, port = port, enable_http2 = enable_http2}) + { + ip = ip, + port = port, + enable_http2 = enable_http2, + enable_quic = enable_quic + }) ip_port_to_check[addr] = scheme end @@ -407,7 +413,12 @@ Please modify "admin_key" in conf/config.yaml . if ip_port_to_check[addr] == nil then table_insert(listen_table, - {ip = ip, port = port, enable_http2 = enable_http2}) + { + ip = ip, + port = port, + enable_http2 = enable_http2, + enable_quic = enable_quic + }) ip_port_to_check[addr] = scheme end end @@ -418,12 +429,12 @@ Please modify "admin_key" in conf/config.yaml . -- listen in http, support multiple ports and specific IP, compatible with the original style if type(yaml_conf.apisix.node_listen) == "number" then listen_table_insert(node_listen, "http", "0.0.0.0", yaml_conf.apisix.node_listen, - false, yaml_conf.apisix.enable_ipv6) + false, false, yaml_conf.apisix.enable_ipv6) elseif type(yaml_conf.apisix.node_listen) == "table" then for _, value in ipairs(yaml_conf.apisix.node_listen) do if type(value) == "number" then listen_table_insert(node_listen, "http", "0.0.0.0", value, - false, yaml_conf.apisix.enable_ipv6) + false, false, yaml_conf.apisix.enable_ipv6) elseif type(value) == "table" then local ip = value.ip local port = value.port @@ -449,7 +460,7 @@ Please modify "admin_key" in conf/config.yaml . end listen_table_insert(node_listen, "http", ip, port, - enable_http2, enable_ipv6) + enable_http2, false, enable_ipv6) end end end @@ -462,6 +473,7 @@ Please modify "admin_key" in conf/config.yaml . local port = value.port local enable_ipv6 = false local enable_http2 = value.enable_http2 + local enable_quic = value.enable_quic if ip == nil then ip = "0.0.0.0" @@ -481,8 +493,12 @@ Please modify "admin_key" in conf/config.yaml . enable_http2_global = true end + if enable_quic == nil then + enable_quic = false + end + listen_table_insert(ssl_listen, "https", ip, port, - enable_http2, enable_ipv6) + enable_http2, enable_quic, enable_ipv6) end yaml_conf.apisix.ssl.listen = ssl_listen diff --git a/apisix/cli/schema.lua b/apisix/cli/schema.lua index 836b88f6965a..3eae5ed75d31 100644 --- a/apisix/cli/schema.lua +++ b/apisix/cli/schema.lua @@ -220,7 +220,10 @@ local config_schema = { }, enable_http2 = { type = "boolean", - } + }, + enable_quic = { + type = "boolean", + }, } } }, diff --git a/ci/common.sh b/ci/common.sh index 7e9f65e385b6..18de6eef03e3 100644 --- a/ci/common.sh +++ b/ci/common.sh @@ -75,6 +75,15 @@ install_curl () { curl -V } +install_static_curl () { + CURL_VERSION="8.6.0" + wget -q https://github.com/stunnel/static-curl/releases/download/${CURL_VERSION}/curl-linux-amd64-${CURL_VERSION}.tar.xz + tar -xf curl-linux-amd64-${CURL_VERSION}.tar.xz + sudo apt remove -y curl + sudo cp curl /usr/bin + curl -V +} + install_apisix_runtime() { export runtime_version=${APISIX_RUNTIME} wget "https://raw.githubusercontent.com/api7/apisix-build-tools/apisix-runtime/${APISIX_RUNTIME}/build-apisix-runtime.sh" @@ -177,7 +186,7 @@ GRPC_SERVER_EXAMPLE_VER=20210819 linux_get_dependencies () { apt update - apt install -y cpanminus build-essential libncurses5-dev libreadline-dev libssl-dev perl libpcre3 libpcre3-dev libldap2-dev + apt install -y cpanminus build-essential libncurses5-dev libreadline-dev libssl-dev perl libpcre3 libpcre3-dev libldap2-dev xz-utils } function start_grpc_server_example() { diff --git a/ci/linux_install_static_curl.sh b/ci/linux_install_static_curl.sh new file mode 100755 index 000000000000..72518d1b7ce1 --- /dev/null +++ b/ci/linux_install_static_curl.sh @@ -0,0 +1,22 @@ +#!/usr/bin/env bash +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +set -ex + +# use curl which supports http3 to test. +install_static_curl diff --git a/conf/config-default.yaml b/conf/config-default.yaml index 245e68f2b829..5b213cff7290 100755 --- a/conf/config-default.yaml +++ b/conf/config-default.yaml @@ -97,9 +97,11 @@ apisix: listen: # APISIX listening port for HTTPS traffic. - port: 9443 enable_http2: true + enable_quic: true # - ip: 127.0.0.3 # If not set, default to `0.0.0.0`. # port: 9445 # enable_http2: true + # enable_quic: true # ssl_trusted_certificate: /path/to/ca-cert # Set the path to CA certificates used to verify client # certificates in the PEM format. ssl_protocols: TLSv1.2 TLSv1.3 # TLS versions supported. diff --git a/t/APISIX.pm b/t/APISIX.pm index be640c2bc98a..8bc78c1a1bb2 100644 --- a/t/APISIX.pm +++ b/t/APISIX.pm @@ -671,6 +671,7 @@ _EOC_ $a6_ngx_directives server { + listen 1983 quic reuseport; listen 1983 ssl; ssl_certificate cert/apisix.crt; ssl_certificate_key cert/apisix.key; @@ -726,6 +727,7 @@ _EOC_ $config .= <<_EOC_; $ipv6_listen_conf + listen 1994 quic reuseport; listen 1994 ssl; http2 on; ssl_certificate cert/apisix.crt; @@ -777,7 +779,7 @@ _EOC_ set \$upstream_connection ''; set \$upstream_scheme 'http'; - set \$upstream_host \$http_host; + set \$upstream_host \$host; set \$upstream_uri ''; set \$ctx_ref ''; diff --git a/t/node/grpc-proxy.t b/t/node/grpc-proxy.t index c4f0dd036f2d..c10bbfdcfe8c 100644 --- a/t/node/grpc-proxy.t +++ b/t/node/grpc-proxy.t @@ -219,7 +219,7 @@ grpcurl -import-path ./t/grpc_server_example/proto -proto helloworld.proto -plai --- grep_error_log eval qr/grpc header: "(:authority|host): [^"]+"/ --- grep_error_log_out eval -qr/grpc header: "(:authority|host): 127.0.0.1:1984"/ +qr/grpc header: "(:authority|host): 127.0.0.1"/ diff --git a/t/node/http_host.t b/t/node/http_host.t index fb4d0fc60876..917ef40358c9 100644 --- a/t/node/http_host.t +++ b/t/node/http_host.t @@ -64,5 +64,5 @@ GET /uri Host: foo.com:1984 --- response_body uri: /uri -host: foo.com:1984 +host: foo.com x-real-ip: 127.0.0.1 diff --git a/t/plugin/cas-auth.t b/t/plugin/cas-auth.t index 4a2bfe7e874b..16dbb6a37ea4 100644 --- a/t/plugin/cas-auth.t +++ b/t/plugin/cas-auth.t @@ -108,7 +108,7 @@ passed --- response_body_like uri: /uri cookie: .* -host: 127.0.0.1:1984 +host: 127.0.0.1 user-agent: .* x-real-ip: 127.0.0.1 diff --git a/t/plugin/hmac-auth2.t b/t/plugin/hmac-auth2.t index 9b78c9075ca5..447b5c962c79 100644 --- a/t/plugin/hmac-auth2.t +++ b/t/plugin/hmac-auth2.t @@ -163,7 +163,7 @@ location /t { uri: /uri content-length: 52 content-type: application/x-www-form-urlencoded -host: 127.0.0.1:1984 +host: 127.0.0.1 x-custom-header-a: asld$%dfasf x-custom-header-b: 23879fmsldfk x-hmac-access-key: my-access-key4 @@ -270,7 +270,7 @@ location /t { uri: /uri content-length: 52 content-type: application/x-www-form-urlencoded -host: 127.0.0.1:1984 +host: 127.0.0.1 x-custom-header-a: asld$%dfasf x-custom-header-b: 23879fmsldfk x-hmac-access-key: my-access-key4 @@ -377,7 +377,7 @@ location /t { uri: /uri content-length: 52 content-type: application/x-www-form-urlencoded -host: 127.0.0.1:1984 +host: 127.0.0.1 x-custom-header-a: asld$%dfasf x-custom-header-b: 23879fmsldfk x-hmac-access-key: my-access-key4 diff --git a/t/plugin/openid-connect.t b/t/plugin/openid-connect.t index 6a883486724a..5533f32e3d5e 100644 --- a/t/plugin/openid-connect.t +++ b/t/plugin/openid-connect.t @@ -256,7 +256,7 @@ passed --- response_body_like uri: /uri cookie: .* -host: 127.0.0.1:1984 +host: 127.0.0.1 user-agent: .* x-access-token: ey.* x-id-token: ey.* @@ -361,7 +361,7 @@ passed uri: /uri authorization: Bearer ey.* cookie: .* -host: 127.0.0.1:1984 +host: 127.0.0.1 user-agent: .* x-real-ip: 127.0.0.1 diff --git a/t/quic/admin/basic.t b/t/quic/admin/basic.t new file mode 100644 index 000000000000..deeac5577b98 --- /dev/null +++ b/t/quic/admin/basic.t @@ -0,0 +1,108 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +use t::APISIX 'no_plan'; + +repeat_each(1); +log_level('info'); +no_root_location(); +no_shuffle(); +run_tests(); + +__DATA__ + +=== TEST 1: create ssl for test.com +--- config + location /t { + content_by_lua_block { + local core = require("apisix.core") + local t = require("lib.test_admin") + + local ssl_cert = t.read_file("t/certs/apisix.crt") + local ssl_key = t.read_file("t/certs/apisix.key") + local data = {cert = ssl_cert, key = ssl_key, sni = "test.com"} + + local code, body = t.test('/apisix/admin/ssls/1', + ngx.HTTP_PUT, + core.json.encode(data), + [[{ + "value": { + "sni": "test.com" + }, + "key": "/apisix/ssls/1" + }]] + ) + + ngx.status = code + ngx.say(body) + } + } +--- request +GET /t +--- response_body +passed + + + +=== TEST 2: Successfully access test.com with QUIC +--- config + location /echo { + echo world; + } +--- exec +curl -k -v -H "Host: test.com" -H "content-length: 0" --http3-only --resolve "test.com:1994:127.0.0.1" https://test.com:1994/echo 2>&1 | cat +--- response_body eval +qr/world/ + + + +=== TEST 3: set route +--- config +location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/routes/1', + ngx.HTTP_PUT, + [[{ + "upstream": { + "nodes": { + "127.0.0.1:1980": 1 + }, + "type": "roundrobin" + }, + "uris": ["/hello", "/world"] + }]] + ) + if code >= 300 then + ngx.status = code + ngx.say(message) + return + end + ngx.say(body) + } +} +--- request +GET /t +--- response_body +passed + + + +=== TEST 4: Successfully access route with QUIC +--- exec +curl -k -v -H "Host: test.com" -H "content-length: 0" --http3-only --resolve "test.com:1994:127.0.0.1" https://test.com:1994/hello 2>&1 | cat +--- response_body eval +qr/hello world/ From e42209812c88ffd19c8f457997e4f7250bbc53bd Mon Sep 17 00:00:00 2001 From: zll600 <3400692417@qq.com> Date: Mon, 4 Mar 2024 11:23:51 +0800 Subject: [PATCH 02/14] feat: support http3 --- ci/linux_install_static_curl.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci/linux_install_static_curl.sh b/ci/linux_install_static_curl.sh index 72518d1b7ce1..47b148606f14 100755 --- a/ci/linux_install_static_curl.sh +++ b/ci/linux_install_static_curl.sh @@ -16,7 +16,7 @@ # limitations under the License. # -set -ex +. ./ci/common.sh # use curl which supports http3 to test. install_static_curl From 4838bf9711c68dc64ee5c305c78d79aaa383eee2 Mon Sep 17 00:00:00 2001 From: zll600 <3400692417@qq.com> Date: Mon, 4 Mar 2024 12:41:54 +0800 Subject: [PATCH 03/14] fix: use in nginx.conf --- apisix/cli/ngx_tpl.lua | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/apisix/cli/ngx_tpl.lua b/apisix/cli/ngx_tpl.lua index e41f0637262e..6a9d6dc91ab8 100644 --- a/apisix/cli/ngx_tpl.lua +++ b/apisix/cli/ngx_tpl.lua @@ -636,9 +636,9 @@ http { {% end %} {% if ssl.enable then %} {% for _, item in ipairs(ssl.listen) do %} - listen {* item.ip *}:{* item.port *} ssl default_server {% if enable_reuseport then %} reuseport {% end %}; {% if item.enable_quic then %} - listen {* item.ip *}:{* item.port *} quic default_server; + listen {* item.ip *}:{* item.port *} quic default_server {% if enable_reuseport then %} reuseport {% end %}; + listen {* item.ip *}:{* item.port *} ssl default_server; {% end %} {% end %} {% end %} @@ -722,7 +722,7 @@ http { set $upstream_connection ''; set $upstream_scheme 'http'; - set $upstream_host $http_host; + set $upstream_host $host; set $upstream_uri ''; set $ctx_ref ''; From 4a68eb510722fb95e05eee6853c4d9cf5b19d197 Mon Sep 17 00:00:00 2001 From: zll600 <3400692417@qq.com> Date: Mon, 4 Mar 2024 16:09:28 +0800 Subject: [PATCH 04/14] fix: add ssl fallback --- apisix/cli/ngx_tpl.lua | 2 ++ t/cli/test_main.sh | 7 +++++++ 2 files changed, 9 insertions(+) diff --git a/apisix/cli/ngx_tpl.lua b/apisix/cli/ngx_tpl.lua index 6a9d6dc91ab8..9bf0c13a96f9 100644 --- a/apisix/cli/ngx_tpl.lua +++ b/apisix/cli/ngx_tpl.lua @@ -639,6 +639,8 @@ http { {% if item.enable_quic then %} listen {* item.ip *}:{* item.port *} quic default_server {% if enable_reuseport then %} reuseport {% end %}; listen {* item.ip *}:{* item.port *} ssl default_server; + {% else %} + listen {* item.ip *}:{* item.port *} ssl default_server {% if enable_reuseport then %} reuseport {% end %}; {% end %} {% end %} {% end %} diff --git a/t/cli/test_main.sh b/t/cli/test_main.sh index 1835ef5bbe27..7248b2c7f527 100755 --- a/t/cli/test_main.sh +++ b/t/cli/test_main.sh @@ -142,6 +142,7 @@ apisix: - ip: 127.0.0.4 port: 9445 enable_http2: true + enable_quic: true " > conf/config.yaml make init @@ -170,6 +171,12 @@ if [ $count_https_specific_ip_and_enable_http2 -ne 1 ]; then exit 1 fi +count_https_specific_ip_and_enable_quic=`grep -c "listen 127.0.0..:944. quic" conf/nginx.conf || true` +if [ $count_https_specific_ip_and_enable_quic -ne 1 ]; then + echo "failed: failed to support specific IP and enable quic listen in https" + exit 1 +fi + echo "passed: support specific IP listen in http and https" # check default env From a035172f131bef3fe2a418109d7dd7b2178f4f9e Mon Sep 17 00:00:00 2001 From: zll600 <3400692417@qq.com> Date: Mon, 4 Mar 2024 17:12:26 +0800 Subject: [PATCH 05/14] chore: disable http3 by default --- conf/config-default.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/config-default.yaml b/conf/config-default.yaml index 5b213cff7290..afb06fb104dc 100755 --- a/conf/config-default.yaml +++ b/conf/config-default.yaml @@ -97,7 +97,7 @@ apisix: listen: # APISIX listening port for HTTPS traffic. - port: 9443 enable_http2: true - enable_quic: true + enable_quic: false # - ip: 127.0.0.3 # If not set, default to `0.0.0.0`. # port: 9445 # enable_http2: true From 3c5777d2640fed94c5b7e9cde492113bca182578 Mon Sep 17 00:00:00 2001 From: zll600 <3400692417@qq.com> Date: Mon, 4 Mar 2024 17:53:26 +0800 Subject: [PATCH 06/14] fix: use http_host for compatibility --- apisix/cli/ngx_tpl.lua | 2 +- apisix/init.lua | 7 +++++++ t/APISIX.pm | 2 +- t/node/grpc-proxy.t | 2 +- t/node/http_host.t | 2 +- t/plugin/cas-auth.t | 2 +- t/plugin/hmac-auth2.t | 6 +++--- t/plugin/openid-connect.t | 4 ++-- t/quic/admin/basic.t | 4 ++-- 9 files changed, 19 insertions(+), 12 deletions(-) diff --git a/apisix/cli/ngx_tpl.lua b/apisix/cli/ngx_tpl.lua index 9bf0c13a96f9..b8aa9917c3c3 100644 --- a/apisix/cli/ngx_tpl.lua +++ b/apisix/cli/ngx_tpl.lua @@ -724,7 +724,7 @@ http { set $upstream_connection ''; set $upstream_scheme 'http'; - set $upstream_host $host; + set $upstream_host $upstream_host; set $upstream_uri ''; set $ctx_ref ''; diff --git a/apisix/init.lua b/apisix/init.lua index 91dc83f0b88e..778edbc5fc3a 100644 --- a/apisix/init.lua +++ b/apisix/init.lua @@ -576,6 +576,13 @@ end function _M.http_access_phase() + if ngx.req.http_version() == 3 then + local upstream_host = ngx.var.host + if ngx.var.server_port then + upstream_host = upstream_host .. ":" .. ngx.var.server_port + end + ngx.var.upstream_host = upstream_host + end local ngx_ctx = ngx.ctx -- always fetch table from the table pool, we don't need a reused api_ctx diff --git a/t/APISIX.pm b/t/APISIX.pm index 8bc78c1a1bb2..5e61dcf76dec 100644 --- a/t/APISIX.pm +++ b/t/APISIX.pm @@ -779,7 +779,7 @@ _EOC_ set \$upstream_connection ''; set \$upstream_scheme 'http'; - set \$upstream_host \$host; + set \$upstream_host \$http_host; set \$upstream_uri ''; set \$ctx_ref ''; diff --git a/t/node/grpc-proxy.t b/t/node/grpc-proxy.t index c10bbfdcfe8c..c4f0dd036f2d 100644 --- a/t/node/grpc-proxy.t +++ b/t/node/grpc-proxy.t @@ -219,7 +219,7 @@ grpcurl -import-path ./t/grpc_server_example/proto -proto helloworld.proto -plai --- grep_error_log eval qr/grpc header: "(:authority|host): [^"]+"/ --- grep_error_log_out eval -qr/grpc header: "(:authority|host): 127.0.0.1"/ +qr/grpc header: "(:authority|host): 127.0.0.1:1984"/ diff --git a/t/node/http_host.t b/t/node/http_host.t index 917ef40358c9..fb4d0fc60876 100644 --- a/t/node/http_host.t +++ b/t/node/http_host.t @@ -64,5 +64,5 @@ GET /uri Host: foo.com:1984 --- response_body uri: /uri -host: foo.com +host: foo.com:1984 x-real-ip: 127.0.0.1 diff --git a/t/plugin/cas-auth.t b/t/plugin/cas-auth.t index 16dbb6a37ea4..4a2bfe7e874b 100644 --- a/t/plugin/cas-auth.t +++ b/t/plugin/cas-auth.t @@ -108,7 +108,7 @@ passed --- response_body_like uri: /uri cookie: .* -host: 127.0.0.1 +host: 127.0.0.1:1984 user-agent: .* x-real-ip: 127.0.0.1 diff --git a/t/plugin/hmac-auth2.t b/t/plugin/hmac-auth2.t index 447b5c962c79..9b78c9075ca5 100644 --- a/t/plugin/hmac-auth2.t +++ b/t/plugin/hmac-auth2.t @@ -163,7 +163,7 @@ location /t { uri: /uri content-length: 52 content-type: application/x-www-form-urlencoded -host: 127.0.0.1 +host: 127.0.0.1:1984 x-custom-header-a: asld$%dfasf x-custom-header-b: 23879fmsldfk x-hmac-access-key: my-access-key4 @@ -270,7 +270,7 @@ location /t { uri: /uri content-length: 52 content-type: application/x-www-form-urlencoded -host: 127.0.0.1 +host: 127.0.0.1:1984 x-custom-header-a: asld$%dfasf x-custom-header-b: 23879fmsldfk x-hmac-access-key: my-access-key4 @@ -377,7 +377,7 @@ location /t { uri: /uri content-length: 52 content-type: application/x-www-form-urlencoded -host: 127.0.0.1 +host: 127.0.0.1:1984 x-custom-header-a: asld$%dfasf x-custom-header-b: 23879fmsldfk x-hmac-access-key: my-access-key4 diff --git a/t/plugin/openid-connect.t b/t/plugin/openid-connect.t index 5533f32e3d5e..6a883486724a 100644 --- a/t/plugin/openid-connect.t +++ b/t/plugin/openid-connect.t @@ -256,7 +256,7 @@ passed --- response_body_like uri: /uri cookie: .* -host: 127.0.0.1 +host: 127.0.0.1:1984 user-agent: .* x-access-token: ey.* x-id-token: ey.* @@ -361,7 +361,7 @@ passed uri: /uri authorization: Bearer ey.* cookie: .* -host: 127.0.0.1 +host: 127.0.0.1:1984 user-agent: .* x-real-ip: 127.0.0.1 diff --git a/t/quic/admin/basic.t b/t/quic/admin/basic.t index deeac5577b98..2ebfcb010bee 100644 --- a/t/quic/admin/basic.t +++ b/t/quic/admin/basic.t @@ -83,7 +83,7 @@ location /t { }, "type": "roundrobin" }, - "uris": ["/hello", "/world"] + "uri": "/hello" }]] ) if code >= 300 then @@ -103,6 +103,6 @@ passed === TEST 4: Successfully access route with QUIC --- exec -curl -k -v -H "Host: test.com" -H "content-length: 0" --http3-only --resolve "test.com:1994:127.0.0.1" https://test.com:1994/hello 2>&1 | cat +curl -k -v -H ":authority: test.com" -H "content-length: 0" --http3-only --resolve "test.com:1994:127.0.0.1" https://test.com:1994/hello 2>&1 | cat --- response_body eval qr/hello world/ From 5674592cae614d17f8ba29a4aa364bb46bc56c6e Mon Sep 17 00:00:00 2001 From: zll600 <3400692417@qq.com> Date: Mon, 4 Mar 2024 17:54:25 +0800 Subject: [PATCH 07/14] fix: use http_host for compatibility --- apisix/cli/ngx_tpl.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apisix/cli/ngx_tpl.lua b/apisix/cli/ngx_tpl.lua index b8aa9917c3c3..9642a3605279 100644 --- a/apisix/cli/ngx_tpl.lua +++ b/apisix/cli/ngx_tpl.lua @@ -724,7 +724,7 @@ http { set $upstream_connection ''; set $upstream_scheme 'http'; - set $upstream_host $upstream_host; + set $upstream_host $http_host; set $upstream_uri ''; set $ctx_ref ''; From a013a3c3cad4996dd26f4c90e39c9db80b7caa54 Mon Sep 17 00:00:00 2001 From: zll600 <3400692417@qq.com> Date: Tue, 5 Mar 2024 08:41:49 +0800 Subject: [PATCH 08/14] fix(quic): convert authority header to host header --- apisix/init.lua | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/apisix/init.lua b/apisix/init.lua index 778edbc5fc3a..0391ddd62787 100644 --- a/apisix/init.lua +++ b/apisix/init.lua @@ -576,12 +576,10 @@ end function _M.http_access_phase() + -- from HTTP/3 to HTTP/1.1 we need to convert :authority pesudo-header + -- to Host header, so we set upstream_host variable here. if ngx.req.http_version() == 3 then - local upstream_host = ngx.var.host - if ngx.var.server_port then - upstream_host = upstream_host .. ":" .. ngx.var.server_port - end - ngx.var.upstream_host = upstream_host + ngx.var.upstream_host = ngx.var.host .. ":" .. ngx.var.server_port end local ngx_ctx = ngx.ctx From fa0e34f1b310138ff3d3940425288c6826f898d3 Mon Sep 17 00:00:00 2001 From: zll600 <3400692417@qq.com> Date: Tue, 5 Mar 2024 08:44:37 +0800 Subject: [PATCH 09/14] fix(quic): cleanup ci --- .github/workflows/quic.yml | 8 +++++++- ci/common.sh | 9 --------- ci/linux_install_static_curl.sh | 22 ---------------------- 3 files changed, 7 insertions(+), 32 deletions(-) delete mode 100755 ci/linux_install_static_curl.sh diff --git a/.github/workflows/quic.yml b/.github/workflows/quic.yml index 593cbc77ba3a..35fe1f9717d6 100644 --- a/.github/workflows/quic.yml +++ b/.github/workflows/quic.yml @@ -175,7 +175,13 @@ jobs: - name: Linux Install static-curl shell: bash run: | - ./ci/linux_install_static_curl.sh + apt update && apt install xz-utils -y + CURL_VERSION="8.6.0" + wget -q https://github.com/stunnel/static-curl/releases/download/${CURL_VERSION}/curl-linux-amd64-${CURL_VERSION}.tar.xz + tar -xf curl-linux-amd64-${CURL_VERSION}.tar.xz + apt remove -y curl + sudo cp curl /usr/bin + curl -V - name: Linux Script env: diff --git a/ci/common.sh b/ci/common.sh index 18de6eef03e3..58f5bcf93c65 100644 --- a/ci/common.sh +++ b/ci/common.sh @@ -75,15 +75,6 @@ install_curl () { curl -V } -install_static_curl () { - CURL_VERSION="8.6.0" - wget -q https://github.com/stunnel/static-curl/releases/download/${CURL_VERSION}/curl-linux-amd64-${CURL_VERSION}.tar.xz - tar -xf curl-linux-amd64-${CURL_VERSION}.tar.xz - sudo apt remove -y curl - sudo cp curl /usr/bin - curl -V -} - install_apisix_runtime() { export runtime_version=${APISIX_RUNTIME} wget "https://raw.githubusercontent.com/api7/apisix-build-tools/apisix-runtime/${APISIX_RUNTIME}/build-apisix-runtime.sh" diff --git a/ci/linux_install_static_curl.sh b/ci/linux_install_static_curl.sh deleted file mode 100755 index 47b148606f14..000000000000 --- a/ci/linux_install_static_curl.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/usr/bin/env bash -# -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -. ./ci/common.sh - -# use curl which supports http3 to test. -install_static_curl From f2668824a467ad52b5fdb997789b3ee169a18f25 Mon Sep 17 00:00:00 2001 From: zll600 <3400692417@qq.com> Date: Tue, 5 Mar 2024 08:57:35 +0800 Subject: [PATCH 10/14] fix(quic): cleanup ci --- .github/workflows/quic.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/quic.yml b/.github/workflows/quic.yml index 35fe1f9717d6..d1c0336d8f3b 100644 --- a/.github/workflows/quic.yml +++ b/.github/workflows/quic.yml @@ -175,11 +175,11 @@ jobs: - name: Linux Install static-curl shell: bash run: | - apt update && apt install xz-utils -y + sudo apt update && apt install xz-utils -y CURL_VERSION="8.6.0" wget -q https://github.com/stunnel/static-curl/releases/download/${CURL_VERSION}/curl-linux-amd64-${CURL_VERSION}.tar.xz tar -xf curl-linux-amd64-${CURL_VERSION}.tar.xz - apt remove -y curl + sudo apt remove -y curl sudo cp curl /usr/bin curl -V From 4bede89c17772768bfd97f7029ffa9b601f851e3 Mon Sep 17 00:00:00 2001 From: zll600 <3400692417@qq.com> Date: Tue, 5 Mar 2024 09:11:43 +0800 Subject: [PATCH 11/14] fix(quic): cleanup ci --- .github/workflows/quic.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/quic.yml b/.github/workflows/quic.yml index d1c0336d8f3b..abaf39988471 100644 --- a/.github/workflows/quic.yml +++ b/.github/workflows/quic.yml @@ -175,7 +175,7 @@ jobs: - name: Linux Install static-curl shell: bash run: | - sudo apt update && apt install xz-utils -y + sudo apt update && sudo apt install xz-utils -y CURL_VERSION="8.6.0" wget -q https://github.com/stunnel/static-curl/releases/download/${CURL_VERSION}/curl-linux-amd64-${CURL_VERSION}.tar.xz tar -xf curl-linux-amd64-${CURL_VERSION}.tar.xz From 282290e90681cbaf3113090d812178989202a2aa Mon Sep 17 00:00:00 2001 From: zll600 <3400692417@qq.com> Date: Tue, 5 Mar 2024 11:29:53 +0800 Subject: [PATCH 12/14] fix(quic): add more comments --- conf/config-default.yaml | 2 +- t/quic/admin/basic.t | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/conf/config-default.yaml b/conf/config-default.yaml index afb06fb104dc..7b409a7ba8a0 100755 --- a/conf/config-default.yaml +++ b/conf/config-default.yaml @@ -97,7 +97,7 @@ apisix: listen: # APISIX listening port for HTTPS traffic. - port: 9443 enable_http2: true - enable_quic: false + enable_quic: false # Enable QUIC or HTTP/3. If not set default to `false`. # - ip: 127.0.0.3 # If not set, default to `0.0.0.0`. # port: 9445 # enable_http2: true diff --git a/t/quic/admin/basic.t b/t/quic/admin/basic.t index 2ebfcb010bee..eee29ce7058c 100644 --- a/t/quic/admin/basic.t +++ b/t/quic/admin/basic.t @@ -103,6 +103,6 @@ passed === TEST 4: Successfully access route with QUIC --- exec -curl -k -v -H ":authority: test.com" -H "content-length: 0" --http3-only --resolve "test.com:1994:127.0.0.1" https://test.com:1994/hello 2>&1 | cat ---- response_body eval -qr/hello world/ +curl -k -v -H "Host: test.com:1995" -H "content-length: 0" --http3-only --resolve "test.com:1995:127.0.0.1" https://test.com:1995/hello 2>&1 | cat +--- response_body_like +hello world From 06d58868385a48ea41f8ca0827cfeb177154d860 Mon Sep 17 00:00:00 2001 From: zll600 <3400692417@qq.com> Date: Tue, 5 Mar 2024 11:31:28 +0800 Subject: [PATCH 13/14] fix(quic): update test case --- t/quic/admin/basic.t | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/t/quic/admin/basic.t b/t/quic/admin/basic.t index eee29ce7058c..b33e60c80408 100644 --- a/t/quic/admin/basic.t +++ b/t/quic/admin/basic.t @@ -103,6 +103,6 @@ passed === TEST 4: Successfully access route with QUIC --- exec -curl -k -v -H "Host: test.com:1995" -H "content-length: 0" --http3-only --resolve "test.com:1995:127.0.0.1" https://test.com:1995/hello 2>&1 | cat +curl -k -v -H "Host: test.com:1994" -H "content-length: 0" --http3-only --resolve "test.com:1994:127.0.0.1" https://test.com:1994/hello 2>&1 | cat --- response_body_like hello world From 9dee92888a4c630fdfbd6778febc89400e0b9309 Mon Sep 17 00:00:00 2001 From: zll600 <3400692417@qq.com> Date: Tue, 5 Mar 2024 15:16:00 +0800 Subject: [PATCH 14/14] chore(ci): cleanup ci --- ci/common.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci/common.sh b/ci/common.sh index 58f5bcf93c65..7e9f65e385b6 100644 --- a/ci/common.sh +++ b/ci/common.sh @@ -177,7 +177,7 @@ GRPC_SERVER_EXAMPLE_VER=20210819 linux_get_dependencies () { apt update - apt install -y cpanminus build-essential libncurses5-dev libreadline-dev libssl-dev perl libpcre3 libpcre3-dev libldap2-dev xz-utils + apt install -y cpanminus build-essential libncurses5-dev libreadline-dev libssl-dev perl libpcre3 libpcre3-dev libldap2-dev } function start_grpc_server_example() {