directxman12.dev
commits
- proxying _from_ http and https should be working
- proxying _to_ http, https, and uds should be working
- load-balancing by client address for http & https downstreams should
be working
- downstream uds _technically_ should work, but load balancing will be
broken due to not having a good load balancing key
- https-only mode works
(i think -- i've only tested with http --> http)
NB: we currently rely on the `Host` header to match requests to
upstreams. pingora doesn't seem to check that `Host` matches SNI,
so we're currently vulnerable to host-sni mismatch attacks. not a huge
deal for personal use, but worth fixing. we'll need to switch to
boringssl for that, cause pingora doesn't surface the requisite hooks
for rustls.
both uds and tcp support, but no support for advanced tcp options
putting my money (so to speak) where my mouth is on a recent rant about
how textproto is good, actually ;-)
- proxying _from_ http and https should be working
- proxying _to_ http, https, and uds should be working
- load-balancing by client address for http & https downstreams should
be working
- downstream uds _technically_ should work, but load balancing will be
broken due to not having a good load balancing key
- https-only mode works
(i think -- i've only tested with http --> http)
NB: we currently rely on the `Host` header to match requests to
upstreams. pingora doesn't seem to check that `Host` matches SNI,
so we're currently vulnerable to host-sni mismatch attacks. not a huge
deal for personal use, but worth fixing. we'll need to switch to
boringssl for that, cause pingora doesn't surface the requisite hooks
for rustls.