proxyProtoTLSConfig builds a Caddy JSON configuration that proxies to a TLS upstream with PROXY protocol. The transport uses insecure_skip_verify so the self-signed certificate generated by httptest.Server is accepted.
(listenPort int, backendAddr, ppVersion string, transportVersions []string)
| 226 | // upstream with PROXY protocol. The transport uses insecure_skip_verify so |
| 227 | // the self-signed certificate generated by httptest.Server is accepted. |
| 228 | func proxyProtoTLSConfig(listenPort int, backendAddr, ppVersion string, transportVersions []string) string { |
| 229 | versionsJSON, _ := json.Marshal(transportVersions) |
| 230 | return fmt.Sprintf(`{ |
| 231 | "admin": { |
| 232 | "listen": "localhost:2999" |
| 233 | }, |
| 234 | "apps": { |
| 235 | "pki": { |
| 236 | "certificate_authorities": { |
| 237 | "local": { |
| 238 | "install_trust": false |
| 239 | } |
| 240 | } |
| 241 | }, |
| 242 | "http": { |
| 243 | "grace_period": 1, |
| 244 | "servers": { |
| 245 | "proxy": { |
| 246 | "listen": [":%d"], |
| 247 | "automatic_https": { |
| 248 | "disable": true |
| 249 | }, |
| 250 | "routes": [ |
| 251 | { |
| 252 | "handle": [ |
| 253 | { |
| 254 | "handler": "reverse_proxy", |
| 255 | "upstreams": [{"dial": "%s"}], |
| 256 | "transport": { |
| 257 | "protocol": "http", |
| 258 | "proxy_protocol": "%s", |
| 259 | "versions": %s, |
| 260 | "tls": { |
| 261 | "insecure_skip_verify": true |
| 262 | } |
| 263 | } |
| 264 | } |
| 265 | ] |
| 266 | } |
| 267 | ] |
| 268 | } |
| 269 | } |
| 270 | } |
| 271 | } |
| 272 | }`, listenPort, backendAddr, ppVersion, string(versionsJSON)) |
| 273 | } |
| 274 | |
| 275 | // testTLSProxyProtocolMatrix is the shared implementation for TLS-based proxy |
| 276 | // protocol tests. It mirrors testProxyProtocolMatrix but uses a TLS backend. |
no outgoing calls
no test coverage detected