Module: Falcon::Environment::Proxy

Includes:

Server

Defined in:

lib/falcon/environment/proxy.rb

Overview

Provides an environment for hosting a TLS-capable reverse proxy using SNI.

Instance Method Summary

• #endpoint ⇒ Object

  The endpoint the server will bind to.

• #environments ⇒ Object

  The services we will proxy to.

• #host_context(socket, hostname) ⇒ Object

  Look up the host context for the given hostname, and update the socket hostname if necessary.

• #hosts ⇒ Object

  The hosts we will proxy to.

• #middleware ⇒ Object
• #ssl_context ⇒ Object

  Generate an SSL context which delegates to #host_context to multiplex based on hostname.

• #tls_session_id ⇒ Object

  The default SSL session identifier.

• #url ⇒ Object

  The host that this proxy will receive connections for.

Methods included from Server

#authority, #cache, #client_endpoint, #container_options, #preload, #service_class, #timeout, #verbose

Instance Method Details

#endpoint ⇒ Object

The endpoint the server will bind to.

# File 'lib/falcon/environment/proxy.rb', line 96

def endpoint
	super.with(
		ssl_context: self.ssl_context,
	)
end

#environments ⇒ Object

The services we will proxy to.

# File 'lib/falcon/environment/proxy.rb', line 29

def environments
	[]
end

#host_context(socket, hostname) ⇒ Object

Look up the host context for the given hostname, and update the socket hostname if necessary.

# File 'lib/falcon/environment/proxy.rb', line 59

def host_context(socket, hostname)
	hosts = self.hosts
	
	if host = hosts[hostname]
		Console.logger.debug(self) {"Resolving #{hostname} -> #{host}"}
		
		socket.hostname = hostname
		
		return host.ssl_context
	else
		Console.logger.warn(self, hosts: hosts.keys) {"Unable to resolve #{hostname}!"}
		
		return nil
	end
end

#hosts ⇒ Object

The hosts we will proxy to. This is a hash of SNI authority -> evaluator.

# File 'lib/falcon/environment/proxy.rb', line 35

def hosts
	hosts = {}
	
	environments.each do |environment|
		evaluator = environment.evaluator
		
		# next unless environment.implements?(Falcon::Environment::Application)
		if evaluator.key?(:authority) and evaluator.key?(:ssl_context) and evaluator.key?(:endpoint)
			Console.info(self) {"Proxying #{self.url} to #{evaluator.authority} using #{evaluator.endpoint}"}
			hosts[evaluator.authority] = evaluator
			
			if RUBY_VERSION < '3.1'
				# Ensure the SSL context is set up before forking - it's buggy on Ruby < 3.1:
				evaluator.ssl_context
			end
		end
	end
	
	return hosts
end

#middleware ⇒ Object

# File 'lib/falcon/environment/proxy.rb', line 102

def middleware
	return Middleware::Proxy.new(Middleware::BadRequest, self.hosts)
end

#ssl_context ⇒ Object

Generate an SSL context which delegates to #host_context to multiplex based on hostname.

# File 'lib/falcon/environment/proxy.rb', line 76

def ssl_context
	@server_context ||= OpenSSL::SSL::SSLContext.new.tap do |context|
		context.servername_cb = Proc.new do |socket, hostname|
			self.host_context(socket, hostname)
		end
		
		context.session_id_context = @session_id
		
		context.ssl_version = :TLSv1_2_server
		
		context.set_params(
			ciphers: ::Falcon::TLS::SERVER_CIPHERS,
			verify_mode: ::OpenSSL::SSL::VERIFY_NONE,
		)
		
		context.setup
	end
end

#tls_session_id ⇒ Object

The default SSL session identifier.

# File 'lib/falcon/environment/proxy.rb', line 23

def tls_session_id
	"falcon"
end

#url ⇒ Object

The host that this proxy will receive connections for.

# File 'lib/falcon/environment/proxy.rb', line 18

def url
	"https://[::]:443"
end