Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix proxying HTTPS requests to IP addresses #4947

Merged
merged 12 commits into from
Sep 12, 2019
Merged

Fix proxying HTTPS requests to IP addresses #4947

merged 12 commits into from
Sep 12, 2019

Conversation

flotwig
Copy link
Contributor

@flotwig flotwig commented Aug 7, 2019
edited
Loading

SNI doesn't support IP addresses. Previously, we were relying on SNI to pick what certificate/private key to use. This PR adds a separate code path that spins up a new HTTPS server when we know we're about to connect to a https://ip-address destination.

Pre-merge Tasks

  • Have tests been added/updated for the changes in this PR?
  • Has the original issue been tagged with a release in ZenHub?

@cypress
Copy link

cypress bot commented Aug 7, 2019
edited
Loading


Test summary

3337 0 47 0

Run details
Project cypress
Status Passed
Commit 74fdc7c
Started Sep 12, 2019 5:02 PM
Ended Sep 12, 2019 5:06 PM
Duration 03:50 💡
OS Linux Debian - 8.10
Browser Multiple

View run in Cypress Dashboard ➡️

This comment has been generated by cypress-bot as a result of this project's GitHub integration settings. You can manage this integration in this project's settings in the Cypress Dashboard

@flotwig flotwig requested a review from a team August 8, 2019 20:30
@flotwig flotwig changed the title [WIP] Fix proxying HTTPS requests to IP addresses Fix proxying HTTPS requests to IP addresses Aug 8, 2019
@flotwig flotwig mentioned this pull request Aug 21, 2019
Closed
brian-mann
brian-mann requested changes Sep 11, 2019
View reviewed changes
packages/https-proxy/package.json Outdated Show resolved Hide resolved
packages/https-proxy/test/integration/proxy_spec.coffee Outdated Show resolved Hide resolved
packages/server/lib/server.coffee Outdated Show resolved Hide resolved
packages/https-proxy/test/integration/proxy_spec.coffee Outdated Show resolved Hide resolved
packages/https-proxy/lib/server.coffee Outdated Show resolved Hide resolved
@flotwig flotwig requested a review from brian-mann September 12, 2019 16:44
@brian-mann brian-mann merged commit 7b85344 into develop Sep 12, 2019
flotwig added a commit that referenced this pull request Sep 16, 2019
@flotwig
index on refactor-proxy: 7b85344 Fix proxying HTTPS requests to IP ad…
f659381 
…dresses (#4947)
flotwig added a commit that referenced this pull request Sep 16, 2019
@flotwig
WIP on refactor-proxy: 7b85344 Fix proxying HTTPS requests to IP addr…
c16ce58 
…esses (#4947)
@NicolasT NicolasT mentioned this pull request Sep 30, 2019
Merged
2 tasks
NicolasT added a commit to scality/metalk8s that referenced this pull request Sep 30, 2019
@NicolasT
salt, ui: deploy UI using *Ingress*es
dc22e16 
The Kubernetes API, SaltAPI, Prometheus and the actual UI are now
exposed using the `nginx-control-plane` *Ingress* controller, and as
such accessible through the control-plane network IP of the 'bootstrap'
node, port 8443.

Note: this also updates Cypress to a (for now) unreleased version,
because the current released version doesn't support self-signed TLS
certificates when using an IP-based host as a test target (which is the
case in our setup). This was reported upstream in
cypress-io/cypress#771 and fixed in
cypress-io/cypress#4947. The information as to
how to install an unreleased version of Cypress I got from
cypress-io/cypress#4525.

Fixes: #1602
See: #1602
Fixes: #1797
See: #1797
Fixes: #1799
See: #1799
Fixes: #1800
See: #1800
See: cypress-io/cypress#4947
See: cypress-io/cypress#771
See: cypress-io/cypress#4525
NicolasT added a commit to scality/metalk8s that referenced this pull request Sep 30, 2019
@NicolasT
salt, ui: deploy UI using *Ingress*es
484444d 
The Kubernetes API, SaltAPI, Prometheus and the actual UI are now
exposed using the `nginx-control-plane` *Ingress* controller, and as
such accessible through the control-plane network IP of the 'bootstrap'
node, port 8443.

Note: this also updates Cypress to a (for now) unreleased version,
because the current released version doesn't support self-signed TLS
certificates when using an IP-based host as a test target (which is the
case in our setup). This was reported upstream in
cypress-io/cypress#771 and fixed in
cypress-io/cypress#4947. The information as to
how to install an unreleased version of Cypress I got from
cypress-io/cypress#4525.

Fixes: #1602
See: #1602
Fixes: #1797
See: #1797
Fixes: #1799
See: #1799
Fixes: #1800
See: #1800
See: cypress-io/cypress#4947
See: cypress-io/cypress#771
See: cypress-io/cypress#4525
NicolasT added a commit to scality/metalk8s that referenced this pull request Oct 1, 2019
@NicolasT
salt, ui: deploy UI using *Ingress*es
86d4f90 
The Kubernetes API, SaltAPI, Prometheus and the actual UI are now
exposed using the `nginx-control-plane` *Ingress* controller, and as
such accessible through the control-plane network IP of the 'bootstrap'
node, port 8443.

Note: this also updates Cypress to a (for now) unreleased version,
because the current released version doesn't support self-signed TLS
certificates when using an IP-based host as a test target (which is the
case in our setup). This was reported upstream in
cypress-io/cypress#771 and fixed in
cypress-io/cypress#4947. The information as to
how to install an unreleased version of Cypress I got from
cypress-io/cypress#4525. We also ensure all
shared libraries this version of Cypress uses are installed in the test
environment.

Fixes: #1602
See: #1602
Fixes: #1797
See: #1797
Fixes: #1799
See: #1799
Fixes: #1800
See: #1800
See: cypress-io/cypress#4947
See: cypress-io/cypress#771
See: cypress-io/cypress#4525
NicolasT added a commit to scality/metalk8s that referenced this pull request Oct 1, 2019
@NicolasT
salt, ui: deploy UI using *Ingress*es
39b7887 
The Kubernetes API, SaltAPI, Prometheus and the actual UI are now
exposed using the `nginx-control-plane` *Ingress* controller, and as
such accessible through the control-plane network IP of the 'bootstrap'
node, port 8443.

Note: this also updates Cypress to a (for now) unreleased version,
because the current released version doesn't support self-signed TLS
certificates when using an IP-based host as a test target (which is the
case in our setup). This was reported upstream in
cypress-io/cypress#771 and fixed in
cypress-io/cypress#4947. The information as to
how to install an unreleased version of Cypress I got from
cypress-io/cypress#4525. We also ensure all
shared libraries this version of Cypress uses are installed in the test
environment.

Fixes: #1602
See: #1602
Fixes: #1797
See: #1797
Fixes: #1799
See: #1799
Fixes: #1800
See: #1800
See: cypress-io/cypress#4947
See: cypress-io/cypress#771
See: cypress-io/cypress#4525
NicolasT added a commit to scality/metalk8s that referenced this pull request Oct 1, 2019
@NicolasT
salt, ui: deploy UI using *Ingress*es
98b7171 
The Kubernetes API, SaltAPI, Prometheus and the actual UI are now
exposed using the `nginx-control-plane` *Ingress* controller, and as
such accessible through the control-plane network IP of the 'bootstrap'
node, port 8443.

Note: this also updates Cypress to a (for now) unreleased version,
because the current released version doesn't support self-signed TLS
certificates when using an IP-based host as a test target (which is the
case in our setup). This was reported upstream in
cypress-io/cypress#771 and fixed in
cypress-io/cypress#4947. The information as to
how to install an unreleased version of Cypress I got from
cypress-io/cypress#4525. We also ensure all
shared libraries this version of Cypress uses are installed in the test
environment.

Fixes: #1602
See: #1602
Fixes: #1797
See: #1797
Fixes: #1799
See: #1799
Fixes: #1800
See: #1800
See: cypress-io/cypress#4947
See: cypress-io/cypress#771
See: cypress-io/cypress#4525
NicolasT added a commit to scality/metalk8s that referenced this pull request Oct 1, 2019
@NicolasT
salt, ui: deploy UI using *Ingress*es
d9c6024 
The Kubernetes API, SaltAPI, Prometheus and the actual UI are now
exposed using the `nginx-control-plane` *Ingress* controller, and as
such accessible through the control-plane network IP of the 'bootstrap'
node, port 8443.

Note: this also updates Cypress to a (for now) unreleased version,
because the current released version doesn't support self-signed TLS
certificates when using an IP-based host as a test target (which is the
case in our setup). This was reported upstream in
cypress-io/cypress#771 and fixed in
cypress-io/cypress#4947. The information as to
how to install an unreleased version of Cypress I got from
cypress-io/cypress#4525. We also ensure all
shared libraries this version of Cypress uses are installed in the test
environment.

Fixes: #1602
See: #1602
Fixes: #1797
See: #1797
Fixes: #1799
See: #1799
Fixes: #1800
See: #1800
See: cypress-io/cypress#4947
See: cypress-io/cypress#771
See: cypress-io/cypress#4525
grabartley pushed a commit to grabartley/cypress that referenced this pull request Oct 6, 2019
@flotwig @brian-mann @grabartley
Fix proxying HTTPS requests to IP addresses (cypress-io#4947)
7e2f5df 
* use own server-destroy implementation that supports secureConnect events

* stand up HTTPS server for requests over ssl to IPs

* don't need to resolve with

* fix tests

* stand up a server on 127.0.0.1 for test

* tighten up / cleanup code, consolidate + refactor

- lazily fs.outputfile’s
- move sslIpServers to be global
- add remove all CA utility

* Improve proxy_spec test

* Don't crash on server error events

* feedback

* derp


Co-authored-by: Brian Mann <brian.mann86@gmail.com>
@semantic-commit semantic-commit bot mentioned this pull request Nov 21, 2019
Closed
@flotwig flotwig deleted the issue-771 branch January 24, 2022 18:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@brian-mann brian-mann brian-mann approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

cy.visit() results in ERR_SSL_VERSION_OR_CIPHER_MISMATCH
2 participants
@flotwig @brian-mann