starred/godoxy
1
0
Fork 0
mirror of https://github.com/yusing/godoxy.git synced 2026-04-14 13:10:16 +02:00
Code Issues 18 Packages Projects Releases 10 Wiki Activity

fix(entrypoint): reject missing inbound mTLS profile references

Browse Source 
Add lookupInboundMTLSProfile so global and route-scoped refs must exist
in the loaded profile map. Propagate resolver errors through TLS
GetConfigForClient; in HTTP dispatch, return 421 only for SNI and
misdirected secure-route cases and log 500 for other resolution
failures.

Support adding routes with an existing listener for tests, reserve the
port via net.Listen without a race, and use t.Cleanup for server
teardown. Move relay_proxy_protocol_header documentation to per-route
TCP config in config.example.yml.
This commit is contained in:
yusing
2026-04-13 14:56:38 +08:00
parent 2a3823091d
commit c7f9c2889b
5 changed files with 154 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
config.example.yml
View File

@@ -160,6 +160,11 @@ providers:
# secret: aaaa-bbbb-cccc-dddd
# no_tls_verify: true
# To relay the downstream client address to a TCP upstream, set
# `relay_proxy_protocol_header: true` on that specific TCP route in route
# configuration (for example, see providers.example.yml). UDP relay is not
# supported yet.
# Match domains
# See https://docs.godoxy.dev/Certificates-and-domain-matching
#