Documentation ¶
Overview ¶
Package proxy implements an HTTP reverse proxy based on continuously updated skipper routing rules.
The proxy matches each incoming request to the lookup tree for the first matching route, and handles it accordingly to the rules defined in it. This typically means augmenting the request with the filters and forwarding it to the route endpoint. It may also mean to handle the request internally if it is a 'shunt' route or to continue routing further in case of 'loopback'.
Proxy Mechanism ¶
1. route matching:
The incoming request is matched to the current routing tree, implemented in skipper/routing. The result may be a route, which will be used for forwarding or handling the request, or nil, in which case the proxy responds with a configured http status code (defaults to 404).
2. upstream request augmentation:
In case of a matched route, the request handling method of all filters in the route will be executed in the order they are defined. The filters share a context object, that provides the in-memory representation of the incoming request, the outgoing response writer, the path parameters derived from the actual request path (see skipper/routing) and a free-form state bag. The filters may modify the request or pass data to each other using the state bag.
Filters can break the filter chain, serving their own response object. This will prevent the request from reaching the route endpoint. The filters that are defined in the route after the one that broke the chain will never handle the request.
3.a upstream request:
The incoming and augmented request is mapped to an outgoing request and executed, addressing the endpoint defined by the current route.
If a filter chain was broken by some filter this step is skipped.
3.b shunt:
In case the route is a 'shunt', an empty response is created with default 404 status.
3.c loopback:
In case of the `loopback` route no upstream request is made. Routing will happen again with an augmented request. This can happen several times in a row until maxLoopbacks limit is reached.
4. downstream response augmentation:
The response handling method of all the filters processed in step 2 will be executed in reverse order. The filter context is the same instance as the one in step 2. It will include the response object from step 3, or the one provided by the filter that broke the chain.
If the route is a shunt route, one of the filters needs to handle the request latest in this phase. It should set the status and response headers and write the response body, if any, to the writer in the filter context.
5. response:
In case none of the filters handled the request, the response properties, including the status and the headers, are mapped to the outgoing response writer, and the response body is streamed to it, with continuous flushing.
Routing Rules ¶
The route matching is implemented in the skipper/routing package. The routing rules are not static, but they can be continuously updated by new definitions originated in one or more data sources.
The only exceptions are the priority routes, that have not originated from the external data sources, and are tested against the requests before the general routing tree.
Handling the Host header ¶
The default behavior regarding the 'Host' header of the proxy requests is that the proxy ignores the value set in the incoming request. This can be changed setting the `OptionsProxyPreserveHost` init flag.
In either case, it is possible to override this behavior individually for each route with the `preserveHost` filter. If the filter argument is "true", the request host is used, if it is "false", the backend host is used, regardless of the global setting.
If a filter sets the 'Host' header to a value other than the value in the incoming request or the backend host, this custom value will be used instead of the global setting or the route specific override.
To control the value of the outgoing 'Host' header, the `OutgoingHost()` and `SetOutgoingHost()` methods of the `FilterContext` need to be used instead of the `Request.Header` map.
Circuit Breakers ¶
When configured, skipper can use circuit breakers for the backend requests. It asks the registry for a matching circuit breaker for every request, and if there is any, checks if it is closed before sending out the backend request. On connection errors and responses with a status code higher than 499, it reports a failure to the current breaker, otherwise it reports a success.
For details, see: https://godoc.org/github.com/zalando/skipper/circuit.
Proxy Example ¶
The below example demonstrates creating a routing proxy as a standard http.Handler interface:
// create a target backend server. It will return the value of the 'X-Echo' request header // as the response body: targetServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { w.Write([]byte(r.Header.Get("X-Echo"))) })) defer targetServer.Close() // create a filter registry, and register the custom filter: filterRegistry := builtin.MakeRegistry() filterRegistry.Register(&setEchoHeader{}) // create a data client with a predefined route, referencing the filter and a path condition // containing a wildcard called 'echo': routeDoc := fmt.Sprintf(`Path("/return/:echo") -> setEchoHeader() -> "%s"`, targetServer.URL) dataClient, err := testdataclient.NewDoc(routeDoc) if err != nil { log.Fatal(err) } // create routing object: rt := routing.New(routing.Options{ FilterRegistry: filterRegistry, DataClients: []routing.DataClient{dataClient}}) defer rt.Close() // create a proxy instance, and start an http server: proxy := proxy.New(rt, proxy.OptionsNone) defer proxy.Close() router := httptest.NewServer(proxy) defer router.Close() // make a request to the proxy: rsp, err := http.Get(fmt.Sprintf("%s/return/Hello,+world!", router.URL)) if err != nil { log.Fatal(err) } defer rsp.Body.Close() // print out the response: if _, err := io.Copy(os.Stdout, rsp.Body); err != nil { log.Fatal(err) } // Output: // Hello, world!
Index ¶
Examples ¶
Constants ¶
const ( // Number of loops allowed by default. DefaultMaxLoopbacks = 9 // The default value set for http.Transport.MaxIdleConnsPerHost. DefaultIdleConnsPerHost = 64 // The default period at which the idle connections are forcibly // closed. DefaultCloseIdleConnsPeriod = 20 * time.Second )
const ( OptionsNone = Options(FlagsNone) OptionsInsecure = Options(Insecure) OptionsPreserveOriginal = Options(PreserveOriginal) OptionsPreserveHost = Options(PreserveHost) OptionsDebug = Options(Debug) OptionsHopHeadersRemoval = Options(HopHeadersRemoval) )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Flags ¶
type Flags uint
Flags control the behavior of the proxy.
const ( FlagsNone Flags = 0 // Insecure causes the proxy to ignore the verification of // the TLS certificates of the backend services. Insecure Flags = 1 << iota // PreserveOriginal indicates that filters require the // preserved original metadata of the request and the response. PreserveOriginal // PreserveHost indicates whether the outgoing request to the // backend should use by default the 'Host' header of the incoming // request, or the host part of the backend address, in case filters // don't change it. PreserveHost // Debug indicates that the current proxy instance will be used as a // debug proxy. Debug proxies don't forward the request to the // route backends, but they execute all filters, and return a // JSON document with the changes the filters make to the request // and with the approximate changes they would make to the // response. Debug // HopeHeadersRemoval indicates whether the Hop Headers should be removed // in compliance with RFC 2616 HopHeadersRemoval )
func (Flags) HopHeadersRemoval ¶ added in v0.9.168
When set, the proxy will remove the Hop Headers
func (Flags) PreserveHost ¶
When set, the proxy will set the, by default, the Host header value of the outgoing requests to the one of the incoming request.
func (Flags) PreserveOriginal ¶
When set, the filters will receive an unmodified clone of the original incoming request and response.
type Params ¶
type Params struct { // The proxy expects a routing instance that is used to match // the incoming requests to routes. Routing *routing.Routing // Control flags. See the Flags values. Flags Flags // Same as net/http.Transport.MaxIdleConnsPerHost, but the default // is 64. This value supports scenarios with relatively few remote // hosts. When the routing table contains different hosts in the // range of hundreds, it is recommended to set this options to a // lower value. IdleConnectionsPerHost int // Defines the time period of how often the idle connections are // forcibly closed. The default is 12 seconds. When set to less than // 0, the proxy doesn't force closing the idle connections. CloseIdleConnsPeriod time.Duration // And optional list of priority routes to be used for matching // before the general lookup tree. PriorityRoutes []PriorityRoute // The Flush interval for copying upgraded connections FlushInterval time.Duration // Enable the experimental upgrade protocol feature ExperimentalUpgrade bool // MaxLoopbacks sets the maximum number of allowed loops. If 0 // the default (9) is applied. To disable looping, set it to // -1. Note, that disabling looping by this option, may result // wrong routing depending on the current configuration. MaxLoopbacks int // CircuitBreakers provides a registry that skipper can use to // find the matching circuit breaker for backend requests. If not // set, no circuit breakers are used. CircuitBreakers *circuit.Registry // DefaultHTTPStatus is the HTTP status used when no routes are found // for a request. DefaultHTTPStatus int // RateLimiters provides a registry that skipper can use to // find the matching ratelimiter for backend requests. If not // set, no ratelimits are used. RateLimiters *ratelimit.Registry // OpenTracer holds the tracer enabled for this proxy instance OpenTracer ot.Tracer // Loadbalancer to report unhealthy or dead backends to LoadBalancer *loadbalancer.LB // Timeout sets the TCP client connection timeout for proxy http connections to the backend Timeout time.Duration // KeepAlive sets the TCP keepalive for proxy http connections to the backend KeepAlive time.Duration // DualStack sets if the proxy TCP connections to the backend should be dual stack DualStack bool // TLSHandshakeTimeout sets the TLS handshake timeout for proxy connections to the backend TLSHandshakeTimeout time.Duration // MaxIdleConns limits the number of idle connections to all backends, 0 means no limit MaxIdleConns int }
Proxy initialization options.
type PriorityRoute ¶
type PriorityRoute interface { // If the request is matched, returns a route, otherwise nil. // Additionally it may return a parameter map used by the filters // in the route. Match(*http.Request) (*routing.Route, map[string]string) }
Priority routes are custom route implementations that are matched against each request before the routes in the general lookup tree.
Example ¶
package main import ( "fmt" "github.com/zalando/skipper/eskip" "github.com/zalando/skipper/filters" "github.com/zalando/skipper/filters/builtin" "github.com/zalando/skipper/proxy" "github.com/zalando/skipper/routing" "github.com/zalando/skipper/routing/testdataclient" "io" "log" "net/http" "net/http/httptest" "os" ) // custom filter type: type setEchoHeader struct{} func (s *setEchoHeader) Name() string { return "setEchoHeader" } func (s *setEchoHeader) CreateFilter(_ []interface{}) (filters.Filter, error) { return s, nil } func (f *setEchoHeader) Response(_ filters.FilterContext) {} // the filter copies the path parameter 'echo' to the 'X-Echo' header func (f *setEchoHeader) Request(ctx filters.FilterContext) { ctx.Request().Header.Set("X-Echo", ctx.PathParam("echo")) } func DisabledExample() { // create a target backend server. It will return the value of the 'X-Echo' request header // as the response body: targetServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { w.Write([]byte(r.Header.Get("X-Echo"))) })) defer targetServer.Close() // create a filter registry, and register the custom filter: filterRegistry := builtin.MakeRegistry() filterRegistry.Register(&setEchoHeader{}) // create a data client with a predefined route, referencing the filter and a path condition // containing a wildcard called 'echo': routeDoc := fmt.Sprintf(`Path("/return/:echo") -> setEchoHeader() -> "%s"`, targetServer.URL) dataClient, err := testdataclient.NewDoc(routeDoc) if err != nil { log.Fatal(err) } // create routing object: rt := routing.New(routing.Options{ FilterRegistry: filterRegistry, DataClients: []routing.DataClient{dataClient}}) defer rt.Close() // create a proxy instance, and start an http server: proxy := proxy.New(rt, proxy.OptionsNone) defer proxy.Close() router := httptest.NewServer(proxy) defer router.Close() // make a request to the proxy: rsp, err := http.Get(fmt.Sprintf("%s/return/Hello,+world!", router.URL)) if err != nil { log.Fatal(err) } defer rsp.Body.Close() // print out the response: if _, err := io.Copy(os.Stdout, rsp.Body); err != nil { log.Fatal(err) }
Output:
type Proxy ¶
type Proxy struct {
// contains filtered or unexported fields
}
Proxy instances implement Skipper proxying functionality. For initializing, see the WithParams the constructor and Params.
func New ¶
func New(r *routing.Routing, options Options, pr ...PriorityRoute) *Proxy
New returns an initialized Proxy. Deprecated, see WithParams and Params instead.