Skip to content

Commit

Permalink
Merge pull request #1480 from tkan145/backport-THREESCALE-11128
Browse files Browse the repository at this point in the history
[THREESCALE 11128] Prevent APIcast fallback to global proxy settings for direct connection
  • Loading branch information
tkan145 authored Jun 27, 2024
2 parents 17aa557 + 573a070 commit cefafe4
Show file tree
Hide file tree
Showing 3 changed files with 53 additions and 1 deletion.
6 changes: 6 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](http://semver.org/).

## [Unreleased]

### Fixed

### Added

## [3.15.0] 2024-04-04

### Fixed
Expand Down Expand Up @@ -49,6 +53,8 @@ and this project adheres to [Semantic Versioning](http://semver.org/).

- Disable \_G write guard warning [PR #1454](https://github.com/3scale/APIcast/pull/1454)

- Fixed APIcast send request through proxy server even when `NO_PROXY` is used [PR #1478](https://github.com/3scale/APIcast/pull/1478) [THREESCALE-11128](https://issues.redhat.com/browse/THREESCALE-11128)

### Added

- Detect number of CPU shares when running on Cgroups V2 [PR #1410](https://github.com/3scale/apicast/pull/1410) [THREESCALE-10167](https://issues.redhat.com/browse/THREESCALE-10167)
Expand Down
5 changes: 4 additions & 1 deletion gateway/src/resty/http/proxy.lua
Original file line number Diff line number Diff line change
Expand Up @@ -57,10 +57,13 @@ local function connect(request)
-- openresty treat nil as false, so we need to explicitly set ssl_verify to false if nil
local ssl_verify = request.options and request.options.ssl and request.options.ssl.verify or false

-- We need to set proxy_opts to an empty table here otherwise, lua-resty-http will fallback
-- to the global proxy options
local options = {
scheme = scheme,
host = host,
port = port
port = port,
proxy_opts = {}
}
if scheme == 'https' then
options.ssl_server_name = host
Expand Down
43 changes: 43 additions & 0 deletions t/http-proxy.t
Original file line number Diff line number Diff line change
Expand Up @@ -2083,3 +2083,46 @@ qr/a client request body is buffered to a temporary file/
--- grep_error_log_out
a client request body is buffered to a temporary file
--- user_files fixture=tls.pl eval
=== TEST 36: APIcast should not ingore NO_PROXY, when HTTP_PROXY and HTTPS_PROXY are also set
It connects directly to backened and forwards request to the upstream via proxy.
--- env random_port eval
(
'http_proxy' => $ENV{TEST_NGINX_HTTP_PROXY},
'no_proxy' => '127.0.0.1,localhost,test_backend',
)
--- configuration
{
"services": [
{
"id": 42,
"backend_version": 1,
"proxy": {
"api_backend": "http://test-upstream.lvh.me:$TEST_NGINX_SERVER_PORT/",
"proxy_rules": [
{ "pattern": "/", "http_method": "GET", "metric_system_name": "hits", "delta": 2 }
]
}
}
]
}
--- backend
server_name test_backend.lvh.me;
location /transactions/authrep.xml {
content_by_lua_block {
ngx.exit(ngx.OK)
}
}
--- upstream
server_name test-upstream.lvh.me;
location / {
echo 'yay, api backend: $http_host';
}
--- request
GET /?user_key=value
--- response_body env
yay, api backend: test-upstream.lvh.me:$TEST_NGINX_SERVER_PORT
--- error_code: 200
--- no_error_log

0 comments on commit cefafe4

Please sign in to comment.