-
-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
proxy: Dynamic placeholders for URL segments #1539
Comments
Not at this time, sorry. Someone is welcome to implement this, though. Maybe a syntax like this:
(Double parentheses because single parentheses might be used in URLs? I dunno.) |
We have Curly brace is already used in caddy for placeholders so I would say something with curly braces should be used for this as well. |
@abiosoft True, that could work. I'm okay with that syntax as long as we don't foresee ever having a If this is implemented, it would have to be efficient in how it matches the URL and does the replacement. |
@mholt I'd like to work on this. I do have prior Go experience. Just new to this project. 🙂 |
Sounds good to me @sahildua2305 ! Note that I am pondering one potential security issue with this, since typically allowing outside requests to dictate proxy destinations is a bad idea. Go ahead and work on it though. :) |
Maybe something like NGINX syntax: proxy /users/(\d+) www.$1.any.com |
@danilobrinu I think we should be consistent with Caddy's placeholder syntax, which is like |
@mholt i propose something like {?<placeholder>pattern} proxy /users/{?<user>[0-9]+} www.{user}.any.com I think is more secure use regex pattern to match values coming in route |
@danilobrinu That's pretty good; although do we need a full regexp? Maybe just capturing that label of the path would be enough, for example |
@mholt i think is more secure use pattern to match exact values from route, this concept is using in Django routes. |
@danilobrinu Why is regexp more secure? |
@mholt is simple u can use a pattern to eval the value, this is more secure than only use a variable and replace this variable. proxy /users/{?<user>[0-9]+} www.{user}.any.com
// Test
proxy /users/5 www.5.any.com (is valid)
proxy /users/clients www.clients.any.con (no valid)
proxy /users/page.otherpage www.page.otherpage.any.com (no valid) proxy /users/{?user} www.{:user}.any.com
// Test
proxy /users/5 www.5.any.com (is valid)
proxy /users/clients www.clients.any.com (is valid)
proxy /users/page.otherpage www.page.otherpage.any.com (is valid) |
@danilobrinu I don't think that's what I mean by secure. Consider SSRF instead: https://github.com/yandex/gixy/blob/master/docs/en/plugins/ssrf.md (for more reading: https://www.owasp.org/index.php/Server_Side_Request_Forgery) |
I tried to use |
Half of this issue is implemented in v2, the other half certainly can be implemented, just needs someone to work on it. Anyone mind giving it a go? Submit a PR? The placeholders part is done. v2 has this ability by using matchers. You can match requests using a regex capture group and then that becomes a label you can apply to the proxy upstream. The only thing left is to define an upstream that uses a placeholder in its address and replaces it at request-time. So, the unfinished part of this issue is actually the same as #990 |
Well, I just went ahead and finished it in 1e31be8. 😄 Caddy 2 can now proxy to different remotes by using any valid placeholders (variables) in the
In other words, you'll define a single upstream and its address is evaluated dynamically at request-time. This has implications for health checks, of course, so be wise when configuring health checks, because in this case a single upstream can actually be many arbitrary number of hosts/ports. Go try it out! |
Every time i deploy a new micro service,i have to config the Caddyfile again,and at the same time,my caddy service is in the docker,so i have to run caddy container again with new caddy file.
Do there any way to do proxy like:
when the user named
user1
send a request,it mean:proxy /v1/users/user1 to www.user1.any.com
The text was updated successfully, but these errors were encountered: