Properly split remote proxy http https #55430
Conversation
tavplubix
added
the
can be tested
robot-ch-test-poll2
added
the
pr-improvement
|
This is an automated comment for commit 8c7973d with description of existing statuses. It's updated for the latest CI running ⏳ Click here to open a full report in a separate page Successful checks
|
|
@tavplubix Could you please take a look at this? |
|
@tavplubix kind ping |
| <endpoint>http://resolver:8080/hostname</endpoint> | ||
| <proxy_scheme>http</proxy_scheme> | ||
| <proxy_port>80</proxy_port> | ||
| <proxy_cache_time>10</proxy_cache_time> |
There was a problem hiding this comment.
time is too unspecific, please add units like seconds, minutes, hours, etc... into the config node name.
There was a problem hiding this comment.
The old configuration was already like this, changing it will break backwards compatibility. I can modify this for the new version only, but code will be a bit more complex and syntax will be even more different.
I suggest we keep it like this, what do you think?
| 2. Proxy lists | ||
| 3. Environment variables | ||
|
|
||
| ClickHouse will check the highest priority resolver type for the request protocol. If it is not defined, |
There was a problem hiding this comment.
When will CH check the next proxy configuration? Would it try proxy lists if the resolver doesn't respond?
There was a problem hiding this comment.
It will check the next proxy configuration if it does not find a configuration for the requests protocol. For instance: ClickHouse is trying to send a HTTPS request and there is a remote resolver configuration section, but only for HTTP. In this case, it will check list and fallback to environment if there is no list for HTTPS.
|
@tavplubix kind ping :) |
|
@tavplubix daily ping :) |
|
The changelog entry is too long and detailed. Please add a short user-readable description for the changelog (one line, a few sentences) |
I have moved all text above changelog entry and added a small sentence, could you please check if it is ok now? |
|
Thanks @tavplubix! |
This PR does 3 things:
DB::ProxyConfiguration::Protocol::ANYProxy servers must be picked based on the request protocol (i.e, https request should grab the
https_proxyor whateverhttpsrelated configuration). This was being done correctly for the environment and list proxy resolvers, but not for the remote resolver.This is how it was implemented:
http_proxyorhttps_proxyenvironment variables based on the request protocol.<proxy><http OR https></proxy></>based on the request protocol.proxy_scheme) - This is wrong, it's perfectly fine to have a HTTPS request routed through a HTTP proxy. The comparisong that should be made is the same that is being done for list and environment, that is: request protocol x user configuration for that protocol.This PR addresses this issue by changing the syntax of remote resolvers. It now has to be encapsulated into
<http>or<https>tags just like the list resolver.Not sure I should classify this as bug or improvement.
Changelog category (leave one):
Changelog entry (a user-readable short description of the changes that goes to CHANGELOG.md):
Select remote proxy resolver based on request protocol, add proxy feature docs and remove
DB::ProxyConfiguration::Protocol::ANY.Documentation entry for user-facing changes