-
Notifications
You must be signed in to change notification settings - Fork 6.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Properly split remote proxy http https #55430
Properly split remote proxy http https #55430
Conversation
This is an automated comment for commit 8c7973d with description of existing statuses. It's updated for the latest CI running ⏳ Click here to open a full report in a separate page Successful checks
|
@tavplubix Could you please take a look at this? |
@tavplubix kind ping |
<endpoint>http://resolver:8080/hostname</endpoint> | ||
<proxy_scheme>http</proxy_scheme> | ||
<proxy_port>80</proxy_port> | ||
<proxy_cache_time>10</proxy_cache_time> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
time
is too unspecific, please add units like seconds, minutes, hours, etc... into the config node name.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The old configuration was already like this, changing it will break backwards compatibility. I can modify this for the new version only, but code will be a bit more complex and syntax will be even more different.
I suggest we keep it like this, what do you think?
2. Proxy lists | ||
3. Environment variables | ||
|
||
ClickHouse will check the highest priority resolver type for the request protocol. If it is not defined, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
When will CH check the next proxy configuration? Would it try proxy lists if the resolver doesn't respond?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It will check the next proxy configuration if it does not find a configuration for the requests protocol. For instance: ClickHouse is trying to send a HTTPS request and there is a remote resolver configuration section, but only for HTTP. In this case, it will check list and fallback to environment if there is no list for HTTPS.
@tavplubix kind ping :) |
@tavplubix daily ping :) |
The changelog entry is too long and detailed. Please add a short user-readable description for the changelog (one line, a few sentences) |
I have moved all text above changelog entry and added a small sentence, could you please check if it is ok now? |
Thanks @tavplubix! |
This PR does 3 things:
DB::ProxyConfiguration::Protocol::ANY
Proxy servers must be picked based on the request protocol (i.e, https request should grab the
https_proxy
or whateverhttps
related configuration). This was being done correctly for the environment and list proxy resolvers, but not for the remote resolver.This is how it was implemented:
http_proxy
orhttps_proxy
environment variables based on the request protocol.<proxy><http OR https></proxy></>
based on the request protocol.proxy_scheme
) - This is wrong, it's perfectly fine to have a HTTPS request routed through a HTTP proxy. The comparisong that should be made is the same that is being done for list and environment, that is: request protocol x user configuration for that protocol.This PR addresses this issue by changing the syntax of remote resolvers. It now has to be encapsulated into
<http>
or<https>
tags just like the list resolver.Not sure I should classify this as bug or improvement.
Changelog category (leave one):
Changelog entry (a user-readable short description of the changes that goes to CHANGELOG.md):
Select remote proxy resolver based on request protocol, add proxy feature docs and remove
DB::ProxyConfiguration::Protocol::ANY
.Documentation entry for user-facing changes