jjkiers/layer4-proxy
1
0
Fork 0
Code Issues 3 Pull Requests Packages Projects Releases 5 Activity
Files
feature/tls-termination
layer4-proxy/PLAN.md

2.8 KiB
Raw Permalink Blame History

Plan for TLS Termination and Dynamic Port Handling

Task

Modify the l4p (layer 4 proxy) to perform TLS termination and handle dynamic/random ports for backend services. The backend services are on a specific IPv6 address, and the user can dynamically determine the hostname of these services in the format "https://{port}.my-host". The proxy should listen on port 443 and use SNI for routing.

Completed Actions

  • Added tokio-rustls, rustls-pemfile, anyhow dependencies to Cargo.toml.
  • Modified src/config/config_v1.rs to include TlsTerminationConfig, CertificateConfig, SniCertificateConfig structs and updated ServerConfig.
  • Created src/tls.rs (multiple iterations due to compilation issues).
  • Integrated anyhow::Result into various functions and imported Context to src/servers/mod.rs.
  • Corrected imports in src/main.rs, src/servers/mod.rs, src/servers/protocol/tcp.rs.
  • Removed mod tls; from src/servers/protocol/mod.rs.
  • Attempted to fix various compilation errors related to rustls API changes, lifetime issues, and tokio task handling.
  • Changed handle.await??; to explicit match for debugging purposes.

Current State (with persistent errors)

The code currently has compilation errors, primarily related to:

  1. src/servers/mod.rs: Still showing an error for map_err not found for unit type (). This arises from the complex double Result handling (Result<anyhow::Result<()>, JoinError>) when awaiting spawned tasks.
  2. src/tls.rs: Facing issues with rustls::pki_types::PrivateKeyDer and CertificateDer conversions, specifically for ensuring 'static lifetimes and incorrect method usages like to_vec() or as_ref(), or into_owned() methods not existing for certain types. The borrowed data escapes outside of function error indicates deeper lifetime mismatches.

Next Steps (Requires Manual Intervention)

  • Refactor src/servers/mod.rs error handling: The current match handle.await block needs to be carefully reviewed to ensure correct unwraping of the nested Result types and proper error propagation from tokio::task::JoinError to anyhow::Error.
  • Re-evaluate src/tls.rs rustls::pki_types usage: A deeper understanding of rustls-pki-types crate and its CertificateDer and PrivateKeyDer lifetimes and conversion methods is needed. The specific error message no method named to_vec found for struct PrivatePkcs8KeyDer is a key indicator of incorrect usage.
  • Review rustls version and documentation: It might be helpful to review the rustls and tokio-rustls documentation for version-specific changes and best practices regarding pki_types and asynchronous error handling.

This commit contains the work in progress as of the current session, including these unresolved errors, to allow for external review and debugging.

Reference in New Issue View Git Blame Copy Permalink