Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ListenAndServeTLS causes goproxy to panic #434

Open
g00nix opened this issue Mar 20, 2021 · 4 comments
Open

ListenAndServeTLS causes goproxy to panic #434

g00nix opened this issue Mar 20, 2021 · 4 comments

Comments

@g00nix
Copy link

g00nix commented Mar 20, 2021

I am running he goproxy as a HTTPS proxy:

func main() {
	proxy := goproxy.NewProxyHttpServer()
	listenAddress := os.Getenv("LISTEN_ADDRESS")
	if listenAddress == "" {
		log.Fatal("The LISTEN_ADDRESS env var is mandatory.")
	}
	log.Println("Starting to listen on", listenAddress)
	log.Println("HTTPS Failed:", http.ListenAndServeTLS(listenAddress, "/fullchain.pem", "/privkey.pem", proxy))
}

This works perfect till I curl small websites with curl. However if I add the proxy to a browser, i get a flood of panic messages in the log:

2021/03/20 16:16:19 http2: panic serving 172.17.0.1:50476: httpserver does not support hijacking
goroutine 123989 [running]:
net/http.(*http2serverConn).runHandler.func1(0xc00020c080, 0xc000336f8e, 0xc000528600)
	net/http/h2_bundle.go:5716 +0x193
panic(0x8f2ec0, 0xa43d00)
	runtime/panic.go:965 +0x1b9
github.com/elazarl/goproxy.(*ProxyHttpServer).handleHttps(0xc0001985a0, 0xa55890, 0xc00020c080, 0xc0000aff00)
	github.com/elazarl/[email protected]/https.go:84 +0x18a7
github.com/elazarl/goproxy.(*ProxyHttpServer).ServeHTTP(0xc0001985a0, 0xa55890, 0xc00020c080, 0xc0000aff00)
	github.com/elazarl/[email protected]/proxy.go:114 +0xc95
net/http.serverHandler.ServeHTTP(0xc0001661c0, 0xa55890, 0xc00020c080, 0xc0000aff00)
	net/http/server.go:2887 +0xa3
net/http.initALPNRequest.ServeHTTP(0xa56320, 0xc00017eea0, 0xc0001cca80, 0xc0001661c0, 0xa55890, 0xc00020c080, 0xc0000aff00)
	net/http/server.go:3459 +0x8d
net/http.(*http2serverConn).runHandler(0xc000528600, 0xc00020c080, 0xc0000aff00, 0xc0004907b0)
	net/http/h2_bundle.go:5723 +0x8b
created by net/http.(*http2serverConn).processHeaders
	net/http/h2_bundle.go:5453 +0x505
@g00nix
Copy link
Author

g00nix commented Mar 21, 2021

I think this bug will appear on http2 websites. One solution would be to shut down http2 the same way you can do this on http.Server, by setting TLSNextProto to nil. The problem is that shutting http2 completely is not future proof. I found online solutions for TLS+http2 proxy, but not in Go. This is because most Go HTTPS proxies are based on Hijack which was not implemented for http2.

I have no idea at this point if I am wrong or not and if I should invest more time into this direction. If anybody has any ideas or advice on this topic, I am super interested.

@jonreesman
Copy link

Any update on this? Currently slogging through trying to force http1 but no matter what I do the server im forward proxying to decides h2.

@elazarl
Copy link
Owner

elazarl commented Oct 21, 2024

It seems go Hijack method doesn't work for h2, and we need some other solution. I'm not sure I'll have time to investigate, but will keep you posted.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@elazarl @jonreesman @g00nix and others