CD
Cloudflare Developers3mo ago
Rootster

Adding OpenSsl to pingora reverse proxy (beginner)

Hi, Im trying to replace nginx reverse proxy/caddyV2 reverse proxy with simple implementation of pingora reverse proxy. So far I've managed to serve my Nuxt3 app with pingora but now I'm stuck with pingora-openssl integration and I couldn't find any examples for it. This is my code so far: 
use async_trait::async_trait;

use pingora_core::server::Server;
use pingora_core::upstreams::peer::HttpPeer;
use pingora_core::Result;
use pingora_openssl::ssl::{SslAcceptor, SslFiletype, SslMethod};
use pingora_proxy::{ProxyHttp, Session};

pub struct MyProxy {}

#[async_trait]
impl ProxyHttp for MyProxy {
    type CTX = ();
    fn new_ctx(&self) -> Self::CTX {
        ()
    }

    async fn request_filter(&self, session: &mut Session, _ctx: &mut Self::CTX) -> Result<bool> {
        session
            .req_header_mut()
            .insert_header("Host", "127.0.0.1")
            .unwrap();
        Ok(false)
    }

    async fn upstream_peer(
        &self,
        _session: &mut Session,
        _ctx: &mut Self::CTX,
    ) -> Result<Box<HttpPeer>> {
        let addr = ("127.0.0.1", 3000);

        let peer = Box::new(HttpPeer::new(addr, false, "127.0.0.1".to_string()));
        Ok(peer)
    }
}
fn main() {
    env_logger::init();
    let mut my_server = Server::new(None).unwrap();
    my_server.bootstrap();
    let mut acceptor = SslAcceptor::mozilla_intermediate(SslMethod::tls()).unwrap();
    acceptor
        .set_private_key_file("key.pem", SslFiletype::PEM)
        .unwrap();
    acceptor.set_certificate_chain_file("cert.pem").unwrap();
    let acceptor = acceptor.build();
    let mut my_proxy = pingora_proxy::http_proxy_service(&my_server.configuration, MyProxy {});
    my_proxy.add_tcp("0.0.0.0:8888");
    my_server.add_service(my_proxy);
    my_server.run_forever();
}
use async_trait::async_trait;

use pingora_core::server::Server;
use pingora_core::upstreams::peer::HttpPeer;
use pingora_core::Result;
use pingora_openssl::ssl::{SslAcceptor, SslFiletype, SslMethod};
use pingora_proxy::{ProxyHttp, Session};

pub struct MyProxy {}

#[async_trait]
impl ProxyHttp for MyProxy {
    type CTX = ();
    fn new_ctx(&self) -> Self::CTX {
        ()
    }

    async fn request_filter(&self, session: &mut Session, _ctx: &mut Self::CTX) -> Result<bool> {
        session
            .req_header_mut()
            .insert_header("Host", "127.0.0.1")
            .unwrap();
        Ok(false)
    }

    async fn upstream_peer(
        &self,
        _session: &mut Session,
        _ctx: &mut Self::CTX,
    ) -> Result<Box<HttpPeer>> {
        let addr = ("127.0.0.1", 3000);

        let peer = Box::new(HttpPeer::new(addr, false, "127.0.0.1".to_string()));
        Ok(peer)
    }
}
fn main() {
    env_logger::init();
    let mut my_server = Server::new(None).unwrap();
    my_server.bootstrap();
    let mut acceptor = SslAcceptor::mozilla_intermediate(SslMethod::tls()).unwrap();
    acceptor
        .set_private_key_file("key.pem", SslFiletype::PEM)
        .unwrap();
    acceptor.set_certificate_chain_file("cert.pem").unwrap();
    let acceptor = acceptor.build();
    let mut my_proxy = pingora_proxy::http_proxy_service(&my_server.configuration, MyProxy {});
    my_proxy.add_tcp("0.0.0.0:8888");
    my_server.add_service(my_proxy);
    my_server.run_forever();
}
Can anybody help me to finish Pingora-OpenSsl integration so I can learn how to do it? Thank you!
3 Replies
Chaika
Chaika3mo ago
Looks like in response to your github Issue they linked an example here: https://github.com/cloudflare/pingora/blob/main/pingora-proxy/examples/load_balancer.rs#L85-L93 You'd probably have better luck using those Github Issues in the future, no CF people working on Pingora would be in these channels
GitHub
pingora/pingora-proxy/examples/load_balancer.rs at main · cloudflar...
A library for building fast, reliable and evolvable network services. - cloudflare/pingora
Rootster
Rootster3mo ago
I hope with time there will be more examples Will see next year if there will be some movement
Chaika
Chaika3mo ago
yea hopefully with time, as most people use it, they'll be more public docs and such
Want results from more Discord servers?
Add your server
More Posts
Using kotlin: Example project throws "Error: No response!"Hi, I've just tried using the workers with Kotlin and ran through the example project. After tryinDNS_PROBE_FINISHED_NXDOMAINI just deployed a sveltekit project to test the workflow. When I visit the generated url I get DNS_Can you invoke a worker by cli?I want to create a script to seed my DB (it's D1, hence I can't use a Node.js script). Is there an Someone is using Cloudflare Workers to scrape my website and fetch it's content (Workers.dev)Someone is using Cloudflare workers to scrape my website and fetch all content from it, I have triedCreated multiple cloudflare tunnels but not a single one is getting connectedI'm getting this error ` Register tunnel error from server side error="Unauthorized: Failed to get tCloudflare Pages, 503 errors in the dashboardAnyone else having issues accessing the "workers-and-pages" dashboard? Currently getting "API RequesTCP Connection issueI’m connecting a Durable Object to a Neo4J database via TCP, which has worked flawlessly so far but Durable object outgoing webSocket connectionAssuming a durable object (say object A) that handles received websocket connections using the hibercloudflare website:How do I create a website once? I registered my cloudflare domain free domain.Are there PUB SUB in D1I was just wondering if D1 DB has pub subs feature, in it, trying to create a simple chat applicatio