Thanks to visit codestin.com
Credit goes to github.com

Skip to content

fix: ignore https redirect for DERP meshing #10738

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

fix: ignore https redirect for DERP meshing #10738

wants to merge 1 commit into from

Conversation

coadler
Copy link
Contributor

@coadler coadler commented Nov 16, 2023

No description provided.

@coadler
Copy link
Contributor Author

coadler commented Nov 16, 2023

Current dependencies on/for this PR:

This stack of pull requests is managed by Graphite.

@coadler coadler force-pushed the colin/fixignorehttpsredirectforDERPmeshing branch from 243b6af to 1ab8293 Compare November 16, 2023 19:53
@coadler coadler force-pushed the colin/fixignorehttpsredirectforDERPmeshing branch from 1ab8293 to da2112e Compare November 16, 2023 19:53
@coadler
Copy link
Contributor Author

coadler commented Nov 17, 2023

Feel free to take this over if there's any changes needed, or I can fix in the morning.

spikecurtis
spikecurtis reviewed Nov 17, 2023
View reviewed changes
cli/server.go
handler.ServeHTTP(w, r)
return
}
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This ain't gonna work. We install this middleware at start of day, before we learn about any other replicas, and they change over time.

I think we should blanket refuse to redirect the path /derp. DERP is encrypted, so even if some client connection got the http URL for this path, it would be fine.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How so? We're only looking at the redirect for ourself, so it doesn't matter which replicas come up or down, it'll always be the same host locally.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, you're right. I'm thinking about it the wrong way around. Sorry.

However, disabling the redirect for all routes on that host feels too broad. I think we generally do want to redirect for non-DERP routes if the request comes to e.g. our IP address or a non-cannonical hostname.

@coadler
Copy link
Contributor Author

coadler commented Nov 17, 2023

Closing in favor of #10752

@coadler coadler closed this Nov 17, 2023
@github-actions github-actions bot locked and limited conversation to collaborators Nov 17, 2023
@github-actions github-actions bot deleted the colin/fixignorehttpsredirectforDERPmeshing branch May 17, 2024 00:04
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@spikecurtis spikecurtis spikecurtis left review comments

@deansheather deansheather Awaiting requested review from deansheather

Assignees

@coadler coadler

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@coadler @spikecurtis