Skip to content

Adding router proxy support #747

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open

Adding router proxy support #747

wants to merge 7 commits into from

Conversation

cx-serhii-stanislavskyi
Copy link

Add Router Proxy Configuration from Environment Variables

This PR adds two new functions to improve router connectivity options:

Changes

  1. Added routerProxyFromEnvironment function

    • Enables automatic proxy configuration for router connections based on environment variables
    • Uses HTTPS_PROXY or HTTP_PROXY environment variables to determine proxy settings
    • Automatically applied when loading configuration from file via NewConfigFromFile()

  2. Added parseTLS(raw string) helper function

    • Supports router URLs with the format tls:router.example.com:443
    • Converts tls: scheme URLs to proper HTTPS URLs for processing
    • Enables more flexible router addressing options

Use Cases

  • Simplifies deployment in environments where direct connections are restricted and proxies are required
  • Allows for consistent proxy configuration across applications using environment variables
  • Supports more intuitive TLS connection specification with the tls: URL format

These changes maintain backward compatibility while adding flexibility for different network configurations.

@cx-serhii-stanislavskyi cx-serhii-stanislavskyi requested a review from a team as a code owner June 18, 2025 13:38
plorenz
plorenz reviewed Jul 17, 2025
View reviewed changes
ziti/config.go
// request is required.
func GetControllerWellKnownCaPool(controllerAddr string) (*x509.CertPool, error) {
return rest_util.GetControllerWellKnownCaPool(controllerAddr)
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Apologies for the late review.

First, if you haven't yet, please take a look at https://github.com/openziti/sdk-golang/blob/main/CONTRIBUTING.md as a CLA is required for contributors.

Second, overall looks good. I'd like this function to be available to SDK users, but not have it set on RouterProxy by default. To that end, could you remove the set and make the method public?

Copy link
Author

@cx-serhii-stanislavskyi cx-serhii-stanislavskyi Sep 26, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My apologies for the late response.

  1. We're still clarifying question with CLA with legal team.
  2. I made this method public, but I'm not sure how to implement it in zrok.
    We're expecting the routerProxy configuration here:
    https://github.com/openziti/sdk-golang/blob/main/ziti/ziti.go#L1461
    if context.routerProxy != nil {
		if proxyConfig := context.routerProxy(ingressUrl); proxyConfig != nil {
			dialerConfig.TransportConfig[transport.KeyCachedProxyConfiguration] = proxyConfig
		}
	}

That's inside connectEdgeRouter method.
It's for passing proxy configuration to edge router when we're creating public share

plorenz
plorenz requested changes Jul 22, 2025
View reviewed changes
Copy link
Member

@plorenz plorenz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See comment

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@plorenz plorenz Awaiting requested review from plorenz

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@cx-serhii-stanislavskyi @plorenz