英文:
Reverse Proxy using Go to Cloud Run Instance
问题
我觉得我离成功很近了,但是到目前为止,我在使用Go构建一个小型反向代理到GCP Cloud Run实例时遇到了问题。请求“通过了”,但是请求的响应是默认的GCP Cloud Run 404。看起来在将请求发送回Cloud Run时,Host头被忽略了,因此请求没有被正确路由。
我可能漏掉了什么?
package mainimport ("log""net/http""net/http/httputil""net/url")const apiUrl = "MY_CLOUD_RUN.a.run.app"func main() {http.HandleFunc("/", proxy)log.Fatal(http.ListenAndServe(":8081", nil))}func proxy(res http.ResponseWriter, req *http.Request) {// 绕过CORS检查if req.Method == http.MethodOptions {headers := res.Header()headers.Add("Access-Control-Allow-Origin", "*")headers.Add("Vary", "Origin")headers.Add("Vary", "Access-Control-Request-Method")headers.Add("Vary", "Access-Control-Request-Headers")headers.Add("Access-Control-Allow-Headers", "*")headers.Add("Access-Control-Allow-Methods", "GET,HEAD,PUT,PATCH,POST,DELETE")res.WriteHeader(http.StatusOK)return}p := httputil.NewSingleHostReverseProxy(&url.URL{Scheme: "http",Host: apiUrl,})p.Director = func(req *http.Request) {req.Header.Add("X-Forwarded-Host", req.Host)req.Header.Add("X-Origin-Host", apiUrl)req.Header.Add("Host", apiUrl)req.Header.Add("Access-Control-Allow-Origin", "*")req.URL.Scheme = "https"req.URL.Host = apiUrl}p.ModifyResponse = func(res *http.Response) error {res.Header.Set("Access-Control-Allow-Methods", "GET,HEAD,PUT,PATCH,POST,DELETE")res.Header.Set("Access-Control-Allow-Credentials", "true")res.Header.Set("Access-Control-Allow-Origin", "*")res.Header.Set("Access-Control-Allow-Headers", "*")return nil}p.ServeHTTP(res, req)}
英文:
I feel like I'm close to having this working but so far I"m running into an issue building a small reverse proxy in Go to a GCP Cloud Run instance. The request 'goes through' but the response from the request is the default GCP Cloud Run 404. It appears when making the request back to Cloud Run the Host header is being ignored and therefore the request is not being routed correction.
What might I be missing here?
package mainimport ("log""net/http""net/http/httputil""net/url")const apiUrl = "MY_CLOUD_RUN.a.run.app"func main() {http.HandleFunc("/", proxy)log.Fatal(http.ListenAndServe(":8081", nil))}func proxy(res http.ResponseWriter, req *http.Request) {// gets past CORS checksif req.Method == http.MethodOptions {headers := res.Header()headers.Add("Access-Control-Allow-Origin", "*")headers.Add("Vary", "Origin")headers.Add("Vary", "Access-Control-Request-Method")headers.Add("Vary", "Access-Control-Request-Headers")headers.Add("Access-Control-Allow-Headers", "*")headers.Add("Access-Control-Allow-Methods", "GET,HEAD,PUT,PATCH,POST,DELETE")res.WriteHeader(http.StatusOK)return}p := httputil.NewSingleHostReverseProxy(&url.URL{Scheme: "http",Host: apiUrl,})p.Director = func(req *http.Request) {req.Header.Add("X-Forwarded-Host", req.Host)req.Header.Add("X-Origin-Host", apiUrl)req.Header.Add("Host", apiUrl)req.Header.Add("Access-Control-Allow-Origin", "*")req.URL.Scheme = "https"req.URL.Host = apiUrl}p.ModifyResponse = func(res *http.Response) error {res.Header.Set("Access-Control-Allow-Methods", "GET,HEAD,PUT,PATCH,POST,DELETE")res.Header.Set("Access-Control-Allow-Credentials", "true")res.Header.Set("Access-Control-Allow-Origin", "*")res.Header.Set("Access-Control-Allow-Headers", "*")return nil}p.ServeHTTP(res, req)}
答案1
得分: 1
这比最初的初步写作要复杂一些,但我们最终得到的结果如下所示。
package mainimport ("context""fmt""log""net/http""net/http/httputil""net/url""os""os/signal""time""golang.org/x/oauth2""google.golang.org/api/idtoken")var port = ":8080"var backend = "[CLOUD_RUN_INSTANCE_TO_PROXY].a.run.app"func main() {logger := log.New(os.Stdout, "proxy: ", log.LstdFlags)logger.Println(fmt.Sprintf("代理服务器正在启动:%s,端口:%s", backend, port))router := http.NewServeMux()router.Handle("/", proxyHandler())server := &http.Server{Addr: port,Handler: logging(logger)(router),ErrorLog: logger,ReadTimeout: 30 * time.Second,WriteTimeout: 30 * time.Second,IdleTimeout: 15 * time.Second,}done := make(chan bool)quit := make(chan os.Signal, 1)signal.Notify(quit, os.Interrupt)go func() {<-quitlogger.Println("代理服务器正在关闭...")ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)defer cancel()server.SetKeepAlivesEnabled(false)if err := server.Shutdown(ctx); err != nil {logger.Fatalf("无法正常关闭服务器:%v\n", err)}close(done)}()if err := server.ListenAndServe(); err != nil && err != http.ErrServerClosed {logger.Fatalf("无法监听端口%s:%v\n", port, err)}<-donelogger.Println("服务器已停止")}func proxyHandler() http.Handler {return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {if r.Method == http.MethodOptions {headers := w.Header()headers.Add("Access-Control-Allow-Origin", "*")headers.Add("Access-Control-Allow-Headers", "*")headers.Add("Access-Control-Allow-Methods", "GET,HEAD,PUT,PATCH,POST,DELETE")w.WriteHeader(http.StatusOK)return}path := fmt.Sprintf("https://%s%s", backend, r.RequestURI)at, _ := idTokenTokenSource(path)p := httputil.NewSingleHostReverseProxy(&url.URL{Scheme: "https",Host: backend,})p.Director = func(r *http.Request) {if at != nil {at.SetAuthHeader(r)}}p.ModifyResponse = func(res *http.Response) error {res.Header.Set("Access-Control-Allow-Methods", "GET,HEAD,PUT,PATCH,POST,DELETE")res.Header.Set("Access-Control-Allow-Credentials", "true")res.Header.Set("Access-Control-Allow-Origin", "*")res.Header.Set("Access-Control-Allow-Headers", "*")return nil}r.URL.Scheme = "https"r.URL.Host = backendr.Header.Set("X-Forwarded-Host", r.Header.Get("Host"))r.Host = backendif at != nil {at.SetAuthHeader(r)}p.ServeHTTP(w, r)})}func logging(l *log.Logger) func(http.Handler) http.Handler {return func(next http.Handler) http.Handler {return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {defer func() {requestId := r.Header.Get("X-Request-Id")if requestId == "" {requestId = fmt.Sprintf("%d", time.Now().UnixNano())}w.Header().Set("X-Request-Id", requestId)l.Println(requestId, r.Method, r.URL.Path, r.RemoteAddr, r.UserAgent())}()next.ServeHTTP(w, r)})}}func idTokenTokenSource(audience string) (*oauth2.Token, error) {ts, err := idtoken.NewTokenSource(context.Background(), audience)if err != nil {return nil, err}t, err := ts.Token()if err != nil {return nil, err}return t, nil}
其中一部分优雅关闭、HTTP设置和日志记录的代码来自:https://gist.github.com/enricofoltran/10b4a980cd07cb02836f70a4ab3e72d7
英文:
This is a bit more elaborate than the original initial write-up but what we wound up with was as follows.
package mainimport ("context""fmt""log""net/http""net/http/httputil""net/url""os""os/signal""time""golang.org/x/oauth2""google.golang.org/api/idtoken")var port = ":8080"var backend = "[CLOUD_RUN_INSTANCE_TO_PROXY].a.run.app"func main() {logger := log.New(os.Stdout, "proxy: ", log.LstdFlags)logger.Println(fmt.Sprintf("Proxy server is starting for: %s on port: %s", backend, port))router := http.NewServeMux()router.Handle("/", proxyHandler())server := &http.Server{Addr: port,Handler: logging(logger)(router),ErrorLog: logger,ReadTimeout: 30 * time.Second,WriteTimeout: 30 * time.Second,IdleTimeout: 15 * time.Second,}done := make(chan bool)quit := make(chan os.Signal, 1)signal.Notify(quit, os.Interrupt)go func() {<-quitlogger.Println("Proxy server is shutting down...")ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)defer cancel()server.SetKeepAlivesEnabled(false)if err := server.Shutdown(ctx); err != nil {logger.Fatalf("Could not gracefully shutdown the server: %v\n", err)}close(done)}()if err := server.ListenAndServe(); err != nil && err != http.ErrServerClosed {logger.Fatalf("Could not listen on %s: %v\n", port, err)}<-donelogger.Println("Server stopped")}func proxyHandler() http.Handler {return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {if r.Method == http.MethodOptions {headers := w.Header()headers.Add("Access-Control-Allow-Origin", "*")headers.Add("Access-Control-Allow-Headers", "*")headers.Add("Access-Control-Allow-Methods", "GET,HEAD,PUT,PATCH,POST,DELETE")w.WriteHeader(http.StatusOK)return}path := fmt.Sprintf("https://%s%s", backend, r.RequestURI)at, _ := idTokenTokenSource(path)p := httputil.NewSingleHostReverseProxy(&url.URL{Scheme: "https",Host: backend,})p.Director = func(r *http.Request) {if at != nil {at.SetAuthHeader(r)}}p.ModifyResponse = func(res *http.Response) error {res.Header.Set("Access-Control-Allow-Methods", "GET,HEAD,PUT,PATCH,POST,DELETE")res.Header.Set("Access-Control-Allow-Credentials", "true")res.Header.Set("Access-Control-Allow-Origin", "*")res.Header.Set("Access-Control-Allow-Headers", "*")return nil}r.URL.Scheme = "https"r.URL.Host = backendr.Header.Set("X-Forwarded-Host", r.Header.Get("Host"))r.Host = backendif at != nil {at.SetAuthHeader(r)}p.ServeHTTP(w, r)})}func logging(l *log.Logger) func(http.Handler) http.Handler {return func(next http.Handler) http.Handler {return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {defer func() {requestId := r.Header.Get("X-Request-Id")if requestId == "" {requestId = fmt.Sprintf("%d", time.Now().UnixNano())}w.Header().Set("X-Request-Id", requestId)l.Println(requestId, r.Method, r.URL.Path, r.RemoteAddr, r.UserAgent())}()next.ServeHTTP(w, r)})}}func idTokenTokenSource(audience string) (*oauth2.Token, error) {ts, err := idtoken.NewTokenSource(context.Background(), audience)if err != nil {return nil, err}t, err := ts.Token()if err != nil {return nil, err}return t, nil}
A good chunk of some of the graceful shutdown, http setup, and logging came from: https://gist.github.com/enricofoltran/10b4a980cd07cb02836f70a4ab3e72d7
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论