Skip to content

fix: rewrite url to agent ip in single tailnet #11810

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Feb 1, 2024
Merged

fix: rewrite url to agent ip in single tailnet #11810

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
f766129
fix: rewrite url to agent ip in single tailnet
coadler Jan 24, 2024
698e697
add integration test
coadler Feb 1, 2024
682467e
add comment on idle conn tuning
coadler Feb 1, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
fix: rewrite url to agent ip in single tailnet 
This restores previous behavior of being able to cache connections
across agents in single tailnet.
  • Loading branch information
@coadler
coadler committed Feb 1, 2024
commit f7661296cebe52f42f9032b1fd12a409005a3fb5
19 changes: 10 additions & 9 deletions coderd/tailnet.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -99,14 +99,7 @@ func NewServerTailnet(
transport: tailnetTransport.Clone(),
}
tn.transport.DialContext = tn.dialContext

// Bugfix: for some reason all calls to tn.dialContext come from
// "localhost", causing connections to be cached and requests to go to the
// wrong workspaces. This disables keepalives for now until the root cause
// can be found.
tn.transport.MaxIdleConnsPerHost = -1
tn.transport.DisableKeepAlives = true

tn.transport.MaxIdleConnsPerHost = 10
tn.transport.MaxIdleConns = 0
// We intentionally don't verify the certificate chain here.
// The connection to the workspace is already established and most
Expand Down Expand Up @@ -308,7 +301,15 @@ type ServerTailnet struct {
}

func (s *ServerTailnet) ReverseProxy(targetURL, dashboardURL *url.URL, agentID uuid.UUID) *httputil.ReverseProxy {
proxy := httputil.NewSingleHostReverseProxy(targetURL)
// Rewrite the targetURL's Host to point to the agent's IP. This is
// necessary because due to TCP connection caching, each agent needs to be
// addressed invidivually. Otherwise, all connections get dialed as
// "localhost:port", causing connections to be shared across agents.
tgt := *targetURL
_, port, _ := net.SplitHostPort(tgt.Host)
tgt.Host = net.JoinHostPort(tailnet.IPFromUUID(agentID).String(), port)

proxy := httputil.NewSingleHostReverseProxy(&tgt)
proxy.ErrorHandler = func(w http.ResponseWriter, r *http.Request, err error) {
site.RenderStaticErrorPage(w, r, site.ErrorPageData{
Status: http.StatusBadGateway,
Expand Down
26 changes: 26 additions & 0 deletions coderd/tailnet_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,32 @@ func TestServerTailnet_ReverseProxy(t *testing.T) {
assert.Equal(t, http.StatusOK, res.StatusCode)
})

t.Run("HostRewrite", func(t *testing.T) {
t.Parallel()

ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
defer cancel()

agentID, _, serverTailnet := setupAgent(t, nil)

u, err := url.Parse(fmt.Sprintf("http://127.0.0.1:%d", codersdk.WorkspaceAgentHTTPAPIServerPort))
require.NoError(t, err)

rp, release, err := serverTailnet.ReverseProxy(u, u, agentID)
require.NoError(t, err)
defer release()

req, err := http.NewRequestWithContext(ctx, http.MethodGet, u.String(), nil)
require.NoError(t, err)

// Ensure the reverse proxy director rewrites the url host to the agent's IP.
rp.Director(req)
assert.Equal(t,
fmt.Sprintf("[%s]:%d", tailnet.IPFromUUID(agentID).String(), codersdk.WorkspaceAgentHTTPAPIServerPort),
req.URL.Host,
)
})

t.Run("HTTPSProxy", func(t *testing.T) {
t.Parallel()

Expand Down