1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
|
diff --git a/caddyhttp/httpserver/server.go b/caddyhttp/httpserver/server.go
index de53cea..1b58e04 100644
--- a/caddyhttp/httpserver/server.go
+++ b/caddyhttp/httpserver/server.go
@@ -32,7 +32,6 @@ import (
"sync"
"time"
- "github.com/lucas-clemente/quic-go/h2quic"
"github.com/mholt/caddy"
"github.com/mholt/caddy/caddyhttp/staticfiles"
"github.com/mholt/caddy/caddytls"
@@ -42,7 +41,6 @@ import (
// Server is the HTTP server implementation.
type Server struct {
Server *http.Server
- quicServer *h2quic.Server
listener net.Listener
listenerMu sync.Mutex
sites []*SiteConfig
@@ -105,12 +103,6 @@ func NewServer(addr string, group []*SiteConfig) (*Server, error) {
// if TLS is enabled, make sure we prepare the Server accordingly
if s.Server.TLSConfig != nil {
- // enable QUIC if desired (requires HTTP/2)
- if HTTP2 && QUIC {
- s.quicServer = &h2quic.Server{Server: s.Server}
- s.Server.Handler = s.wrapWithSvcHeaders(s.Server.Handler)
- }
-
// wrap the HTTP handler with a handler that does MITM detection
tlsh := &tlsHandler{next: s.Server.Handler}
s.Server.Handler = tlsh // this needs to be the "outer" handler when Serve() is called, for type assertion
@@ -237,7 +229,6 @@ func makeHTTPServerWithTimeouts(addr string, group []*SiteConfig) *http.Server {
func (s *Server) wrapWithSvcHeaders(previousHandler http.Handler) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
- s.quicServer.SetQuicHeaders(w.Header())
previousHandler.ServeHTTP(w, r)
}
}
@@ -333,18 +324,11 @@ func (s *Server) Serve(ln net.Listener) error {
if err == http.ErrServerClosed {
err = nil // not an error worth reporting since closing a server is intentional
}
- if s.quicServer != nil {
- s.quicServer.Close()
- }
return err
}
// ServePacket serves QUIC requests on pc until it is closed.
func (s *Server) ServePacket(pc net.PacketConn) error {
- if s.quicServer != nil {
- err := s.quicServer.Serve(pc.(*net.UDPConn))
- return fmt.Errorf("serving QUIC connections: %v", err)
- }
return nil
}
diff --git a/caddyhttp/proxy/reverseproxy.go b/caddyhttp/proxy/reverseproxy.go
index 14d4bd7..d8d0622 100644
--- a/caddyhttp/proxy/reverseproxy.go
+++ b/caddyhttp/proxy/reverseproxy.go
@@ -40,8 +40,6 @@ import (
"golang.org/x/net/http2"
- "github.com/lucas-clemente/quic-go"
- "github.com/lucas-clemente/quic-go/h2quic"
"github.com/mholt/caddy/caddyhttp/httpserver"
)
@@ -250,13 +248,6 @@ func NewSingleHostReverseProxy(target *url.URL, without string, keepalive int, t
rp.Transport = &http.Transport{
Dial: socketDial(target.String(), timeout),
}
- } else if target.Scheme == "quic" {
- rp.Transport = &h2quic.RoundTripper{
- QuicConfig: &quic.Config{
- HandshakeTimeout: defaultCryptoHandshakeTimeout,
- KeepAlive: true,
- },
- }
} else if keepalive != http.DefaultMaxIdleConnsPerHost || strings.HasPrefix(target.Scheme, "srv") {
dialFunc := rp.dialer.Dial
if strings.HasPrefix(target.Scheme, "srv") {
@@ -303,11 +294,6 @@ func (rp *ReverseProxy) UseInsecureTransport() {
// No http2.ConfigureTransport() here.
// For now this is only added in places where
// an http.Transport is actually created.
- } else if transport, ok := rp.Transport.(*h2quic.RoundTripper); ok {
- if transport.TLSClientConfig == nil {
- transport.TLSClientConfig = &tls.Config{}
- }
- transport.TLSClientConfig.InsecureSkipVerify = true
}
}
@@ -322,11 +308,6 @@ func (rp *ReverseProxy) UseOwnCACertificates(CaCertPool *x509.CertPool) {
// No http2.ConfigureTransport() here.
// For now this is only added in places where
// an http.Transport is actually created.
- } else if transport, ok := rp.Transport.(*h2quic.RoundTripper); ok {
- if transport.TLSClientConfig == nil {
- transport.TLSClientConfig = &tls.Config{}
- }
- transport.TLSClientConfig.RootCAs = CaCertPool
}
}
@@ -340,10 +321,6 @@ func (rp *ReverseProxy) ServeHTTP(rw http.ResponseWriter, outreq *http.Request,
rp.Director(outreq)
- if outreq.URL.Scheme == "quic" {
- outreq.URL.Scheme = "https" // Change scheme back to https for QUIC RoundTripper
- }
-
res, err := transport.RoundTrip(outreq)
if err != nil {
return err
|