How to set the source IP address for forwarded requests when using the https_connect_proxy setting #558
Answered
by
GlenDC
ShabbirHasan1
asked this question in
Q&A
How to set the source IP address for forwarded requests when using the https_connect_proxy setting
#558
-
|
I’m having a bit of trouble with setting up I’m trying to figure out how to specify the secondary IP address on the client as well. I’ve looked through the documentation, but I can’t seem to find a way to do it. I’m feeling a bit lost and would really appreciate any help you can provide. Thanks a bunch! |
Beta Was this translation helpful? Give feedback.
Answered by
GlenDC
May 20, 2025
Replies: 4 comments 4 replies
-
|
How are you currently binding the client? Could you share your code—either the actual implementation or an abstracted example that doesn't expose any sensitive information? Without more context, the most likely approach you'll want to take is to define your own TCP connector. The simplest way to do this is by setting the stream connector factory using Within the connector factory, you would typically create a raw Starting from Rama 0.3, this process will become a bit easier, as you'll be able to provide a simple config struct directly to the stream connector factory. For now, however, you'll need to write a few extra lines of boilerplate, though it's still straightforward and doesn't require reinventing the wheel. Let me know if that makes sense or if you have any further questions—happy to help! If this is part of a commercial project, you're also welcome to become a sponsor, which includes basic support. Alternatively, you can hire us for a one-time or long-term service contract, depending on your needs. That said, for small questions like this, I'm more than happy to assist for free. Feel free to ask if you need further clarification or guidance. If anything is unclear or if I misunderstood your question, a minimal reproducible example would help a lot. You can share a simplified version of your code, or even the actual code privately via DM on Discord or email, if preferred. |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
Thanks a bunch for your detailed response! 🙏 I’m excited to try out your suggestions and see how far I can get. Even if I can’t make it work exactly as i wish it to be, any hints or snippets would be super helpful. If you could share some snippets to pass the source ip in the Here’s what I did in the following order:
use rama::{
Context, Layer, Service,
graceful::Shutdown,
http::{
Body, Request, Response, StatusCode,
client::EasyHttpWebClient,
layer::{proxy_auth::ProxyAuthLayer, trace::TraceLayer, upgrade::UpgradeLayer},
matcher::MethodMatcher,
server::HttpServer,
service::web::response::IntoResponse,
},
layer::ConsumeErrLayer,
net::{
http::RequestContext,
proxy::ProxyTarget,
stream::layer::http::BodyLimitLayer,
tls::{SecureTransport, server::SelfSignedData},
user::Basic,
},
rt::Executor,
service::service_fn,
tcp::{client::service::Forwarder, server::TcpListener},
};
#[cfg(feature = "boring")]
use rama::{
net::tls::{
ApplicationProtocol,
server::{ServerAuth, ServerConfig},
},
tls::boring::server::TlsAcceptorLayer,
};
#[cfg(all(feature = "rustls", not(feature = "boring")))]
use rama::tls::rustls::server::{TlsAcceptorDataBuilder, TlsAcceptorLayer};
use argh::FromArgs;
use std::convert::Infallible;
use std::time::Duration;
use tracing::metadata::LevelFilter;
use tracing_subscriber::{EnvFilter, fmt, prelude::*};
#[derive(FromArgs)]
/// Proxy Config
struct ProxyConfig {
/// ip address to bind, Default to 0.0.0.0
#[argh(option, default = "String::from(\"0.0.0.0\")", short = 'i')]
ip: String,
/// port to bind, Default to 62016
#[argh(option, default = "String::from(\"62016\")", short = 'p')]
port: String,
/// username for authentication, Default to test
#[argh(option, default = "String::from(\"test\")", short = 'u')]
user: String,
/// secret for authentication, Default to test
#[argh(option, default = "String::from(\"test\")", short = 's')]
secret: String,
}
#[tokio::main]
async fn main() {
tracing_subscriber::registry()
.with(fmt::layer())
.with(
EnvFilter::builder()
.with_default_directive(LevelFilter::DEBUG.into())
.from_env_lossy(),
)
.init();
let config = argh::from_env::<ProxyConfig>();
let shutdown = Shutdown::default();
#[cfg(feature = "boring")]
let tls_service_data = {
let tls_server_config = ServerConfig {
application_layer_protocol_negotiation: Some(vec![
ApplicationProtocol::HTTP_2,
ApplicationProtocol::HTTP_11,
]),
..ServerConfig::new(ServerAuth::SelfSigned(SelfSignedData {
organisation_name: Some("Example Server Acceptor".to_owned()),
..Default::default()
}))
};
tls_server_config
.try_into()
.expect("create tls server config")
};
#[cfg(all(feature = "rustls", not(feature = "boring")))]
let tls_service_data = {
TlsAcceptorDataBuilder::new_self_signed(SelfSignedData {
organisation_name: Some("Example Server Acceptor".to_owned()),
..Default::default()
})
.expect("self signed acceptor data")
.with_alpn_protocols_http_auto()
.with_env_key_logger()
.expect("with env key logger")
.build()
};
let bind_addr = format!("{}:{}", config.ip, config.port);
let bind_failed_msg = &*format!("bind tcp proxy to {}", &bind_addr).leak();
// create tls proxy
shutdown.spawn_task_fn(async |guard| {
let tcp_service = TcpListener::build()
.bind(bind_addr)
.await
.expect(bind_failed_msg);
let exec = Executor::graceful(guard.clone());
let http_service = HttpServer::auto(exec.clone()).service(
(
TraceLayer::new_for_http(),
// See [`ProxyAuthLayer::with_labels`] for more information,
// e.g. can also be used to extract upstream proxy filter
ProxyAuthLayer::new(Basic::new(config.user, config.secret)),
UpgradeLayer::new(
MethodMatcher::CONNECT,
service_fn(http_connect_accept),
ConsumeErrLayer::default().into_layer(Forwarder::ctx()),
),
)
.into_layer(service_fn(http_plain_proxy)),
);
tcp_service
.serve_graceful(
guard,
(
// protect the http proxy from too large bodies, both from request and response end
BodyLimitLayer::symmetric(2 * 1024 * 1024),
TlsAcceptorLayer::new(tls_service_data).with_store_client_hello(true),
)
.into_layer(http_service),
)
.await;
});
shutdown
.shutdown_with_limit(Duration::from_secs(30))
.await
.expect("graceful shutdown");
}
async fn http_connect_accept<S>(
mut ctx: Context<S>,
req: Request,
) -> Result<(Response, Context<S>, Request), Response>
where
S: Clone + Send + Sync + 'static,
{
match ctx
.get_or_try_insert_with_ctx::<RequestContext, _>(|ctx| (ctx, &req).try_into())
.map(|ctx| ctx.authority.clone())
{
Ok(authority) => {
tracing::info!(%authority, "accept CONNECT (lazy): insert proxy target into context");
ctx.insert(ProxyTarget(authority));
}
Err(err) => {
tracing::error!(err = %err, "error extracting authority");
return Err(StatusCode::BAD_REQUEST.into_response());
}
}
tracing::info!(
"proxy secure transport ingress: {:?}",
ctx.get::<SecureTransport>()
);
Ok((StatusCode::OK.into_response(), ctx, req))
}
async fn http_plain_proxy<S>(ctx: Context<S>, req: Request) -> Result<Response, Infallible>
where
S: Clone + Send + Sync + 'static,
{
let client = EasyHttpWebClient::default();
let uri = req.uri().clone();
tracing::debug!(uri = %req.uri(), "proxy connect plain text request");
match client.serve(ctx, req).await {
Ok(resp) => Ok(resp),
Err(err) => {
tracing::error!(error = %err, uri = %uri, "error in client request");
Ok(Response::builder()
.status(StatusCode::INTERNAL_SERVER_ERROR)
.body(Body::empty())
.unwrap())
}
}
}
$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: ens18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether bc:24:11:9c:9c:8b brd ff:ff:ff:ff:ff:ff
altname enp0s18
inet 161.XXX.XXX.129/24 brd 161.XXX.XXX.255 scope global ens18
valid_lft forever preferred_lft forever
inet 161.XXX.XXX.221/24 brd 161.XXX.XXX.255 scope global secondary ens18
valid_lft forever preferred_lft forever
inet 161.XXX.XXX.222/24 brd 161.XXX.XXX.255 scope global secondary ens18
valid_lft forever preferred_lft forever
inet 161.XXX.XXX.223/24 brd 161.XXX.XXX.255 scope global secondary ens18
valid_lft forever preferred_lft forever
inet 161.XXX.XXX.224/24 brd 161.XXX.XXX.255 scope global secondary ens18
valid_lft forever preferred_lft forever
inet 161.XXX.XXX.225/24 brd 161.XXX.XXX.255 scope global secondary ens18
valid_lft forever preferred_lft forever
inet 161.XXX.XXX.226/24 brd 161.XXX.XXX.255 scope global secondary ens18
valid_lft forever preferred_lft forever
inet 161.248.162.227/24 brd 161.XXX.XXX.255 scope global secondary ens18
valid_lft forever preferred_lft forever
inet 161.XXX.XXX.228/24 brd 161.XXX.XXX.255 scope global secondary ens18
valid_lft forever preferred_lft forever
inet 161.XXX.XXX.229/24 brd 161.XXX.XXX.255 scope global secondary ens18
valid_lft forever preferred_lft forever
inet 161.XXX.XXX.230/24 brd 161.XXX.XXX.255 scope global secondary ens18
valid_lft forever preferred_lft forever#!/usr/bin/env bash
ptproxy -i 161.XXX.XXX.129 -p 443 -u Pt_FSzJsDScmgk -s redacted > /dev/null 2>&1 &
sleep 1
ptproxy -i 161.XXX.XXX.221 -p 443 -u Pt_KNaPo34XV4a -s redacted > /dev/null 2>&1 &
sleep 1
ptproxy -i 161.XXX.XXX.222 -p 443 -u Pt_BxD0NFMY1U9 -s redacted > /dev/null 2>&1 &
sleep 1
ptproxy -i 161.XXX.XXX.223 -p 443 -u Pt_L56muvxImjx -s redacted > /dev/null 2>&1 &
sleep 1
ptproxy -i 161.XXX.XXX.224 -p 443 -u Pt_492KxzhzYRk -s redacted > /dev/null 2>&1 &
sleep 1
ptproxy -i 161.XXX.XXX.225 -p 443 -u Pt_IgZSJozDVsz -s redacted > /dev/null 2>&1 &
sleep 1
ptproxy -i 161.XXX.XXX.226 -p 443 -u Pt_9lyLB06T8Gh -s redacted > /dev/null 2>&1 &
sleep 1
ptproxy -i 161.XXX.XXX.227 -p 443 -u Pt_jKoEsehutD0 -s redacted > /dev/null 2>&1 &
sleep 1
ptproxy -i 161.XXX.XXX.228 -p 443 -u Pt_LZG36gkYKXu -s redacted > /dev/null 2>&1 &
sleep 1
ptproxy -i 161.XXX.XXX.229 -p 443 -u Pt_LiPBiATm9tY -s redacted > /dev/null 2>&1 &
sleep 1
ptproxy -i 161.XXX.XXX.230 -p 443 -u Pt_6DJxObcnhxj -s redacted > /dev/null 2>&1 &
#!/usr/bin/env bash
curl --proxy-insecure -v -x "https://161.XXX.XXX.129" --proxy-user 'Pt_FSzJsDScmgk:redacted' "https://api.ipify.org" -H "User-Agent: Chrome/138.0.0.0"
echo "\n===============================================\n"
curl --proxy-insecure -v -x "https://161.XXX.XXX.221" --proxy-user 'Pt_KNaPo34XV4a:redacted' "https://api.ipify.org" -H "User-Agent: Chrome/138.0.0.0"
echo "\n===============================================\n"
curl --proxy-insecure -v -x "https://161.XXX.XXX.222" --proxy-user 'Pt_BxD0NFMY1U9:redacted' "https://api.ipify.org" -H "User-Agent: Chrome/138.0.0.0"
echo "\n===============================================\n"
curl --proxy-insecure -v -x "https://161.XXX.XXX.223" --proxy-user 'Pt_L56muvxImjx:redacted' "https://api.ipify.org" -H "User-Agent: Chrome/138.0.0.0"
echo "\n===============================================\n"
curl --proxy-insecure -v -x "https://161.XXX.XXX.224" --proxy-user 'Pt_492KxzhzYRk:redacted' "https://api.ipify.org" -H "User-Agent: Chrome/138.0.0.0"
echo "\n===============================================\n"
curl --proxy-insecure -v -x "https://161.XXX.XXX.225" --proxy-user 'Pt_IgZSJozDVsz:redacted' "https://api.ipify.org" -H "User-Agent: Chrome/138.0.0.0"
echo "\n===============================================\n"
curl --proxy-insecure -v -x "https://161.XXX.XXX.226" --proxy-user 'Pt_9lyLB06T8Gh:redacted' "https://api.ipify.org" -H "User-Agent: Chrome/138.0.0.0"
echo "\n===============================================\n"
curl --proxy-insecure -v -x "https://161.XXX.XXX.227" --proxy-user 'Pt_jKoEsehutD0:redacted' "https://api.ipify.org" -H "User-Agent: Chrome/138.0.0.0"
echo "\n===============================================\n"
curl --proxy-insecure -v -x "https://161.XXX.XXX.228" --proxy-user 'Pt_LZG36gkYKXu:redacted' "https://api.ipify.org" -H "User-Agent: Chrome/138.0.0.0"
echo "\n===============================================\n"
curl --proxy-insecure -v -x "https://161.XXX.XXX.229" --proxy-user 'Pt_LiPBiATm9tY:redacted' "https://api.ipify.org" -H "User-Agent: Chrome/138.0.0.0"
echo "\n===============================================\n"
curl --proxy-insecure -v -x "https://161.XXX.XXX.230" --proxy-user 'Pt_6DJxObcnhxj:redacted' "https://api.ipify.org" -H "User-Agent: Chrome/138.0.0.0"
echo "\n===============================================\n"
curl --interface 161.XXX.XXX.221 -v "https://api.ipify.org/"import requests, socket
from time import sleep
from requests_toolbelt.adapters import source
source_ips = ["161.XXX.XXX.129"] + [ f"161.XXX.XXX.{i}" for i in range(221,231) ]
target_url = "https://api.ipify.org"
timeout_seconds = 5
for source_ip in source_ips:
print(f"\nAttempting request from source IP: {source_ip}")
source_adapter = source.SourceAddressAdapter(source_ip)
with requests.Session() as session:
session.mount('http://', source_adapter)
session.mount('https://', source_adapter)
try:
response = session.get(target_url, timeout=timeout_seconds, headers={"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36"})
print(f"Status Code: {response.status_code}")
print(f"Response: {response.text}")
except requests.exceptions.ConnectTimeout:
print(f" ERROR: Connection timed out for IP {source_ip} to {target_url}.")
try:
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.settimeout(timeout_seconds)
s.bind((source_ip, 0)) # Bind to the source IP, let OS pick ephemeral port
target_host = 'httpbin.org'
target_port = 80
try:
target_resolved_ip = socket.gethostbyname(target_host)
s.connect((target_resolved_ip, target_port))
print(f" Socket test: Successfully bound to {ip} and connected to {target_host}:{target_port}.")
s.close()
except socket.error as sock_err:
print(f" Socket test: Failed to connect to {target_host}:{target_port} from {source_ip}. Error: {sock_err}")
except Exception as ex:
print(f" Socket test: An unexpected error during connection test: {ex}")
except socket.error as bind_err:
print(f" Socket test: Failed to bind to source IP {source_ip}. Error: {bind_err}")
except Exception as ex:
print(f" Socket test: An unexpected error during socket binding test: {ex}")
except requests.exceptions.ReadTimeout:
print(f" ERROR: Read timed out for IP {source_ip} from {target_url}.")
print(" This means the connection was established, but no data was received within the timeout.")
print(" Possible causes: Server slow/stuck, large response, network congestion.")
except requests.exceptions.HTTPError as e:
print(f" ERROR: HTTP Error for IP {source_ip} - {e}")
print(f" Response content: {e.response.text}")
except requests.exceptions.RequestException as e:
print(f" ERROR: An unexpected requests error occurred for IP {source_ip}: {e}")
except Exception as e:
print(f" ERROR: An unhandled exception occurred for IP {source_ip}: {e}")
else:
sleep(0.5)
|
Beta Was this translation helpful? Give feedback.
0 replies
-
|
Instead of binding many proxies to each IP you can just bind to an interface: Or if you need more options you can use socket options: Note that this only is available on linux, android and the like. I assume this is fine give you use the example of rama on main branch as well? or at least For your egress traffic you will not be able to use Your custom client service will be a lot simpler than the `EasyHttpWebClient implementation, |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
Thanks a ton for this! It’s way better and cleaner than what I was doing. Now, I just need to extract the IP address from the incoming proxy connect requests and use that same IP address as a source when making requests to the target server. I know I have to use custom client code, but as you suggested and emphasized, it shouldn’t be too difficult. Even with version 0.3, this would help me do the same with proxy WebSocket connections as well. Thanks a bunch, @GlenDC 🙏 🫡 🙌 You guys are doing an amazing job making this library open source, and even providing such detailed support like this. 🙇 |
Beta Was this translation helpful? Give feedback.
Answer selected by
ShabbirHasan1
-
|
I also made the inner tcp connector part easier. You can now create it directly from |
Beta Was this translation helpful? Give feedback.
3 replies
-
|
Thanks a ton man 🙏 🫡 🙌 🙇. I’ll also update my final working code here so that anyone who wants to achieve the same objective can use the code or replicate it according to their needs and get it done. |
Beta Was this translation helpful? Give feedback.
-
|
@GlenDC Hi, I tried your suggestion, but it didn’t seem to work as expected. When I tried to bind it to the device, it gave me an error message: Device Bind Error 025-05-21T16:21:01.191764Z TRACE tokio_graceful::guard: new shutdown guard: ref_count+1: 1
2025-05-21T16:21:03.090131Z TRACE tokio_graceful::guard: clone shutdown guard: ref_count+1: 2
2025-05-21T16:21:03.090169Z INFO tokio_graceful::shutdown: ::shutdown: waiting for signal to trigger (read: to be cancelled)
2025-05-21T16:21:03.090175Z TRACE tokio_graceful::guard: drop shutdown guard: ref_count-1: 1
2025-05-21T16:21:03.090191Z TRACE tokio_graceful::trigger: trigger::Subscriber: insert waker for key: 0
2025-05-21T16:21:03.091531Z TRACE tokio_graceful::guard: clone shutdown guard: ref_count+1: 2
2025-05-21T16:21:03.091536Z TRACE tokio_graceful::guard: clone shutdown guard: ref_count+1: 3
2025-05-21T16:21:03.091539Z TRACE tokio_graceful::guard: clone shutdown guard: ref_count+1: 4
2025-05-21T16:21:03.092634Z TRACE tokio_graceful::guard: drop shutdown guard: ref_count-1: 3
2025-05-21T16:21:03.092653Z TRACE tokio_graceful::guard: clone shutdown guard: ref_count+1: 4
2025-05-21T16:21:03.092658Z TRACE tokio_graceful::trigger: trigger::Subscriber: insert waker for key: 1
2025-05-21T16:21:03.092679Z ERROR rama_tcp::server::listener: TCP accept error error=Invalid argument (os error 22)
2025-05-21T16:21:04.094873Z ERROR rama_tcp::server::listener: TCP accept error error=Invalid argument (os error 22)
2025-05-21T16:21:05.096045Z ERROR rama_tcp::server::listener: TCP accept error error=Invalid argument (os error 22)
2025-05-21T16:21:06.097421Z ERROR rama_tcp::server::listener: TCP accept error error=Invalid argument (os error 22)
2025-05-21T16:21:07.098638Z ERROR rama_tcp::server::listener: TCP accept error error=Invalid argument (os error 22)
2025-05-21T16:21:08.099838Z ERROR rama_tcp::server::listener: TCP accept error error=Invalid argument (os error 22)
2025-05-21T16:21:09.101059Z ERROR rama_tcp::server::listener: TCP accept error error=Invalid argument (os error 22)
2025-05-21T16:21:10.102394Z TRACE tokio_graceful::trigger: trigger::Subscriber: updating waker for key: 1
2025-05-21T16:21:10.102471Z ERROR rama_tcp::server::listener: TCP accept error error=Invalid argument (os error 22)
2025-05-21T16:21:11.102721Z ERROR rama_tcp::server::listener: TCP accept error error=Invalid argument (os error 22)
2025-05-21T16:21:12.103985Z ERROR rama_tcp::server::listener: TCP accept error error=Invalid argument (os error 22)
2025-05-21T16:21:13.105202Z ERROR rama_tcp::server::listener: TCP accept error error=Invalid argument (os error 22)
^C2025-05-21T16:21:13.596019Z TRACE tokio_graceful::trigger: trigger::Sender: wake up waker with key: 0
2025-05-21T16:21:13.596048Z TRACE tokio_graceful::trigger: trigger::Sender: wake up waker with key: 1
2025-05-21T16:21:13.596087Z TRACE tokio_graceful::trigger: trigger::ReceiverState::Drop: remove waker for key: 0
2025-05-21T16:21:13.596104Z INFO tokio_graceful::shutdown: ::shutdown: waiting for all guards to drop for a max of 30s
2025-05-21T16:21:13.596137Z TRACE tokio_graceful::trigger: trigger::Subscriber: insert waker for key: 0
2025-05-21T16:21:14.105738Z ERROR rama_tcp::server::listener: TCP accept error error=Invalid argument (os error 22)
2025-05-21T16:21:15.106983Z ERROR rama_tcp::server::listener: TCP accept error error=Invalid argument (os error 22)
2025-05-21T16:21:16.108211Z TRACE tokio_graceful::trigger: trigger::ReceiverState::Drop: remove waker for key: 1
2025-05-21T16:21:16.108261Z TRACE rama_tcp::server::listener: signal received: initiate graceful shutdown
2025-05-21T16:21:16.108322Z TRACE tokio_graceful::guard: drop shutdown guard: ref_count-1: 3
2025-05-21T16:21:16.108371Z TRACE tokio_graceful::guard: drop shutdown guard: ref_count-1: 2
2025-05-21T16:21:16.108385Z TRACE tokio_graceful::guard: drop shutdown guard: ref_count-1: 1
2025-05-21T16:21:16.108428Z TRACE tokio_graceful::guard: drop shutdown guard: ref_count-1: 0
2025-05-21T16:21:16.108436Z TRACE tokio_graceful::trigger: trigger::Sender: wake up waker with key: 0
2025-05-21T16:21:16.108472Z TRACE tokio_graceful::trigger: trigger::ReceiverState::Drop: remove waker for key: 0
2025-05-21T16:21:16.108493Z INFO tokio_graceful::shutdown: ::shutdown: ready after 2.512357005sI’ve forked the let tcp_connector = TcpConnector::new().with_connector(Arc::new(SocketOptions {
address: Some(SocketAddress::new(
IpAddr::V4(Ipv4Addr::new(161, XXX, XX, 223)),
0,
)),
..SocketOptions::default_tcp()
}));2025-05-21T16:21:24.131063Z TRACE tokio_graceful::guard: new shutdown guard: ref_count+1: 1
2025-05-21T16:21:25.507154Z TRACE tokio_graceful::guard: clone shutdown guard: ref_count+1: 2
2025-05-21T16:21:25.507199Z INFO tokio_graceful::shutdown: ::shutdown: waiting for signal to trigger (read: to be cancelled)
2025-05-21T16:21:25.507205Z TRACE tokio_graceful::guard: drop shutdown guard: ref_count-1: 1
2025-05-21T16:21:25.507223Z TRACE tokio_graceful::trigger: trigger::Subscriber: insert waker for key: 0
2025-05-21T16:21:25.508297Z DEBUG ptproxy: local_addr=Ok(0.0.0.0:443)
2025-05-21T16:21:25.508346Z TRACE tokio_graceful::guard: clone shutdown guard: ref_count+1: 2
2025-05-21T16:21:25.508381Z TRACE tokio_graceful::guard: clone shutdown guard: ref_count+1: 3
2025-05-21T16:21:25.508387Z TRACE tokio_graceful::guard: clone shutdown guard: ref_count+1: 4
2025-05-21T16:21:25.509366Z TRACE tokio_graceful::guard: drop shutdown guard: ref_count-1: 3
2025-05-21T16:21:25.509377Z TRACE tokio_graceful::guard: clone shutdown guard: ref_count+1: 4
2025-05-21T16:21:25.509382Z TRACE tokio_graceful::trigger: trigger::Subscriber: insert waker for key: 1
2025-05-21T16:21:54.298457Z TRACE tokio_graceful::trigger: trigger::Subscriber: updating waker for key: 1
2025-05-21T16:21:54.298536Z TRACE tokio_graceful::guard: clone shutdown guard: ref_count+1: 5
2025-05-21T16:21:54.298705Z TRACE tokio_graceful::guard: clone shutdown guard: ref_count+1: 6
2025-05-21T16:21:54.298786Z TRACE tokio_graceful::trigger: trigger::Subscriber: updating waker for key: 1
2025-05-21T16:21:54.299111Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}: rama_tls_boring::server::service: tls boring server service: set alpn protos callback
2025-05-21T16:21:54.515896Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}: tokio_graceful::guard: clone shutdown guard: ref_count+1: 7
2025-05-21T16:21:54.515936Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}: tokio_graceful::trigger: trigger::Subscriber: insert waker for key: 2
2025-05-21T16:21:54.516288Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}: rama_http_core::proto::h1::conn: Conn::read_head
2025-05-21T16:21:54.516319Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}: rama_http_core::proto::h1::conn: setting h1 header read timeout timer
2025-05-21T16:21:54.516347Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}: rama_http_core::proto::h1::io: received 24 bytes
2025-05-21T16:21:54.516392Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}: rama_http_core::proto::h1::role: Request.parse bytes=24
2025-05-21T16:21:54.516416Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}: rama_http_core::proto::h1::io: partial headers; 24 bytes so far
2025-05-21T16:21:54.516440Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}: rama_http_core::proto::h1::io: received 151 bytes
2025-05-21T16:21:54.516453Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}: rama_http_core::proto::h1::role: Request.parse bytes=175
2025-05-21T16:21:54.516476Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}: rama_http_core::proto::h1::role: Request.parse Complete(175)
2025-05-21T16:21:54.516536Z DEBUG Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}: rama_http_core::proto::h1::io: parsed 4 headers
2025-05-21T16:21:54.516552Z DEBUG Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}: rama_http_core::proto::h1::conn: incoming body is empty
2025-05-21T16:21:54.516572Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}: rama_http_core::proto::h1::conn: {role=server}: prepare possible HTTP upgrade
2025-05-21T16:21:54.516604Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}: tokio_graceful::guard: clone shutdown guard: ref_count+1: 8
2025-05-21T16:21:54.516700Z DEBUG Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}:request{method=CONNECT uri=api.ipify.org:443 version=HTTP/1.1}: rama_http::layer::trace::on_request: started processing request
2025-05-21T16:21:54.516771Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}: tokio_graceful::guard: clone shutdown guard: ref_count+1: 9
2025-05-21T16:21:54.517682Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}: rama_net::http::request_context: request context: CONNECT: defaulting protocol to HTTPS uri=api.ipify.org:443 method=CONNECT
2025-05-21T16:21:54.517704Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}: rama_net::http::request_context: request context: detected protocol: https (scheme: None) uri=api.ipify.org:443
2025-05-21T16:21:54.517732Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}: rama_net::http::request_context: request context: detected default port: 443 uri=api.ipify.org:443
2025-05-21T16:21:54.517749Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}: rama_net::http::request_context: request context: detected host from (abs) uri uri=api.ipify.org:443 host=api.ipify.org
2025-05-21T16:21:54.517764Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}: rama_net::http::request_context: request context: detected authority: api.ipify.org:443 uri=api.ipify.org:443
2025-05-21T16:21:54.517776Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}: rama_net::http::request_context: request context: maybe detected http version: HTTP/1.1 uri=api.ipify.org:443
2025-05-21T16:21:54.517802Z INFO Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}: ptproxy: accept CONNECT (lazy): insert proxy target into context authority=api.ipify.org:443
2025-05-21T16:21:54.517819Z INFO Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}: ptproxy: proxy secure transport ingress: Some(SecureTransport { client_hello: Some(ClientHello { protocol_version: TLSv1_2, cipher_suites: [TLS13_AES_256_GCM_SHA384, TLS13_CHACHA20_POLY1305_SHA256, TLS13_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV], compression_algorithms: [Null], extensions: [ECPointFormats([Uncompressed, ANSIX962CompressedPrime, ANSIX962CompressedChar2]), SupportedGroups([X25519, SECP256R1, X448, SECP521R1, SECP384R1, FFDHE2048, FFDHE3072, FFDHE4096, FFDHE6144, FFDHE8192]), Opaque { id: NEXT_PROTOCOL_NEGOTIATION, data: [] }, ApplicationLayerProtocolNegotiation([HTTP_11]), Opaque { id: ENCRYPT_THEN_MAC, data: [] }, Opaque { id: EXTENDED_MASTER_SECRET, data: [] }, Opaque { id: POST_HANDSHAKE_AUTH, data: [] }, SignatureAlgorithms([ECDSA_NISTP256_SHA256, ECDSA_NISTP384_SHA384, ECDSA_NISTP521_SHA512, ED25519, ED448, RSA_PSS_PSS_SHA256, RSA_PSS_PSS_SHA384, RSA_PSS_PSS_SHA512, RSA_PSS_SHA256, RSA_PSS_SHA384, RSA_PSS_SHA512, RSA_PKCS1_SHA256, RSA_PKCS1_SHA384, RSA_PKCS1_SHA512, SHA224_ECDSA, SHA224_RSA, SHA224_DSA, SHA256_DSA, SHA384_DSA, SHA512_DSA]), SupportedVersions([TLSv1_3, TLSv1_2]), Opaque { id: PSK_KEY_EXCHANGE_MODES, data: [1, 1] }, Opaque { id: KEY_SHARE, data: [0, 36, 0, 29, 0, 32, 199, 8, 68, 37, 102, 242, 9, 163, 93, 235, 21, 218, 26, 235, 254, 21, 15, 146, 27, 166, 121, 104, 13, 208, 228, 213, 180, 20, 79, 71, 122, 14] }, Opaque { id: PADDING, data: [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0] }] }) })
2025-05-21T16:21:54.517958Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}: tokio_graceful::guard: clone shutdown guard: ref_count+1: 10
2025-05-21T16:21:54.517974Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}: tokio_graceful::guard: drop shutdown guard: ref_count-1: 9
2025-05-21T16:21:54.517985Z DEBUG Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}: rama_http::layer::trace::on_response: finished processing request latency=1 ms status=200
2025-05-21T16:21:54.518017Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}: rama_http_core::proto::h1::role: Server::encode status=200, body=None, req_method=Some(CONNECT)
2025-05-21T16:21:54.518038Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}: rama_http_core::proto::h1::role: server body forced to 0; method=Some(CONNECT), status=200
2025-05-21T16:21:54.518086Z DEBUG Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}: rama_http_core::proto::h1::io: flushed 56 bytes
2025-05-21T16:21:54.518114Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}: rama_http_core::proto::h1::conn: State::close()
2025-05-21T16:21:54.518126Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}: rama_http_core::proto::h1::conn: flushed({role=server}): State { reading: Closed, writing: Closed, keep_alive: Disabled }
2025-05-21T16:21:54.518152Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}: tokio_graceful::guard: drop shutdown guard: ref_count-1: 8
2025-05-21T16:21:54.518165Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}: rama_http_core::upgrade: pending upgrade fulfill
2025-05-21T16:21:54.518174Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}: rama_http_backend::server::hyper_conn::private: connection finished
2025-05-21T16:21:54.518194Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}: tokio_graceful::trigger: trigger::ReceiverState::Drop: remove waker for key: 2
2025-05-21T16:21:54.518202Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}: tokio_graceful::guard: drop shutdown guard: ref_count-1: 7
2025-05-21T16:21:54.518217Z TRACE tokio_graceful::guard: drop shutdown guard: ref_count-1: 6
2025-05-21T16:21:54.518297Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}:Server::upgrade::serve{http.request.method=CONNECT url.path= url.query="" url.scheme=}: tokio_graceful::guard: clone shutdown guard: ref_count+1: 7
2025-05-21T16:21:54.518317Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}:Server::upgrade::serve{http.request.method=CONNECT url.path= url.query="" url.scheme=}: tokio_graceful::guard: clone shutdown guard: ref_count+1: 8
2025-05-21T16:21:54.518491Z DEBUG Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}:Server::upgrade::serve{http.request.method=CONNECT url.path= url.query="" url.scheme=}:Client::tcp::connect::dns_v6: hickory_proto::xfer::dns_handle: querying: api.ipify.org. AAAA
2025-05-21T16:21:54.518501Z DEBUG Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}:Server::upgrade::serve{http.request.method=CONNECT url.path= url.query="" url.scheme=}:Client::tcp::connect::dns_v4: hickory_proto::xfer::dns_handle: querying: api.ipify.org. A
2025-05-21T16:21:54.518542Z DEBUG Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}:Server::upgrade::serve{http.request.method=CONNECT url.path= url.query="" url.scheme=}:Client::tcp::connect::dns_v4: hickory_resolver::name_server::name_server_pool: sending request: [Query { name: Name("api.ipify.org."), query_type: A, query_class: IN }]
2025-05-21T16:21:54.518542Z DEBUG Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}:Server::upgrade::serve{http.request.method=CONNECT url.path= url.query="" url.scheme=}:Client::tcp::connect::dns_v6: hickory_resolver::name_server::name_server_pool: sending request: [Query { name: Name("api.ipify.org."), query_type: AAAA, query_class: IN }]
2025-05-21T16:21:54.518613Z DEBUG Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}:Server::upgrade::serve{http.request.method=CONNECT url.path= url.query="" url.scheme=}:Client::tcp::connect::dns_v4: hickory_resolver::name_server::name_server: reconnecting: NameServerConfig { socket_addr: [2606:4700:4700::1111]:53, protocol: Udp, tls_dns_name: None, http_endpoint: None, trust_negative_responses: true, bind_addr: None }
2025-05-21T16:21:54.518611Z DEBUG Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}:Server::upgrade::serve{http.request.method=CONNECT url.path= url.query="" url.scheme=}:Client::tcp::connect::dns_v6: hickory_resolver::name_server::name_server: reconnecting: NameServerConfig { socket_addr: 1.0.0.1:53, protocol: Udp, tls_dns_name: None, http_endpoint: None, trust_negative_responses: true, bind_addr: None }
2025-05-21T16:21:54.518666Z DEBUG Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}:Server::upgrade::serve{http.request.method=CONNECT url.path= url.query="" url.scheme=}:Client::tcp::connect::dns_v6: hickory_proto::xfer: enqueueing message:QUERY:[Query { name: Name("api.ipify.org."), query_type: AAAA, query_class: IN }]
2025-05-21T16:21:54.518660Z DEBUG Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}:Server::upgrade::serve{http.request.method=CONNECT url.path= url.query="" url.scheme=}:Client::tcp::connect::dns_v4: hickory_proto::xfer: enqueueing message:QUERY:[Query { name: Name("api.ipify.org."), query_type: A, query_class: IN }]
2025-05-21T16:21:54.518707Z DEBUG Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}:Server::upgrade::serve{http.request.method=CONNECT url.path= url.query="" url.scheme=}:Client::tcp::connect::dns_v4: hickory_resolver::name_server::name_server: existing connection: NameServerConfig { socket_addr: 1.0.0.1:53, protocol: Udp, tls_dns_name: None, http_endpoint: None, trust_negative_responses: true, bind_addr: None }
2025-05-21T16:21:54.518760Z DEBUG Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}:Server::upgrade::serve{http.request.method=CONNECT url.path= url.query="" url.scheme=}:Client::tcp::connect::dns_v4: hickory_proto::xfer: enqueueing message:QUERY:[Query { name: Name("api.ipify.org."), query_type: A, query_class: IN }]
2025-05-21T16:21:54.518735Z DEBUG hickory_proto::udp::udp_client_stream: final message: ; header 18282:QUERY:RD:NoError:QUERY:0/0/0
; query
;; api.ipify.org. IN AAAA
2025-05-21T16:21:54.518795Z DEBUG hickory_proto::udp::udp_client_stream: final message: ; header 27962:QUERY:RD:NoError:QUERY:0/0/0
; query
;; api.ipify.org. IN A
2025-05-21T16:21:54.518818Z DEBUG hickory_proto::udp::udp_client_stream: final message: ; header 25501:QUERY:RD:NoError:QUERY:0/0/0
; query
;; api.ipify.org. IN A
2025-05-21T16:21:54.518854Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}:Server::upgrade::serve{http.request.method=CONNECT url.path= url.query="" url.scheme=}:Client::tcp::connect::dns_v4: hickory_proto::udp::udp_stream: binding UDP socket port=35442
2025-05-21T16:21:54.518935Z DEBUG Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}:Server::upgrade::serve{http.request.method=CONNECT url.path= url.query="" url.scheme=}:Client::tcp::connect::dns_v4: hickory_proto::udp::udp_stream: created socket successfully
2025-05-21T16:21:54.518992Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}:Server::upgrade::serve{http.request.method=CONNECT url.path= url.query="" url.scheme=}:Client::tcp::connect::dns_v4: hickory_proto::udp::udp_client_stream: creating UDP receive buffer with size 512
2025-05-21T16:21:54.519026Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}:Server::upgrade::serve{http.request.method=CONNECT url.path= url.query="" url.scheme=}:Client::tcp::connect::dns_v4: hickory_proto::udp::udp_stream: binding UDP socket port=13394
2025-05-21T16:21:54.519083Z DEBUG Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}:Server::upgrade::serve{http.request.method=CONNECT url.path= url.query="" url.scheme=}:Client::tcp::connect::dns_v4: hickory_proto::udp::udp_stream: created socket successfully
2025-05-21T16:21:54.519123Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}:Server::upgrade::serve{http.request.method=CONNECT url.path= url.query="" url.scheme=}:Client::tcp::connect::dns_v4: hickory_proto::udp::udp_client_stream: creating UDP receive buffer with size 512
2025-05-21T16:21:54.519377Z DEBUG Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}:Server::upgrade::serve{http.request.method=CONNECT url.path= url.query="" url.scheme=}:Client::tcp::connect::dns_v6: hickory_resolver::name_server::name_server: existing connection: NameServerConfig { socket_addr: [2606:4700:4700::1111]:53, protocol: Udp, tls_dns_name: None, http_endpoint: None, trust_negative_responses: true, bind_addr: None }
2025-05-21T16:21:54.519407Z DEBUG Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}:Server::upgrade::serve{http.request.method=CONNECT url.path= url.query="" url.scheme=}:Client::tcp::connect::dns_v6: hickory_proto::xfer: enqueueing message:QUERY:[Query { name: Name("api.ipify.org."), query_type: AAAA, query_class: IN }]
2025-05-21T16:21:54.519435Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}:Server::upgrade::serve{http.request.method=CONNECT url.path= url.query="" url.scheme=}:Client::tcp::connect::dns_v6: hickory_proto::udp::udp_stream: binding UDP socket port=61411
2025-05-21T16:21:54.519482Z DEBUG Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}:Server::upgrade::serve{http.request.method=CONNECT url.path= url.query="" url.scheme=}:Client::tcp::connect::dns_v6: hickory_proto::udp::udp_stream: created socket successfully
2025-05-21T16:21:54.519542Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}:Server::upgrade::serve{http.request.method=CONNECT url.path= url.query="" url.scheme=}:Client::tcp::connect::dns_v6: hickory_proto::udp::udp_client_stream: creating UDP receive buffer with size 512
2025-05-21T16:21:54.519571Z DEBUG hickory_proto::udp::udp_client_stream: final message: ; header 28734:QUERY:RD:NoError:QUERY:0/0/0
; query
;; api.ipify.org. IN AAAA
2025-05-21T16:21:54.519594Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}:Server::upgrade::serve{http.request.method=CONNECT url.path= url.query="" url.scheme=}:Client::tcp::connect::dns_v6: hickory_proto::udp::udp_stream: binding UDP socket port=9743
2025-05-21T16:21:54.519638Z DEBUG Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}:Server::upgrade::serve{http.request.method=CONNECT url.path= url.query="" url.scheme=}:Client::tcp::connect::dns_v6: hickory_proto::udp::udp_stream: created socket successfully
2025-05-21T16:21:54.519674Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}:Server::upgrade::serve{http.request.method=CONNECT url.path= url.query="" url.scheme=}:Client::tcp::connect::dns_v6: hickory_proto::udp::udp_client_stream: creating UDP receive buffer with size 512
2025-05-21T16:21:54.520578Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}:Server::upgrade::serve{http.request.method=CONNECT url.path= url.query="" url.scheme=}:Client::tcp::connect::dns_v4: hickory_proto::rr::record_data: reading A
2025-05-21T16:21:54.520603Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}:Server::upgrade::serve{http.request.method=CONNECT url.path= url.query="" url.scheme=}:Client::tcp::connect::dns_v4: hickory_proto::rr::record_data: reading A
2025-05-21T16:21:54.520610Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}:Server::upgrade::serve{http.request.method=CONNECT url.path= url.query="" url.scheme=}:Client::tcp::connect::dns_v4: hickory_proto::rr::record_data: reading A
2025-05-21T16:21:54.520617Z DEBUG Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}:Server::upgrade::serve{http.request.method=CONNECT url.path= url.query="" url.scheme=}:Client::tcp::connect::dns_v4: hickory_proto::udp::udp_client_stream: received message id: 25501
2025-05-21T16:21:54.520649Z DEBUG Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}:Server::upgrade::serve{http.request.method=CONNECT url.path= url.query="" url.scheme=}:Client::tcp::connect::dns_v4: hickory_proto::error: response: ; header 25501:RESPONSE:RD,RA:NoError:QUERY:3/0/0
; query
;; api.ipify.org. IN A
; answers 3
api.ipify.org. 29 IN A 104.26.13.205
api.ipify.org. 29 IN A 104.26.12.205
api.ipify.org. 29 IN A 172.67.74.152
; nameservers 0
; additionals 0
2025-05-21T16:21:54.520690Z DEBUG Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}:Server::upgrade::serve{http.request.method=CONNECT url.path= url.query="" url.scheme=}:Client::tcp::connect::dns_v4: hickory_proto::error: response: ; header 25501:RESPONSE:RD,RA:NoError:QUERY:3/0/0
; query
;; api.ipify.org. IN A
; answers 3
api.ipify.org. 29 IN A 104.26.13.205
api.ipify.org. 29 IN A 104.26.12.205
api.ipify.org. 29 IN A 172.67.74.152
; nameservers 0
; additionals 0
2025-05-21T16:21:54.520762Z TRACE rama_tcp::client::connect: [Ipv4] #0: tcp connect attempt to 104.26.13.205:443
2025-05-21T16:21:54.521396Z TRACE rama_tcp::client::connect: [Ipv4] #1: tcp connect attempt to 104.26.12.205:443
2025-05-21T16:21:54.521439Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}:Server::upgrade::serve{http.request.method=CONNECT url.path= url.query="" url.scheme=}:Client::tcp::connect::dns_v6: hickory_proto::rr::record_data: reading SOA
2025-05-21T16:21:54.521462Z DEBUG Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}:Server::upgrade::serve{http.request.method=CONNECT url.path= url.query="" url.scheme=}:Client::tcp::connect::dns_v6: hickory_proto::udp::udp_client_stream: received message id: 18282
2025-05-21T16:21:54.521497Z DEBUG Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}:Server::upgrade::serve{http.request.method=CONNECT url.path= url.query="" url.scheme=}:Client::tcp::connect::dns_v6: hickory_proto::error: response: ; header 18282:RESPONSE:RD,RA:NoError:QUERY:0/1/0
; query
;; api.ipify.org. IN AAAA
; answers 0
; nameservers 1
ipify.org. 1670 IN SOA carl.ns.cloudflare.com. dns.cloudflare.com. 2372305201 10000 2400 604800 1800
; additionals 0
2025-05-21T16:21:54.521564Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}:Server::upgrade::serve{http.request.method=CONNECT url.path= url.query="" url.scheme=}:Client::tcp::connect::dns_v6: rama_tcp::client::connect: [Ipv6] failed to resolve domain to IPv6 addresses err=Error { context: "lookup IPv6 address(es)", source: ResolveError { kind: Proto(ProtoError { kind: NoRecordsFound { query: Query { name: Name("api.ipify.org."), query_type: AAAA, query_class: IN }, soa: Some(Record { name_labels: Name("ipify.org."), dns_class: IN, ttl: 1670, rdata: SOA { mname: Name("carl.ns.cloudflare.com."), rname: Name("dns.cloudflare.com."), serial: 2372305201, refresh: 10000, retry: 2400, expire: 604800, minimum: 1800 } }), ns: None, negative_ttl: Some(1670), response_code: NoError, trusted: true, authorities: None } }) } }
2025-05-21T16:21:54.521650Z TRACE tokio_graceful::guard: drop shutdown guard: ref_count-1: 7
2025-05-21T16:21:54.522118Z TRACE tokio_graceful::guard: drop shutdown guard: ref_count-1: 6
2025-05-21T16:21:54.522134Z TRACE rama_tcp::client::connect: [Ipv4] #2: tcp connect attempt to 172.67.74.152:443
2025-05-21T16:21:54.522141Z TRACE rama_tcp::client::connect: [Ipv4] #0: tcp connection stablished to 104.26.13.205:443
2025-05-21T16:21:54.522542Z TRACE rama_tcp::client::connect: [Ipv4] #1: tcp connection stablished to 104.26.12.205:443
2025-05-21T16:21:54.522554Z TRACE rama_tcp::client::connect: [Ipv4] #1: failed to send resolved IP address err=channel closed
2025-05-21T16:21:54.523496Z TRACE rama_tcp::client::connect: [Ipv4] #2: tcp connection stablished to 172.67.74.152:443
2025-05-21T16:21:54.523510Z TRACE rama_tcp::client::connect: [Ipv4] #2: failed to send resolved IP address err=channel closed
2025-05-21T16:21:54.869126Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}:Server::upgrade::serve{http.request.method=CONNECT url.path= url.query="" url.scheme=}: rama_net::proxy::forward: (proxy) I/O stream forwarder finished bytes_copied_north=847 bytes_copied_south=3765
2025-05-21T16:21:54.869233Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.226:443 peer_addr=157.XXX.XXX.42:42402}:Server::upgrade::serve{http.request.method=CONNECT url.path= url.query="" url.scheme=}: tokio_graceful::guard: drop shutdown guard: ref_count-1: 5
2025-05-21T16:21:54.869265Z TRACE tokio_graceful::guard: drop shutdown guard: ref_count-1: 4
2025-05-21T16:21:54.878215Z TRACE tokio_graceful::trigger: trigger::Subscriber: updating waker for key: 1
2025-05-21T16:21:54.878264Z TRACE tokio_graceful::guard: clone shutdown guard: ref_count+1: 5
2025-05-21T16:21:54.878293Z TRACE tokio_graceful::guard: clone shutdown guard: ref_count+1: 6
2025-05-21T16:21:54.878323Z TRACE tokio_graceful::trigger: trigger::Subscriber: updating waker for key: 1
2025-05-21T16:21:54.878503Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.227:443 peer_addr=157.XXX.XXX.42:10410}: rama_tls_boring::server::service: tls boring server service: set alpn protos callback
2025-05-21T16:21:55.088336Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.227:443 peer_addr=157.XXX.XXX.42:10410}: tokio_graceful::guard: clone shutdown guard: ref_count+1: 7
2025-05-21T16:21:55.088389Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.227:443 peer_addr=157.XXX.XXX.42:10410}: tokio_graceful::trigger: trigger::Subscriber: insert waker for key: 2
2025-05-21T16:21:55.088472Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.227:443 peer_addr=157.XXX.XXX.42:10410}: tokio_graceful::trigger: trigger::Subscriber: updating waker for key: 2
2025-05-21T16:21:55.088511Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.227:443 peer_addr=157.XXX.XXX.42:10410}: rama_http_core::proto::h1::conn: Conn::read_head
2025-05-21T16:21:55.088523Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.227:443 peer_addr=157.XXX.XXX.42:10410}: rama_http_core::proto::h1::conn: setting h1 header read timeout timer
2025-05-21T16:21:55.088530Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.227:443 peer_addr=157.XXX.XXX.42:10410}: rama_http_core::proto::h1::io: received 24 bytes
2025-05-21T16:21:55.088538Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.227:443 peer_addr=157.XXX.XXX.42:10410}: rama_http_core::proto::h1::role: Request.parse bytes=24
2025-05-21T16:21:55.088547Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.227:443 peer_addr=157.XXX.XXX.42:10410}: rama_http_core::proto::h1::io: partial headers; 24 bytes so far
2025-05-21T16:21:55.088555Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.227:443 peer_addr=157.XXX.XXX.42:10410}: rama_http_core::proto::h1::io: received 151 bytes
2025-05-21T16:21:55.088563Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.227:443 peer_addr=157.XXX.XXX.42:10410}: rama_http_core::proto::h1::role: Request.parse bytes=175
2025-05-21T16:21:55.088569Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.227:443 peer_addr=157.XXX.XXX.42:10410}: rama_http_core::proto::h1::role: Request.parse Complete(175)
2025-05-21T16:21:55.088582Z DEBUG Server::tcp::serve{local_addr=161.XXX.XXX.227:443 peer_addr=157.XXX.XXX.42:10410}: rama_http_core::proto::h1::io: parsed 4 headers
2025-05-21T16:21:55.088587Z DEBUG Server::tcp::serve{local_addr=161.XXX.XXX.227:443 peer_addr=157.XXX.XXX.42:10410}: rama_http_core::proto::h1::conn: incoming body is empty
2025-05-21T16:21:55.088593Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.227:443 peer_addr=157.XXX.XXX.42:10410}: rama_http_core::proto::h1::conn: {role=server}: prepare possible HTTP upgrade
2025-05-21T16:21:55.088599Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.227:443 peer_addr=157.XXX.XXX.42:10410}: tokio_graceful::guard: clone shutdown guard: ref_count+1: 8
2025-05-21T16:21:55.089197Z DEBUG Server::tcp::serve{local_addr=161.XXX.XXX.227:443 peer_addr=157.XXX.XXX.42:10410}:request{method=CONNECT uri=api.ipify.org:443 version=HTTP/1.1}: rama_http::layer::trace::on_request: started processing request
2025-05-21T16:21:55.089234Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.227:443 peer_addr=157.XXX.XXX.42:10410}: tokio_graceful::guard: clone shutdown guard: ref_count+1: 9
2025-05-21T16:21:55.089244Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.227:443 peer_addr=157.XXX.XXX.42:10410}: rama_net::http::request_context: request context: CONNECT: defaulting protocol to HTTPS uri=api.ipify.org:443 method=CONNECT
2025-05-21T16:21:55.089251Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.227:443 peer_addr=157.XXX.XXX.42:10410}: rama_net::http::request_context: request context: detected protocol: https (scheme: None) uri=api.ipify.org:443
2025-05-21T16:21:55.089261Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.227:443 peer_addr=157.XXX.XXX.42:10410}: rama_net::http::request_context: request context: detected default port: 443 uri=api.ipify.org:443
2025-05-21T16:21:55.089270Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.227:443 peer_addr=157.XXX.XXX.42:10410}: rama_net::http::request_context: request context: detected host from (abs) uri uri=api.ipify.org:443 host=api.ipify.org
2025-05-21T16:21:55.089279Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.227:443 peer_addr=157.XXX.XXX.42:10410}: rama_net::http::request_context: request context: detected authority: api.ipify.org:443 uri=api.ipify.org:443
2025-05-21T16:21:55.089285Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.227:443 peer_addr=157.XXX.XXX.42:10410}: rama_net::http::request_context: request context: maybe detected http version: HTTP/1.1 uri=api.ipify.org:443
2025-05-21T16:21:55.089302Z INFO Server::tcp::serve{local_addr=161.XXX.XXX.227:443 peer_addr=157.XXX.XXX.42:10410}: ptproxy: accept CONNECT (lazy): insert proxy target into context authority=api.ipify.org:443
2025-05-21T16:21:55.089318Z INFO Server::tcp::serve{local_addr=161.XXX.XXX.227:443 peer_addr=157.XXX.XXX.42:10410}: ptproxy: proxy secure transport ingress: Some(SecureTransport { client_hello: Some(ClientHello { protocol_version: TLSv1_2, cipher_suites: [TLS13_AES_256_GCM_SHA384, TLS13_CHACHA20_POLY1305_SHA256, TLS13_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV], compression_algorithms: [Null], extensions: [ECPointFormats([Uncompressed, ANSIX962CompressedPrime, ANSIX962CompressedChar2]), SupportedGroups([X25519, SECP256R1, X448, SECP521R1, SECP384R1, FFDHE2048, FFDHE3072, FFDHE4096, FFDHE6144, FFDHE8192]), Opaque { id: NEXT_PROTOCOL_NEGOTIATION, data: [] }, ApplicationLayerProtocolNegotiation([HTTP_11]), Opaque { id: ENCRYPT_THEN_MAC, data: [] }, Opaque { id: EXTENDED_MASTER_SECRET, data: [] }, Opaque { id: POST_HANDSHAKE_AUTH, data: [] }, SignatureAlgorithms([ECDSA_NISTP256_SHA256, ECDSA_NISTP384_SHA384, ECDSA_NISTP521_SHA512, ED25519, ED448, RSA_PSS_PSS_SHA256, RSA_PSS_PSS_SHA384, RSA_PSS_PSS_SHA512, RSA_PSS_SHA256, RSA_PSS_SHA384, RSA_PSS_SHA512, RSA_PKCS1_SHA256, RSA_PKCS1_SHA384, RSA_PKCS1_SHA512, SHA224_ECDSA, SHA224_RSA, SHA224_DSA, SHA256_DSA, SHA384_DSA, SHA512_DSA]), SupportedVersions([TLSv1_3, TLSv1_2]), Opaque { id: PSK_KEY_EXCHANGE_MODES, data: [1, 1] }, Opaque { id: KEY_SHARE, data: [0, 36, 0, 29, 0, 32, 4, 2, 201, 91, 24, 165, 246, 154, 155, 225, 81, 207, 122, 119, 133, 189, 5, 2, 23, 229, 149, 71, 176, 117, 60, 230, 153, 143, 28, 80, 23, 27] }, Opaque { id: PADDING, data: [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0] }] }) })
2025-05-21T16:21:55.089382Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.227:443 peer_addr=157.XXX.XXX.42:10410}: tokio_graceful::guard: clone shutdown guard: ref_count+1: 10
2025-05-21T16:21:55.089388Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.227:443 peer_addr=157.XXX.XXX.42:10410}: tokio_graceful::guard: drop shutdown guard: ref_count-1: 9
2025-05-21T16:21:55.089395Z DEBUG Server::tcp::serve{local_addr=161.XXX.XXX.227:443 peer_addr=157.XXX.XXX.42:10410}: rama_http::layer::trace::on_response: finished processing request latency=0 ms status=200
2025-05-21T16:21:55.089406Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.227:443 peer_addr=157.XXX.XXX.42:10410}: rama_http_core::proto::h1::role: Server::encode status=200, body=None, req_method=Some(CONNECT)
2025-05-21T16:21:55.089415Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.227:443 peer_addr=157.XXX.XXX.42:10410}: rama_http_core::proto::h1::role: server body forced to 0; method=Some(CONNECT), status=200
2025-05-21T16:21:55.089448Z DEBUG Server::tcp::serve{local_addr=161.XXX.XXX.227:443 peer_addr=157.XXX.XXX.42:10410}: rama_http_core::proto::h1::io: flushed 56 bytes
2025-05-21T16:21:55.089459Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.227:443 peer_addr=157.XXX.XXX.42:10410}: rama_http_core::proto::h1::conn: State::close()
2025-05-21T16:21:55.089464Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.227:443 peer_addr=157.XXX.XXX.42:10410}: rama_http_core::proto::h1::conn: flushed({role=server}): State { reading: Closed, writing: Closed, keep_alive: Disabled }
2025-05-21T16:21:55.089471Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.227:443 peer_addr=157.XXX.XXX.42:10410}: tokio_graceful::guard: drop shutdown guard: ref_count-1: 8
2025-05-21T16:21:55.089481Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.227:443 peer_addr=157.XXX.XXX.42:10410}: rama_http_core::upgrade: pending upgrade fulfill
2025-05-21T16:21:55.089486Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.227:443 peer_addr=157.XXX.XXX.42:10410}: rama_http_backend::server::hyper_conn::private: connection finished
2025-05-21T16:21:55.089495Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.227:443 peer_addr=157.XXX.XXX.42:10410}: tokio_graceful::trigger: trigger::ReceiverState::Drop: remove waker for key: 2
2025-05-21T16:21:55.089503Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.227:443 peer_addr=157.XXX.XXX.42:10410}: tokio_graceful::guard: drop shutdown guard: ref_count-1: 7
2025-05-21T16:21:55.089509Z TRACE tokio_graceful::guard: drop shutdown guard: ref_count-1: 6
2025-05-21T16:21:55.089525Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.227:443 peer_addr=157.XXX.XXX.42:10410}:Server::upgrade::serve{http.request.method=CONNECT url.path= url.query="" url.scheme=}: tokio_graceful::guard: clone shutdown guard: ref_count+1: 7
2025-05-21T16:21:55.089534Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.227:443 peer_addr=157.XXX.XXX.42:10410}:Server::upgrade::serve{http.request.method=CONNECT url.path= url.query="" url.scheme=}: tokio_graceful::guard: clone shutdown guard: ref_count+1: 8
2025-05-21T16:21:55.089589Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.227:443 peer_addr=157.XXX.XXX.42:10410}:Server::upgrade::serve{http.request.method=CONNECT url.path= url.query="" url.scheme=}:Client::tcp::connect::dns_v6: rama_tcp::client::connect: [Ipv6] failed to resolve domain to IPv6 addresses err=Error { context: "lookup IPv6 address(es)", source: ResolveError { kind: Proto(ProtoError { kind: NoRecordsFound { query: Query { name: Name("api.ipify.org."), query_type: AAAA, query_class: IN }, soa: Some(Record { name_labels: Name("ipify.org."), dns_class: IN, ttl: 1670, rdata: SOA { mname: Name("carl.ns.cloudflare.com."), rname: Name("dns.cloudflare.com."), serial: 2372305201, refresh: 10000, retry: 2400, expire: 604800, minimum: 1800 } }), ns: None, negative_ttl: Some(1669), response_code: NoError, trusted: true, authorities: None } }) } }
2025-05-21T16:21:55.089618Z TRACE tokio_graceful::guard: drop shutdown guard: ref_count-1: 7
2025-05-21T16:21:55.089669Z TRACE rama_tcp::client::connect: [Ipv4] #0: tcp connect attempt to 104.26.13.205:443
2025-05-21T16:21:55.090759Z TRACE rama_tcp::client::connect: [Ipv4] #1: tcp connect attempt to 104.26.12.205:443
2025-05-21T16:21:55.090929Z TRACE rama_tcp::client::connect: [Ipv4] #0: tcp connection stablished to 104.26.13.205:443
2025-05-21T16:21:55.090974Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.227:443 peer_addr=157.XXX.XXX.42:10410}:Server::upgrade::serve{http.request.method=CONNECT url.path= url.query="" url.scheme=}:Client::tcp::connect::dns_v4: rama_tcp::client::connect: [Ipv4] #2: abort connect loop to 172.67.74.152:443 (connection already established)
2025-05-21T16:21:55.091007Z TRACE tokio_graceful::guard: drop shutdown guard: ref_count-1: 6
2025-05-21T16:21:55.092013Z TRACE rama_tcp::client::connect: [Ipv4] #1: tcp connection stablished to 104.26.12.205:443
2025-05-21T16:21:55.092027Z TRACE rama_tcp::client::connect: [Ipv4] #1: failed to send resolved IP address err=channel closed
2025-05-21T16:21:55.440428Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.227:443 peer_addr=157.XXX.XXX.42:10410}:Server::upgrade::serve{http.request.method=CONNECT url.path= url.query="" url.scheme=}: rama_net::proxy::forward: (proxy) I/O stream forwarder finished bytes_copied_north=847 bytes_copied_south=3765
2025-05-21T16:21:55.440539Z TRACE Server::tcp::serve{local_addr=161.XXX.XXX.227:443 peer_addr=157.XXX.XXX.42:10410}:Server::upgrade::serve{http.request.method=CONNECT url.path= url.query="" url.scheme=}: tokio_graceful::guard: drop shutdown guard: ref_count-1: 5
2025-05-21T16:21:55.440597Z TRACE tokio_graceful::guard: drop shutdown guard: ref_count-1: 4
^C2025-05-21T16:22:09.753851Z TRACE tokio_graceful::trigger: trigger::Sender: wake up waker with key: 0
2025-05-21T16:22:09.753879Z TRACE tokio_graceful::trigger: trigger::Sender: wake up waker with key: 1
2025-05-21T16:22:09.753903Z TRACE tokio_graceful::trigger: trigger::ReceiverState::Drop: remove waker for key: 1
2025-05-21T16:22:09.753914Z TRACE rama_tcp::server::listener: signal received: initiate graceful shutdown
2025-05-21T16:22:09.753924Z TRACE tokio_graceful::trigger: trigger::ReceiverState::Drop: remove waker for key: 0
2025-05-21T16:22:09.753953Z TRACE tokio_graceful::guard: drop shutdown guard: ref_count-1: 3
2025-05-21T16:22:09.753961Z TRACE tokio_graceful::guard: drop shutdown guard: ref_count-1: 2
2025-05-21T16:22:09.753969Z TRACE tokio_graceful::guard: drop shutdown guard: ref_count-1: 1
2025-05-21T16:22:09.753944Z INFO tokio_graceful::shutdown: ::shutdown: waiting for all guards to drop for a max of 30s
2025-05-21T16:22:09.753985Z TRACE tokio_graceful::trigger: trigger::Subscriber: insert waker for key: 0
2025-05-21T16:22:09.754002Z TRACE tokio_graceful::guard: drop shutdown guard: ref_count-1: 0
2025-05-21T16:22:09.754007Z TRACE tokio_graceful::trigger: trigger::Sender: wake up waker with key: 0
2025-05-21T16:22:09.754030Z TRACE tokio_graceful::trigger: trigger::ReceiverState::Drop: remove waker for key: 0
2025-05-21T16:22:09.754038Z INFO tokio_graceful::shutdown: ::shutdown: ready after 0.000059796s
Thanks a bunch for your support 🙏, I think it’s just a matter of me improving my skills. 😔
//! Rama HTTP client module,
//! which provides the [`EasyHttpWebClientExt`] type to serve HTTP requests.
use {
rama::{
Context, Service,
error::{BoxError, ErrorContext, OpaqueError},
http::client::{HttpClientService, proxy::layer::HttpProxyConnector},
http::{Request, Response, Version, client::HttpConnector, dep::http_body},
inspect::RequestInspector,
net::{
address::SocketAddress,
client::{
EstablishedClientConnection,
pool::{
NoPool, Pool, PooledConnector,
http::{BasicHttpConId, BasicHttpConnIdentifier},
},
},
socket::SocketOptions,
},
tcp::client::service::TcpConnector,
utils::macros::generate_set_and_with,
},
std::{
fmt,
net::{IpAddr, Ipv4Addr},
sync::Arc,
},
tracing::trace,
};
#[cfg(any(feature = "rustls", feature = "boring"))]
use rama::http::client::http_inspector::HttpsAlpnModifier;
#[cfg(any(feature = "rustls", feature = "boring"))]
use rama::net::client::EitherConn;
#[cfg(feature = "boring")]
use rama::net::tls::client::{ClientConfig, ProxyClientConfig, extract_client_config_from_ctx};
#[cfg(feature = "boring")]
use rama::tls::boring::client::{
TlsConnector as BoringTlsConnector, TlsConnectorData as BoringTlsConnectorData,
};
#[cfg(feature = "rustls")]
use rama_tls_rustls::client::{
TlsConnector as RustlsTlsConnector, TlsConnectorData as RustlsTlsConnectorData,
};
/// An opiniated http client that can be used to serve HTTP requests.
///
/// You can fork this http client in case you have use cases not possible with this service example.
/// E.g. perhaps you wish to have middleware in into outbound requests, after they
/// passed through your "connector" setup. All this and more is possible by defining your own
/// http client. Rama is here to empower you, the building blocks are there, go crazy
/// with your own service fork and use the full power of Rust at your fingertips ;)
pub struct EasyHttpWebClientExt<I1 = (), I2 = (), P = NoPool> {
#[cfg(any(feature = "rustls", feature = "boring"))]
tls_connector_config: Option<TlsConnectorConfigExt>,
#[cfg(any(feature = "rustls", feature = "boring"))]
proxy_tls_connector_config: Option<TlsConnectorConfigExt>,
connection_pool: P,
proxy_http_connect_version: Option<Version>,
http_req_inspector_jit: I1,
http_req_inspector_svc: I2,
}
#[derive(Debug, Clone)]
pub enum TlsConnectorConfigExt {
#[cfg(feature = "boring")]
Boring(Option<ClientConfig>),
#[cfg(feature = "rustls")]
Rustls(Option<RustlsTlsConnectorData>),
}
#[cfg(any(feature = "rustls", feature = "boring"))]
impl<I1: fmt::Debug, I2: fmt::Debug, P: fmt::Debug> fmt::Debug for EasyHttpWebClientExt<I1, I2, P> {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
f.debug_struct("EasyHttpWebClientExt")
.field("tls_connector_config", &self.tls_connector_config)
.field(
"proxy_tls_connector_config",
&self.proxy_tls_connector_config,
)
.field("connection_pool", &self.connection_pool)
.field(
"proxy_http_connect_version",
&self.proxy_http_connect_version,
)
.field("http_req_inspector_jit", &self.http_req_inspector_jit)
.field("http_req_inspector_svc", &self.http_req_inspector_svc)
.finish()
}
}
#[cfg(not(any(feature = "rustls", feature = "boring")))]
impl<I1: fmt::Debug, I2: fmt::Debug, P: fmt::Debug> fmt::Debug for EasyHttpWebClientExt<I1, I2, P> {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
f.debug_struct("EasyHttpWebClientExt")
.field("connection_pool", &self.connection_pool)
.field(
"proxy_http_connect_version",
&self.proxy_http_connect_version,
)
.field("http_req_inspector_jit", &self.http_req_inspector_jit)
.field("http_req_inspector_svc", &self.http_req_inspector_svc)
.finish()
}
}
#[cfg(any(feature = "rustls", feature = "boring"))]
impl<I1: Clone, I2: Clone, P: Clone> Clone for EasyHttpWebClientExt<I1, I2, P> {
fn clone(&self) -> Self {
Self {
tls_connector_config: self.tls_connector_config.clone(),
proxy_tls_connector_config: self.proxy_tls_connector_config.clone(),
connection_pool: self.connection_pool.clone(),
proxy_http_connect_version: self.proxy_http_connect_version,
http_req_inspector_jit: self.http_req_inspector_jit.clone(),
http_req_inspector_svc: self.http_req_inspector_svc.clone(),
}
}
}
#[cfg(not(any(feature = "rustls", feature = "boring")))]
impl<I1: Clone, I2: Clone, P: Clone> Clone for EasyHttpWebClientExt<I1, I2, P> {
fn clone(&self) -> Self {
Self {
connection_pool: self.connection_pool.clone(),
proxy_http_connect_version: self.proxy_http_connect_version,
http_req_inspector_jit: self.http_req_inspector_jit.clone(),
http_req_inspector_svc: self.http_req_inspector_svc.clone(),
}
}
}
impl Default for EasyHttpWebClientExt {
fn default() -> Self {
Self {
#[cfg(feature = "boring")]
tls_connector_config: Some(TlsConnectorConfigExt::Boring(None)),
#[cfg(all(feature = "rustls", not(feature = "boring")))]
tls_connector_config: Some(TlsConnectorConfigExt::Rustls(None)),
#[cfg(feature = "boring")]
proxy_tls_connector_config: Some(TlsConnectorConfigExt::Boring(None)),
#[cfg(all(feature = "rustls", not(feature = "boring")))]
proxy_tls_connector_config: Some(TlsConnectorConfigExt::Rustls(None)),
connection_pool: NoPool::default(),
proxy_http_connect_version: Some(Version::HTTP_11),
http_req_inspector_jit: (),
http_req_inspector_svc: (),
}
}
}
impl EasyHttpWebClientExt {
/// Create a new [`EasyHttpWebClientExt`].
pub fn new() -> Self {
Self::default()
}
}
impl<I1, I2, P> EasyHttpWebClientExt<I1, I2, P> {
#[cfg(any(feature = "rustls", feature = "boring"))]
generate_set_and_with!(
/// Set the [`TlsConnectorConfigExt`] that this [`EasyHttpWebClientExt`] will use.
pub fn tls_connector_config(mut self, config: Option<TlsConnectorConfigExt>) -> Self {
self.tls_connector_config = config;
self
}
);
#[cfg(any(feature = "rustls", feature = "boring"))]
generate_set_and_with!(
/// Set the [`TlsConnectorConfigExt`] for the https proxy tunnel if needed within this [`EasyHttpWebClientExt`].
pub fn proxy_tls_connector_config(mut self, config: Option<TlsConnectorConfigExt>) -> Self {
self.proxy_tls_connector_config = config;
self
}
);
generate_set_and_with!(
/// Set the HTTP version to use for the Http Proxy CONNECT request.
///
/// By default this is set to HTTP/1.1.
/// If this is not set to None the version will be negotiated automatically
pub fn proxy_http_connect_version(mut self, version: Option<Version>) -> Self {
self.proxy_http_connect_version = version;
self
}
);
#[cfg(any(feature = "rustls", feature = "boring"))]
pub fn with_http_conn_req_inspector<T>(
self,
http_req_inspector: T,
) -> EasyHttpWebClientExt<T, I2, P> {
EasyHttpWebClientExt {
tls_connector_config: self.tls_connector_config,
proxy_tls_connector_config: self.proxy_tls_connector_config,
proxy_http_connect_version: self.proxy_http_connect_version,
http_req_inspector_jit: http_req_inspector,
http_req_inspector_svc: self.http_req_inspector_svc,
connection_pool: self.connection_pool,
}
}
#[cfg(not(any(feature = "rustls", feature = "boring")))]
pub fn with_http_conn_req_inspector<T>(
self,
http_req_inspector: T,
) -> EasyHttpWebClientExt<T, I2, P> {
EasyHttpWebClientExt {
proxy_http_connect_version: self.proxy_http_connect_version,
http_req_inspector_jit: http_req_inspector,
http_req_inspector_svc: self.http_req_inspector_svc,
connection_pool: self.connection_pool,
}
}
#[cfg(any(feature = "rustls", feature = "boring"))]
pub fn with_http_serve_req_inspector<T>(
self,
http_req_inspector: T,
) -> EasyHttpWebClientExt<I1, T, P> {
EasyHttpWebClientExt {
tls_connector_config: self.tls_connector_config,
proxy_tls_connector_config: self.proxy_tls_connector_config,
proxy_http_connect_version: self.proxy_http_connect_version,
http_req_inspector_jit: self.http_req_inspector_jit,
http_req_inspector_svc: http_req_inspector,
connection_pool: self.connection_pool,
}
}
#[cfg(not(any(feature = "rustls", feature = "boring")))]
pub fn with_http_serve_req_inspector<T>(
self,
http_req_inspector: T,
) -> EasyHttpWebClientExt<I1, T, P> {
EasyHttpWebClientExt {
proxy_http_connect_version: self.proxy_http_connect_version,
http_req_inspector_jit: self.http_req_inspector_jit,
http_req_inspector_svc: http_req_inspector,
connection_pool: self.connection_pool,
}
}
#[cfg(any(feature = "rustls", feature = "boring"))]
pub fn with_connection_pool<T>(self, pool: T) -> EasyHttpWebClientExt<I1, I2, T> {
EasyHttpWebClientExt {
tls_connector_config: self.tls_connector_config,
proxy_tls_connector_config: self.proxy_tls_connector_config,
proxy_http_connect_version: self.proxy_http_connect_version,
http_req_inspector_jit: self.http_req_inspector_jit,
http_req_inspector_svc: self.http_req_inspector_svc,
connection_pool: pool,
}
}
#[cfg(any(feature = "rustls", feature = "boring"))]
pub fn without_connection_pool(self) -> EasyHttpWebClientExt<I1, I2, NoPool> {
EasyHttpWebClientExt {
tls_connector_config: self.tls_connector_config,
proxy_tls_connector_config: self.proxy_tls_connector_config,
proxy_http_connect_version: self.proxy_http_connect_version,
http_req_inspector_jit: self.http_req_inspector_jit,
http_req_inspector_svc: self.http_req_inspector_svc,
connection_pool: NoPool::default(),
}
}
#[cfg(not(any(feature = "rustls", feature = "boring")))]
pub fn with_connection_pool<T>(self, pool: T) -> EasyHttpWebClientExt<I1, I2, T> {
EasyHttpWebClientExt {
proxy_http_connect_version: self.proxy_http_connect_version,
http_req_inspector_jit: self.http_req_inspector_jit,
http_req_inspector_svc: self.http_req_inspector_svc,
connection_pool: pool,
}
}
#[cfg(not(any(feature = "rustls", feature = "boring")))]
pub fn without_connection_pool(self) -> EasyHttpWebClientExt<I1, I2, ()> {
EasyHttpWebClientExt {
proxy_http_connect_version: self.proxy_http_connect_version,
http_req_inspector_jit: self.http_req_inspector_jit,
http_req_inspector_svc: self.http_req_inspector_svc,
connection_pool: (),
}
}
}
impl<State, BodyIn, BodyOut, P, I1, I2> Service<State, Request<BodyIn>>
for EasyHttpWebClientExt<I1, I2, P>
where
P: Pool<
HttpClientService<BodyOut, I2>,
BasicHttpConId,
Connection: Service<
State,
Request<BodyIn>,
Response = Response,
Error: Into<BoxError> + Unpin + Send + 'static,
>,
> + Clone,
State: Clone + Send + Sync + 'static,
BodyIn: http_body::Body<Data: Send + 'static, Error: Into<BoxError>> + Unpin + Send + 'static,
BodyOut: http_body::Body<Data: Send + 'static, Error: Into<BoxError>> + Unpin + Send + 'static,
I1: RequestInspector<
State,
Request<BodyIn>,
Error: Into<BoxError>,
StateOut = State,
RequestOut = Request<BodyIn>,
> + Clone,
I2: RequestInspector<
State,
Request<BodyIn>,
Error: Into<BoxError>,
RequestOut = Request<BodyOut>,
> + Clone,
{
type Response = Response;
type Error = OpaqueError;
async fn serve(
&self,
ctx: Context<State>,
req: Request<BodyIn>,
) -> Result<Self::Response, Self::Error> {
let uri = req.uri().clone();
let tcp_connector = TcpConnector::new().with_connector(Arc::new(SocketOptions {
address: Some(SocketAddress::new(
IpAddr::V4(Ipv4Addr::new(161, XXX, XXX, 221)),
0,
)),
..SocketOptions::default_tcp()
}));
#[cfg(any(feature = "rustls", feature = "boring"))]
let connector = {
// 1 TCP
let connector = tcp_connector;
// 2 Maybe proxy tls
// This syntax might look weird compared to using match statement but allows us to reuse all code for a mix of features.
// This is a design limit of how Either works, Eg Either3 will not work if one feature is disabled as it won't be able to infer all types.
// Solution to this is splitting everything up, and doing it this way, only requires us to do it once.
#[cfg(feature = "boring")]
let connector = if let Some(TlsConnectorConfigExt::Boring(config)) =
&self.proxy_tls_connector_config
{
let data = create_proxy_connector_data_boring(&ctx, config)?;
EitherConn::A(BoringTlsConnector::tunnel(connector, None).with_connector_data(data))
} else {
EitherConn::B(connector)
};
#[cfg(feature = "rustls")]
let connector = if let Some(TlsConnectorConfigExt::Rustls(config)) =
&self.proxy_tls_connector_config
{
let data = create_proxy_connector_data_rustls(&ctx, config)?;
EitherConn::A(RustlsTlsConnector::tunnel(connector, None).with_connector_data(data))
} else {
EitherConn::B(connector)
};
// 3 Http proxy tunnel if needed
let mut connector = HttpProxyConnector::optional(connector);
match self.proxy_http_connect_version {
Some(version) => connector.set_version(version),
None => connector.set_auto_version(),
};
// 4 Tls for normal flow
#[cfg(feature = "boring")]
let connector =
if let Some(TlsConnectorConfigExt::Boring(config)) = &self.tls_connector_config {
let data = create_connector_data_boring(&ctx, config)?;
EitherConn::A(BoringTlsConnector::auto(connector).with_connector_data(data))
} else {
EitherConn::B(connector)
};
#[cfg(feature = "rustls")]
let connector =
if let Some(TlsConnectorConfigExt::Rustls(config)) = &self.tls_connector_config {
let data = create_connector_data_rustls(&ctx, config)?;
EitherConn::A(RustlsTlsConnector::auto(connector).with_connector_data(data))
} else {
EitherConn::B(connector)
};
// 4 Http normal flow
let connector = HttpConnector::new(connector);
connector.with_jit_req_inspector((
HttpsAlpnModifier::default(),
self.http_req_inspector_jit.clone(),
))
};
#[cfg(not(any(feature = "rustls", feature = "boring")))]
let connector = {
let mut proxy_connector = HttpProxyConnector::optional(tcp_connector);
match self.proxy_http_connect_version {
Some(version) => proxy_connector.set_version(version),
None => proxy_connector.set_auto_version(),
};
HttpConnector::new(proxy_connector)
.with_jit_req_inspector(self.http_req_inspector_jit.clone())
};
// set the runtime http req inspector
let connector = connector.with_svc_req_inspector(self.http_req_inspector_svc.clone());
let connector = PooledConnector::new(
connector,
self.connection_pool.clone(),
BasicHttpConnIdentifier::default(),
);
let EstablishedClientConnection { conn, ctx, req } = connector.serve(ctx, req).await?;
// NOTE: stack might change request version based on connector data,
trace!(uri = %uri, "send http req to connector stack");
let result = conn.serve(ctx, req).await;
let resp = result
.map_err(|err| OpaqueError::from_boxed(err.into()))
.with_context(|| format!("http request failure for uri: {uri}"))?;
trace!(uri = %uri, "response received from connector stack");
Ok(resp)
}
}
#[cfg(feature = "boring")]
fn create_connector_data_boring<State>(
ctx: &Context<State>,
tls_config: &Option<ClientConfig>,
) -> Result<BoringTlsConnectorData, OpaqueError> {
match extract_client_config_from_ctx(ctx) {
Some(mut chain_ref) => {
trace!(
"create tls connector using rama tls client config(s) from context and/or the predefined one if defined"
);
if let Some(tls_config) = tls_config {
chain_ref.prepend(tls_config.clone());
}
BoringTlsConnectorData::try_from_multiple_client_configs(chain_ref.iter()).context(
"EasyHttpWebClientExt: create tls connector data from tls client config(s) from context and/or the predefined one if defined",
)
}
None => match tls_config {
Some(tls_config) => {
trace!("create tls connector using pre-defined rama tls client config");
tls_config.clone().try_into().context(
"EasyHttpWebClientExt: create tls connector data from pre-defined tls config",
)
}
None => {
trace!("create tls connector using the 'new_http_auto' constructor");
BoringTlsConnectorData::new_http_auto()
.context("EasyHttpWebClientExt: create tls connector data for http (auto)")
}
},
}
}
#[cfg(feature = "boring")]
fn create_proxy_connector_data_boring<State>(
ctx: &Context<State>,
tls_config: &Option<ClientConfig>,
) -> Result<BoringTlsConnectorData, OpaqueError> {
let data = match (ctx.get::<ProxyClientConfig>(), tls_config) {
(Some(proxy_tls_config), _) => {
trace!("create proxy tls connector using rama tls client config from context");
proxy_tls_config
.0
.as_ref()
.clone()
.try_into()
.context(
"EasyHttpWebClientExt: create proxy tls connector data from tls config found in context",
)?
}
(None, Some(proxy_tls_config)) => {
trace!("create proxy tls connector using pre-defined rama tls client config");
proxy_tls_config
.clone()
.try_into()
.context("EasyHttpWebClientExt: create proxy tls connector data from tls config")?
}
(None, None) => {
trace!("create proxy tls connector using the 'new_http_auto' constructor");
BoringTlsConnectorData::new().context(
"EasyHttpWebClientExt: create proxy tls connector data with no application presets",
)?
}
};
Ok(data)
}
#[cfg(feature = "rustls")]
fn create_connector_data_rustls<State>(
_ctx: &Context<State>,
tls_config: &Option<RustlsTlsConnectorData>,
) -> Result<RustlsTlsConnectorData, OpaqueError> {
// TODO do we also want to support getting this from ctx?
match tls_config {
Some(tls_config) => {
trace!("create tls connector using pre-defined rustls tls client config");
Ok(tls_config.clone())
}
None => {
trace!("create tls connector using the 'new_http_auto' constructor");
RustlsTlsConnectorData::new_http_auto()
.context("EasyHttpWebClientExt: create tls connector data for http (auto)")
}
}
}
#[cfg(feature = "rustls")]
fn create_proxy_connector_data_rustls<State>(
_ctx: &Context<State>,
tls_config: &Option<RustlsTlsConnectorData>,
) -> Result<RustlsTlsConnectorData, OpaqueError> {
// TODO do we also want to support getting this from ctx?
match tls_config {
Some(tls_config) => {
trace!("create tls connector using pre-defined rustls tls client config");
Ok(tls_config.clone())
}
None => {
trace!("create tls connector using the 'new_http_auto' constructor");
RustlsTlsConnectorData::new_http_auto()
.context("EasyHttpWebClientExt: create tls connector data for http (auto)")
}
}
}
mod alloc;
mod http_client;
use {
crate::http_client::EasyHttpWebClientExt,
argh::FromArgs,
rama::{
Context, Layer, Service,
context::RequestContextExt,
graceful::Shutdown,
http::{
Body, Request, Response, StatusCode,
client::EasyHttpWebClient,
layer::{proxy_auth::ProxyAuthLayer, trace::TraceLayer, upgrade::UpgradeLayer},
matcher::MethodMatcher,
server::HttpServer,
service::web::response::IntoResponse,
},
layer::ConsumeErrLayer,
net::{
address::SocketAddress,
http::RequestContext,
proxy::ProxyTarget,
socket::Interface,
socket::{DeviceName, SocketOptions},
stream::{ClientSocketInfo, layer::http::BodyLimitLayer},
tls::{SecureTransport, server::SelfSignedData},
user::Basic,
},
rt::Executor,
service::service_fn,
tcp::{client::service::Forwarder, server::TcpListener},
},
std::{
convert::Infallible,
net::{IpAddr, Ipv4Addr},
time::Duration,
},
tracing::metadata::LevelFilter,
tracing_subscriber::{EnvFilter, fmt, prelude::*},
};
#[cfg(feature = "boring")]
use rama::{
net::tls::{
ApplicationProtocol,
server::{ServerAuth, ServerConfig},
},
tls::boring::server::TlsAcceptorLayer,
};
#[cfg(all(feature = "rustls", not(feature = "boring")))]
use rama::tls::rustls::server::{TlsAcceptorDataBuilder, TlsAcceptorLayer};
#[derive(FromArgs)]
/// Proxy Config
struct ProxyConfig {
/// an optional device name to bind, like eth0, ens18, etc.
#[argh(option, short = 'd')]
device_name: Option<String>,
/// ip address to bind, Default to 0.0.0.0
#[argh(option, default = "String::from(\"0.0.0.0\")", short = 'i')]
ip: String,
/// port to bind, Default to 443
#[argh(option, default = "String::from(\"443\")", short = 'p')]
port: String,
/// username for authentication, Default to `john`
#[argh(option, default = "String::from(\"john\")", short = 'u')]
user: String,
/// secret for authentication, Default to `secret`
#[argh(option, default = "String::from(\"secret\")", short = 's')]
secret: String,
}
#[tokio::main]
async fn main() {
tracing_subscriber::registry()
.with(fmt::layer())
.with(
EnvFilter::builder()
.with_default_directive(LevelFilter::TRACE.into())
.from_env_lossy(),
)
.init();
let config = argh::from_env::<ProxyConfig>();
let shutdown = Shutdown::default();
#[cfg(feature = "boring")]
let tls_service_data = {
let tls_server_config = ServerConfig {
application_layer_protocol_negotiation: Some(vec![
ApplicationProtocol::HTTP_2,
ApplicationProtocol::HTTP_11,
]),
..ServerConfig::new(ServerAuth::SelfSigned(SelfSignedData {
organisation_name: Some("Python Trader Forward Proxy Server".to_owned()),
..Default::default()
}))
};
tls_server_config
.try_into()
.expect("create tls server config")
};
#[cfg(all(feature = "rustls", not(feature = "boring")))]
let tls_service_data = {
TlsAcceptorDataBuilder::new_self_signed(SelfSignedData {
organisation_name: Some("Python Trader Forward Proxy Server".to_owned()),
..Default::default()
})
.expect("self signed acceptor data")
.with_alpn_protocols_http_auto()
.with_env_key_logger()
.expect("with env key logger")
.build()
};
let device_name = config.device_name.map(|name| name.leak());
let bind_addr = format!("{}:{}", config.ip, config.port);
let bind_failed_msg = format!("bind tcp proxy to {}", &bind_addr).leak();
// create tls proxy
shutdown.spawn_task_fn(async |guard| {
let tcp_service = match device_name {
Some(device_name) => TcpListener::build()
.bind(Interface::new_device("ens18"))
.await
.expect(&format!("Failed to bind to interface {}", device_name)),
None => TcpListener::build()
.bind(bind_addr)
.await
.expect(bind_failed_msg),
};
tracing::debug!(local_addr = ?tcp_service.local_addr());
let exec = Executor::graceful(guard.clone());
let http_service = HttpServer::auto(exec.clone()).service(
(
TraceLayer::new_for_http(),
// See [`ProxyAuthLayer::with_labels`] for more information,
// e.g. can also be used to extract upstream proxy filter
ProxyAuthLayer::new(Basic::new(config.user, config.secret)),
UpgradeLayer::new(
MethodMatcher::CONNECT,
service_fn(http_connect_accept),
ConsumeErrLayer::default().into_layer(Forwarder::ctx()),
),
)
.into_layer(service_fn(http_plain_proxy)),
);
tcp_service
.serve_graceful(
guard,
(
// protect the http proxy from too large bodies, both from request and response end
BodyLimitLayer::symmetric(2 * 1024 * 1024),
TlsAcceptorLayer::new(tls_service_data).with_store_client_hello(true),
)
.into_layer(http_service),
)
.await;
});
shutdown
.shutdown_with_limit(Duration::from_secs(30))
.await
.expect("graceful shutdown");
}
async fn http_connect_accept<S>(
mut ctx: Context<S>,
req: Request,
) -> Result<(Response, Context<S>, Request), Response>
where
S: Clone + Send + Sync + 'static,
{
match ctx
.get_or_try_insert_with_ctx::<RequestContext, _>(|ctx| (ctx, &req).try_into())
.map(|ctx| ctx.authority.clone())
{
Ok(authority) => {
tracing::info!(%authority, "accept CONNECT (lazy): insert proxy target into context");
ctx.insert(ProxyTarget(authority));
}
Err(err) => {
tracing::error!(err = %err, "error extracting authority");
return Err(StatusCode::BAD_REQUEST.into_response());
}
}
tracing::info!(
"proxy secure transport ingress: {:?}",
ctx.get::<SecureTransport>()
);
Ok((StatusCode::OK.into_response(), ctx, req))
}
async fn http_plain_proxy<S>(ctx: Context<S>, req: Request) -> Result<Response, Infallible>
where
S: Clone + Send + Sync + 'static,
{
let client = EasyHttpWebClientExt::default();
let uri = req.uri().clone();
tracing::debug!(uri = %req.uri(), "proxy connect plain text request");
match client.serve(ctx, req).await {
Ok(resp) => {
match resp
.extensions()
.get::<RequestContextExt>()
.and_then(|ext| ext.get::<ClientSocketInfo>())
{
Some(client_socket_info) => tracing::info!(
status = %resp.status(),
local_addr = ?client_socket_info.local_addr(),
server_addr = %client_socket_info.peer_addr(),
"http plain text proxy received response",
),
None => tracing::info!(
status = %resp.status(),
"http plain text proxy received response, IP info unknown",
),
};
Ok(resp)
}
Err(err) => {
tracing::error!(error = %err, uri = %uri, "error in client request");
Ok(Response::builder()
.status(StatusCode::INTERNAL_SERVER_ERROR)
.body(Body::empty())
.unwrap())
}
}
} |
Beta Was this translation helpful? Give feedback.
-
|
I suppose you are still connecting to "https://api.ipify.org"?? In your setup you are using the default "stream Forwarder" service for your So you have 2 choices:
If my assumption is correct the above should fix it. Here are some more tips: First. You should really try to own your code and clean up. It's totally fine to start from existing code if you are not yet entirely sure on how to do stuff, but try to clean up and reduce code (actual code, flow and complexities) when you do not need it. For example the And second, you should be able to replace: with Please also consider becoming a sponsor of our FOSS organisation (Plabayo) via https://github.com/sponsors/plabayo. It helps us pay for the development time, resources, and more. Either way thx for using our framework and do feel free to spread the word! Take care. |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Instead of binding many proxies to each IP you can just bind to an interface:
Or if you need more options you can use socket options:
Note that this only is available on linux, android and the like.
An…