Hi,
Thanks for the plugin.
I am having problems forwarding to upstream HTTPS sites. Does the plug not support SSL or is it me?

G

I am using the lib in my project. One purpose is to modify the response based on the client roles and content. Any suggestions to implement the function with the right way?

Sometime buffered & already parsed requests stalls.

This because reverse_proxy_plug tries to read an already read body, and Plug.Conn will wait on the underlying adapter for more data to come.

Looking into the code, reverse_proxy_plug uses raw_body only if body is empty which is not optimal in such cases (also goes in contrast on what README.md states).

I've sent the PR #131 which addresses this case.

Thanks for publishing reverse_proxy_plug. It was just what I was looking for.

I did have an issue with the sample CacheBodyReader in the README. I believe the second function should be:

 def read_body(conn, opts), do: Conn.read_body(conn, opts

otherwise, non-api functions will never get the body of the request.

In phoenix 1.6.6, there's Phoenix.Router.forward, so the doc is not accurate anymore.
BTW, how to keep or append query parameters while forwarding a request?

This the most awesome package for proxying, but it does not work with websockets, the error code 426 Upgrade Required received when i try to proxy "ws://" request. I found that "connection" and "upgrade" are disabled in remove_hop_by_hop_headers function. Are you going to support WS?

In the current implementation, callers have no control over the response when client errors occur. We currently use this library as part of strangling pattern while migrating from a legacy system to its replacement. Users are currently shown a blank page with HTTP 502 when the upstream server is unavailable. This isn't a very good user experience, and it would be very useful to be able to control the response on client errors.

I realize this is a breaking change, but I'm not sure how best to address this issue otherwise. The alternative would be to allow functions of arity 1 or 2 and fallback to the current functionality if arity==1. This seems like a bit more work, but would maintain backwards compatibility and still expand the functionality of ReverseProxyPlug.

I've got an initial version of this working that doesn't look too bad. I can submit the PR for the time being and maybe we can gather feedback there.

May need to reconsider the streaming interface for adapters, given that Finch.stream/5 actually executes the request

Are there any plans to support other HTTP Clients aside from HTTPoison?

The motivation behind this is that currently neither HTTPoison nor Hackney (which is the default pool) have good Telemetry events.

including examples for e.g. custom Tesla clients

The upstream server may choose to send Transfer-Encoding: chunked - we should in general merge additional headers excluding duplicates appropriately.

Hello! Your code has a bug, right here: https://github.com/tallarium/reverse_proxy_plug/blob/master/lib/reverse_proxy_plug.ex#L382

You are ignoring the _conn here, however, you must carry that conn forward. This causes subtle silent failures under Cowboy that become LOUD failures under Bandit. You can see what the failures look like here: mtrudel/bandit#294

I believe I've correctly traced errors to this plug, which exactly has the bug described.

Will no longer always set Transfer-Encoding: chunked.

elixir-plug/plug#492 (comment)

I'm new to elixir, so I'm not sure if this is true, but since atoms are never cleared from memory, I've heard they are a potential attack vector if user input gets converted to atoms. In the code bellow, the http method gets converted to an atom, and since a user can define an arbitrary method, would this not be an issue?

lib/reverse_proxy_plug.ex

defp prepare_request(conn, options) do
    method = conn.method |> String.downcase() |> String.to_atom()
    ...
end

Thanks for your good jobs, I really like the plug.

I couldn't found any place you mentioned support, could you advise on this?

For the performance question, do I need to do some extra works to make it scalable like Phoenix or it just works out of box with this one line adding to my Router:

  forward("/hls", to: ReverseProxyPlug, upstream: "http://127.0.0.1:8080/hls")

I plan to to proxy RTMP HLS video streaming traffic.

Not so much an issue, but I wanted to see if there is a desire for a Finch adapter? I have a simple one working, and would be happy to make a PR. I did not see any contribution guidelines, so I figured it would be best to open an issue first.

The latest version of Phoenix ships with Finch by default, so having an adapter means one less dependency users of your library will need if they are coming from Phoenix.

Cheers.

The Request plug should execute the request to upstream and store it in assigns; The Response plug should read it from there and respond to the client.

Can't compile 1.5.0 anymore. 1.4.0 is ok.

==> reverse_proxy_plug
Compiling 9 files (.ex)

== Compilation error in file lib/reverse_proxy_plug/http_client/adapters/tesla.ex ==
** (CompileError) lib/reverse_proxy_plug/http_client/adapters/tesla.ex:33: Tesla.Env.__struct__/0 is undefined, cannot expand struct Tesla.Env. Make sure the struct name is correct. If the struct name exists and is correct but it still cannot be found, you likely have cyclic module usage in your code
    (stdlib 3.13.2) lists.erl:1358: :lists.mapfoldl/3
    (stdlib 3.13.2) lists.erl:1359: :lists.mapfoldl/3
could not compile dependency :reverse_proxy_plug, "mix compile" failed. You can recompile this dependency with "mix deps.compile reverse_proxy_plug", update it with "mix deps.update reverse_proxy_plug" or clean it with "mix deps.clean reverse_proxy_plug"

I was having trouble with 1.2.1, and noticed that master was 20 commits ahead. So I decided to give master a try, and appearently one of those 20 fixed the issue I was having!

This plug does not recycle cookies at all when making the upstream request. Most other proxies will simply forward the entire cookie jar to the upstream request.

For example from Go:

• https://github.com/golang/go/blob/6db7480f5973ced97dfb08f949889e2ff108a492/src/net/http/httputil/reverseproxy.go#L234
• https://github.com/golang/go/blob/6db7480f5973ced97dfb08f949889e2ff108a492/src/net/http/request.go#L366-L395

More specifically, it looks like this plug recycles the cookie headers, but doesn't pass the correct option to HTTPoison/hackney:
https://hexdocs.pm/httpoison/readme.html#cookies

I'd be happy to submit the PR for this as I've already got a working copy locally.

Hey people! Thanks for your work!

Could you please release a new version? It has 17 commits since last tag and some important fixes (like the port in the host header).

Cheers

I'm receiving the error during tests:
The client adapter does not support streaming responses. Please use :buffer response mode.

But I don't understand how to specify that streaming mode is supported.

Config:
config :reverse_proxy_plug, :http_client, ReverseProxyPlug.HTTPClient.Adapters.HTTPoison

Elixir version: 1.16.1

This functionality was effectively removed to fix #175 - the new version of this functionality should fulfil two requirements:

• it should be tested to work with each adapter - {:stream, _} as a input value for the upstream body was supported by HTTPoison, but it was unclear (and untested) whether this was supported by the Tesla adapter at all
• as #175, we need to forward conn whenever we use Plug.Conn.read_body - but that seems to be at odds with passing in a stream to the library. Perhaps Stream.resource, and sending the latest conn to ourselves?

I have been using this reverse proxy in a phoenix plug, but the plug init/1 gets called during compile time. However I need to configure the :upstream at runtime, based on the environment at runtime.

I have a working implementation of passing in a function or a string for the :upstream value, and then only using that value in the init/1 if it is a string, or applying the function in the call/2 otherwise.
Would you be open to a pull request?

Another alternative, and perhaps even complementary, solution would be to allow setting a value in the Connection, similar to the raw_body, with the use of: https://hexdocs.pm/plug/Plug.Conn.html#put_private/3

Using plausible I need to reverse proxy:

https://plausible.io/docs/proxy/introduction#are-you-concerned-about-missing-data

https://<yourdomain.com>/js/script.js -> https://plausible.io/js/script.js
https://<yourdomain.com>/api/event    -> https://plausible.io/api/event

In my Phoenix app's Router I've added the following:

forward "/js/script.js", ReverseProxyPlug, upstream: "//plausible.io/js/script.js"
forward "/api/event", ReverseProxyPlug, upstream: "//plausible.io/api/event"

but get this error: ReverseProxyPlug has already been forwarded to. A module can only be forwarded a single time

Can the forwarding be done in a single line?

I am very excited about your project and was looking forward to integrating reverse_proxy_plug into my work project. During the integration process, I noticed that the plug seems to lack support for path parameters in the upstream URL. Specifically, path variables are not replaced with their corresponding values, leading to incorrect request routing.

Code Example:
forward "/users/:userId", to: ReverseProxyPlug, upstream: "https://example.com/users/:userId"

In this example, I expected :userId to be replaced by the actual user ID from the request, but this substitution does not occur.

Here is the solution to this issue
#174

Hop-by-hop headers are stripped from buffer mode responses as of #7, but we should ensure they are stripped from forwarded requests and responses in both stream and buffer mode.

https://tools.ietf.org/html/draft-ietf-httpbis-p1-messaging-14#section-7.1.3

Hi,
i would like to point an issue i found while proxying for example keycloak.
Keycloak uses the "set-cookie"-Header multiple times.
In streaming mode reverse proxy plug does not pass on these headers because it is reducing on the response headers using Conn.put_resp_header which will update existing headers.
In buffering mode it works as there it is just passed on.

• use Code.ensure_loaded!
• use then as required

We should use HTTPoison.request!/5 rather than HTTPoison.request/5.

Checking the return value for error is also possible.

Hello,

I am trying out this plug, and ran into a strange issue. Configuring tesla_client option was also kind of tricky, and I don't know if I have it setup correctly. The problem I see is that when configured with Tesla (using either mint or hackney as tesla_client), the requests just hang and never complete. Using hackney directly instead of tesla seems to work.

Here's how I have it setup:

mix.exs:

defp deps do
  [
    {:reverse_proxy_plug, "~> 2.1"},
    {:tesla, "~> 1.4"},
    {:mint, "~> 1.4"},
    {:castore, "~> 0.1"}
  ]
end

endpoint.ex:

defmodule MiddleMan.Endpoint do
  use Plug.Router

  plug(Plug.Telemetry, event_prefix: [:middle_man, :plug])
  plug(Plug.Logger)
  plug(:match)

  plug(:dispatch)

  get "/hello" do
    send_resp(conn, 200, "world")
  end

forward("/test",
    to: ReverseProxyPlug,
    client: ReverseProxyPlug.HTTPClient.Adapters.Tesla,
    upstream: "//localhost:8000/",
    client_options: [
      tesla_client: Tesla.client([], {Tesla.Adapter.Mint, []})
    ]
  )
end

When I make a request to http://localhost:4000/test/test.json, I see this in the logs:
15:21:59.484 [info] GET /test/test.json
and the browser keeps loading and loading with no response.

Any clues what I did wrong above? I was unable to figure out how to pass tesla_client option in config.exs, so I ended up passing the options in the forward call.

Any help would be appreciated.....thanks for your time!

Response headers from the upstream request are not passed on to the client. Proxy these, removing hop-by-hop headers.

Hi there!

Request headers are always downcased when sent upstream here.

  defp normalize_headers(headers) do
    headers
    |> downcase_headers
    |> remove_hop_by_hop_headers
  end

Could the casing be configurable? The upstream we relay requests to through this plug performs case sensitive matching to consume some headers, dropping the ones which have been downcased.

Thanks!

It will be a breaking change, but there is no reason for the opts[:error_callback] to pass {:error, error} through from response/3 - we should pattern match in the function head and pass error through to the callback instead.

Thanks for open-sourcing this Plug.

The README states that:

ReverseProxyPlug supports chunked transfer encoding and by default the responses are not buffered

Is there any way to change this behavior, so the response is not passed back to the client until all chunks are received?

I am not 100% sure if this is an issue concerning Plug or Phoenix in general or one specific to the ReverseProxyPlug or plain old me misunderstanding your README.

My setup: I want to proxy a CouchDB 3.2.1 in my Phoenix app. If I use the default response mode, clients that want to connect to the CouchDB throw:

GET http://localhost:4000/db/project_1/_changes?timeout=600000&style=all_docs&feed=longpoll&heartbeat=10000&since=11-g1AAAACLe(...)AqSw&limit=50)
net::ERR_INCOMPLETE_CHUNKED_ENCODING 

See also https://docs.couchdb.org/en/3.2.0/api/database/changes.html.

See the documentation for how to implement this

Thank you for this.

This is probably more of a documentation issue: I am trying to use callbacks. I get the error mentioned above, while having configured the HTTPoison adapter:

config :reverse_proxy_plug, :http_client, ReverseProxyPlug.HTTPClient.Adapters.HTTPoison

with

{:httpoison, "~> 2.2.1"},
{:reverse_proxy_plug, "~> 2.4.0"},

Which adapter should I choose for the response callbacks?

According to https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Host, the host header should (must?) not include the port number when the port is the default.

i.e:

For http://web.example.com:80, the host should be web.example.com
For http://special.port.com:666, the host should be special.port.com:666

Right now if the plug is configured with upstream http://special.port.com:666 and not host header is passed in the request, the host header is generated as special.port.com. The expected value is special.port.com:666

Any interest in adding the ability to transparently rewrite the Location if it matches the upstream to be the host/port/scheme of wherever the proxy is listening?