reverse_proxy: Add support for SRV backends

[mholt]

This change allows you to specify the "lookup_srv" field on a proxy upstream to lookup a name's SRV records to get the upstream dial address. Resolves #3179.

In the Caddyfile, prefix proxy upstream addresses with srv+, for example:

reverse_proxy srv+example.com

or

reverse_proxy srv+https://example.com

(It's a little weird but that's how it goes I guess.)

@danlsgiga Can you please try this? Once the CI is finished, it should have a binary you can download and use, or you can just pull it yourself and build. Let me know!

[francislavoie]

Why not srv/ like unix/?

[mholt]

Why not srv/ like unix/?

Because it's not a network type; you could in theory have TCP or UDP protocol for SRV lookups, see here: https://golang.org/pkg/net/#Resolver.LookupSRV

[danlsgiga]

@mholt, the SRV functionality works as expected. I can provide only the address without ports now and it can proxy requests successfully.

I see you added the https option for the Caddyfile, but how can I tell via json (using "lookup_srv") for the upstream to use https/tls and potentially insecure_skip_verify?

[mholt]

@danlsgiga Yay! That's awesome. Thanks for verifying!

If you use a Caddyfile with:

reverse_proxy srv+https://example.com {
    transport http {
        tls_insecure_skip_verify
    }
}

in it, you can get the resulting JSON with:

$ caddy adapt

and then you will see how TLS is enabled with the insecure option 😣

[danlsgiga]

Yeah, I know... sometimes we don't have an option but to not verify upstreams certs (self signed).

So, I did what you asked and:

adapt: parsing caddyfile tokens for 'reverse_proxy': Caddyfile:4 - Error during parsing: unrecognized subdirective insecure_skip_verify

That might not be supported yet :/

[mholt]

@danlsgiga I edited my comment a minute after I posted it :) The correct syntax is documented here: https://caddyserver.com/docs/caddyfile/directives/reverse_proxy

[danlsgiga]

Ha! it works!!!!!
It just needed the transport block. Awesome!!!!

                     "handle": [
                        {
                          "handler": "reverse_proxy",
                          "transport": {
                            "protocol": "http",
                            "tls": {
                              "insecure_skip_verify": true,
                              "server_name": "myapp.service.consul"
                            }
                          },
                          "upstreams": [
                            {
                              "lookup_srv": "app.service.consul"
                            }
                          ]
                        }
                      ]

One gotcha though: the json server_name is not documented in https://caddyserver.com/docs/caddyfile/directives/reverse_proxy

[mholt]

@danlsgiga That's a JSON option, not a Caddyfile option (the Caddyfile adapter sets that implicitly so that SNI works with the upstream.) https://caddyserver.com/docs/json/apps/http/servers/routes/handle/reverse_proxy/transport/http/tls/

[danlsgiga]

np... works fine for me! Thanks a lot!