Merge pull request #277 from Dstack-TEE/gw-compat

kvinwang · web-flow · commit 7b24d5a87ff3 · 2025-08-08T17:35:49.000+08:00
gw: Add 0.3.x compatibility custom domain dns prefix
diff --git a/gateway/gateway.toml b/gateway/gateway.toml
@@ -60,6 +60,7 @@ buffer_size = 8192
 connect_top_n = 3
 localhost_enabled = false
 app_address_ns_prefix = "_dstack-app-address"
+app_address_ns_compat = true
 workers = 32
 external_port = 443
 
diff --git a/gateway/rpc/proto/gateway_rpc.proto b/gateway/rpc/proto/gateway_rpc.proto
@@ -41,8 +41,10 @@ message GuestAgentConfig {
   uint32 external_port = 1;
   // The in CVM port of the guest agent.
   uint32 internal_port = 2;
-  // The domain of the guest agent.
+  // The base domain of the zt-https
   string domain = 3;
+  // The app address namespace prefix
+  string app_address_ns_prefix = 4;
 }
 
 // StatusResponse is the response for Status.
@@ -145,6 +147,8 @@ message InfoResponse {
   string base_domain = 1;
   // The external port of the ZT-HTTPS
   uint32 external_port = 2;
+  // The app address namespace prefix
+  string app_address_ns_prefix = 3;
 }
 
 service Gateway {
diff --git a/gateway/src/config.rs b/gateway/src/config.rs
@@ -80,6 +80,7 @@ pub struct ProxyConfig {
     pub localhost_enabled: bool,
     pub workers: usize,
     pub app_address_ns_prefix: String,
+    pub app_address_ns_compat: bool,
 }
 
 #[derive(Debug, Clone, Deserialize)]
diff --git a/gateway/src/main_service.rs b/gateway/src/main_service.rs
@@ -735,9 +735,10 @@ impl GatewayRpc for RpcHandler {
                 servers,
             }),
             agent: Some(GuestAgentConfig {
-                external_port: state.config.proxy.listen_port as u32,
+                external_port: state.config.proxy.external_port as u32,
                 internal_port: state.config.proxy.agent_port as u32,
                 domain: state.config.proxy.base_domain.clone(),
+                app_address_ns_prefix: state.config.proxy.app_address_ns_prefix.clone(),
             }),
         };
         self.state.notify_state_updated.notify_one();
@@ -786,6 +787,7 @@ impl GatewayRpc for RpcHandler {
         Ok(InfoResponse {
             base_domain: state.config.proxy.base_domain.clone(),
             external_port: state.config.proxy.external_port as u32,
+            app_address_ns_prefix: state.config.proxy.app_address_ns_prefix.clone(),
         })
     }
 }
diff --git a/gateway/src/proxy/tls_passthough.rs b/gateway/src/proxy/tls_passthough.rs
@@ -29,20 +29,42 @@ impl AppAddress {
 }
 
 /// resolve app address by sni
-async fn resolve_app_address(prefix: &str, sni: &str) -> Result<AppAddress> {
+async fn resolve_app_address(prefix: &str, sni: &str, compat: bool) -> Result<AppAddress> {
     let txt_domain = format!("{prefix}.{sni}");
     let resolver = hickory_resolver::AsyncResolver::tokio_from_system_conf()
         .context("failed to create dns resolver")?;
-    let lookup = resolver
-        .txt_lookup(txt_domain)
-        .await
-        .context("failed to lookup app address")?;
-    let txt_record = lookup.iter().next().context("no txt record found")?;
-    let data = txt_record
-        .txt_data()
-        .first()
-        .context("no data in txt record")?;
-    AppAddress::parse(data).context("failed to parse app address")
+
+    if compat && prefix != "_tapp-address" {
+        let txt_domain_legacy = format!("_tapp-address.{sni}");
+        let (lookup, lookup_legacy) = tokio::join!(
+            resolver.txt_lookup(txt_domain),
+            resolver.txt_lookup(txt_domain_legacy),
+        );
+        for lookup in [lookup, lookup_legacy] {
+            let Ok(lookup) = lookup else {
+                continue;
+            };
+            let Some(txt_record) = lookup.iter().next() else {
+                continue;
+            };
+            let Some(data) = txt_record.txt_data().first() else {
+                continue;
+            };
+            return AppAddress::parse(data).context("failed to parse app address");
+        }
+        anyhow::bail!("failed to resolve app address");
+    } else {
+        let lookup = resolver
+            .txt_lookup(txt_domain)
+            .await
+            .context("failed to lookup app address")?;
+        let txt_record = lookup.iter().next().context("no txt record found")?;
+        let data = txt_record
+            .txt_data()
+            .first()
+            .context("no data in txt record")?;
+        AppAddress::parse(data).context("failed to parse app address")
+    }
 }
 
 pub(crate) async fn proxy_with_sni(
@@ -51,7 +73,9 @@ pub(crate) async fn proxy_with_sni(
     buffer: Vec<u8>,
     sni: &str,
 ) -> Result<()> {
-    let addr = resolve_app_address(&state.config.proxy.app_address_ns_prefix, sni)
+    let ns_prefix = &state.config.proxy.app_address_ns_prefix;
+    let compat = state.config.proxy.app_address_ns_compat;
+    let addr = resolve_app_address(ns_prefix, sni, compat)
         .await
         .context("failed to resolve app address")?;
     debug!("target address is {}:{}", addr.app_id, addr.port);
@@ -123,6 +147,7 @@ mod tests {
         let app_addr = resolve_app_address(
             "_dstack-app-address",
             "3327603e03f5bd1f830812ca4a789277fc31f577.app.kvin.wang",
+            false,
         )
         .await
         .unwrap();

Original file line number	Diff line number	Diff line change
`@@ -80,6 +80,7 @@ pub struct ProxyConfig {`
`80`	`80`	`pub localhost_enabled: bool,`
`81`	`81`	`pub workers: usize,`
`82`	`82`	`pub app_address_ns_prefix: String,`
	`83`	`+ pub app_address_ns_compat: bool,`
`83`	`84`	`}`
`84`	`85`
`85`	`86`	`#[derive(Debug, Clone, Deserialize)]`