Skip to content

Commit 8b04f00

Browse files
prajjwaldimriprajjwaldimri
committed
tries fixing websocket upgrades
1 parent 5dc959f commit 8b04f00

File tree

1 file changed

+17
-5
lines changed

1 file changed

+17
-5
lines changed

pkg/transparent-cache/oginy/oginy.go

Lines changed: 17 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -286,13 +286,18 @@ func Start(port int) error {
286286
// Set environment variables for current process and children
287287
os.Setenv("NODE_OPTIONS", "--use-openssl-ca")
288288
os.Setenv("NODE_EXTRA_CA_CERTS", caCertPath)
289+
os.Setenv("SSL_CERT_FILE", caCertPath)
289290

290291
// If running in GitHub Actions, write to GITHUB_ENV
291292
if githubEnv := os.Getenv("GITHUB_ENV"); githubEnv != "" {
292293
log.Printf("Detected GitHub Actions environment, writing to GITHUB_ENV")
293294
if err := appendToFile(githubEnv, fmt.Sprintf("NODE_OPTIONS=--use-openssl-ca\nNODE_EXTRA_CA_CERTS=%s\n", caCertPath)); err != nil {
294295
log.Printf("Warning: failed to write to GITHUB_ENV: %v", err)
295296
}
297+
// Write SSL_CERT_FILE in a separate call to avoid duplicate-check skipping
298+
if err := appendToFile(githubEnv, fmt.Sprintf("SSL_CERT_FILE=%s\n", caCertPath)); err != nil {
299+
log.Printf("Warning: failed to write SSL_CERT_FILE to GITHUB_ENV: %v", err)
300+
}
296301
}
297302

298303
// Also write to /etc/environment if we have permissions (for system-wide)
@@ -302,8 +307,13 @@ func Start(port int) error {
302307
log.Printf("To set system-wide, run as root or manually add to /etc/environment:")
303308
log.Printf(" NODE_OPTIONS=\"--use-openssl-ca\"")
304309
log.Printf(" NODE_EXTRA_CA_CERTS=\"%s\"", caCertPath)
310+
log.Printf(" SSL_CERT_FILE=\"%s\"", caCertPath)
305311
} else {
306312
log.Printf("Successfully updated /etc/environment")
313+
// Write SSL_CERT_FILE in a separate call to avoid duplicate-check skipping
314+
if err := appendToFile("/etc/environment", fmt.Sprintf("SSL_CERT_FILE=\"%s\"\n", caCertPath)); err != nil {
315+
log.Printf("Warning: failed to append SSL_CERT_FILE to /etc/environment: %v", err)
316+
}
307317
}
308318

309319
// Generate certificates for each domain
@@ -399,8 +409,10 @@ func Start(port int) error {
399409
DialContext: (&net.Dialer{Timeout: 10 * time.Second, KeepAlive: 60 * time.Second}).DialContext,
400410
TLSClientConfig: &tls.Config{
401411
ServerName: resultsReceiverHost, // Set SNI to the original hostname
412+
NextProtos: []string{"http/1.1"},
402413
},
403-
ForceAttemptHTTP2: true,
414+
ForceAttemptHTTP2: false,
415+
TLSNextProto: map[string]func(authority string, c *tls.Conn) http.RoundTripper{},
404416
MaxIdleConns: 1024,
405417
MaxIdleConnsPerHost: 512,
406418
MaxConnsPerHost: 0, // unlimited
@@ -439,8 +451,8 @@ func Start(port int) error {
439451
// TLS server config (minimal) - using TLS 1.2 as minimum and enabling HTTP/2
440452
tlsCfg := &tls.Config{
441453
MinVersion: tls.VersionTLS12,
442-
GetCertificate: mp.GetCertificate, // SNI
443-
NextProtos: []string{"h2", "http/1.1"}, // Enable HTTP/2
454+
GetCertificate: mp.GetCertificate, // SNI
455+
NextProtos: []string{"http/1.1"},
444456
}
445457

446458
srv := &http.Server{
@@ -469,8 +481,8 @@ func appendToFile(filepath, content string) error {
469481

470482
// Read existing content to check for duplicates
471483
existing, err := os.ReadFile(filepath)
472-
if err == nil && strings.Contains(string(existing), "NODE_EXTRA_CA_CERTS") {
473-
// Already configured, skip
484+
if err == nil && strings.Contains(string(existing), content) {
485+
// Already configured with the same content, skip
474486
return nil
475487
}
476488

0 commit comments

Comments
 (0)