Update default_port and sni logic to improve reverse proxy reachability (#947)

2025-12-12 04:37:23 +08:00 · 2025-06-07 08:19:31 +08:00
parent a6773aa549
commit d34a51739f
2 changed files with 14 additions and 2 deletions
--- a/easytier/src/common/dns.rs
+++ b/easytier/src/common/dns.rs
@@ -77,6 +77,15 @@ pub async fn socket_addrs(
        .port()
        .or_else(default_port_number)
        .ok_or(Error::InvalidUrl(url.to_string()))?;
+    // See https://github.com/EasyTier/EasyTier/pull/947
+    let port = match port {
+        0 => match url.scheme() {
+            "ws" => 80,
+            "wss" => 443,
+            _ => port,
+        },
+        _ => port,
+    };

    // if host is an ip address, return it directly
    if let Ok(ip) = host.parse::<std::net::IpAddr>() {
--- a/easytier/src/tunnel/websocket.rs
+++ b/easytier/src/tunnel/websocket.rs
@@ -202,8 +202,11 @@ impl WSTunnelConnector {
            init_crypto_provider();
            let tls_conn =
                tokio_rustls::TlsConnector::from(Arc::new(get_insecure_tls_client_config()));
-            // Modify SNI logic: always use "localhost" as SNI to avoid IP blocking.
-            let sni = "localhost";
+            // Modify SNI logic: use "localhost" as SNI for url without domain to avoid IP blocking.
+            let sni = match addr.domain() {
+                None => "localhost".to_string(),
+                Some(domain) => domain.to_string(),
+            };
            let server_name = rustls::pki_types::ServerName::try_from(sni)
                .map_err(|_| TunnelError::InvalidProtocol("Invalid SNI".to_string()))?;
            let stream = tls_conn.connect(server_name, stream).await?;