feat(ai-proxy): disbale the http2 alpn handshake for the request hitt…

…ing the route configured with ai-proxy
Kong · Oct 21, 2024 · 2340e90 · 2340e90
1 parent f88161b
commit 2340e90
Show file tree

Hide file tree

Showing 12 changed files with 367 additions and 213 deletions.
diff --git a/changelog/unreleased/kong/feat-ai-proxy-disable-h2-alpn.yml b/changelog/unreleased/kong/feat-ai-proxy-disable-h2-alpn.yml
@@ -0,0 +1,4 @@
+message: | 
+  **ai-proxy**: Disabled HTTP/2 ALPN handshake for connections on routes configured with AI-proxy. 
+type: feature
+scope: Plugin
diff --git a/kong-3.9.0-0.rockspec b/kong-3.9.0-0.rockspec
@@ -183,6 +183,9 @@ build = {
     ["kong.status"] = "kong/status/init.lua",
     ["kong.status.ready"] = "kong/status/ready.lua",
 
+    ["kong.tls.plugins.certificate"] = "kong/tls/plugins/certificate.lua",
+    ["kong.tls.plugins.sni_filter"] = "kong/tls/plugins/sni_filter.lua",
+
     ["kong.tools.dns"] = "kong/tools/dns.lua",
     ["kong.tools.grpc"] = "kong/tools/grpc.lua",
     ["kong.tools.utils"] = "kong/tools/utils.lua",

diff --git a/kong/init.lua b/kong/init.lua
@@ -1051,6 +1051,10 @@ function Kong.ssl_certificate()
   kong.table.clear(ngx.ctx)
 end
 
+function Kong.ssl_client_hello()
+  local ctx = get_ctx_table(fetch_table(CTX_NS, CTX_NARR, CTX_NREC))
+  ctx.KONG_PHASE = PHASES.client_hello
+end
 
 function Kong.preread()
   local ctx = get_ctx_table(fetch_table(CTX_NS, CTX_NARR, CTX_NREC))

diff --git a/kong/llm/proxy/handler.lua b/kong/llm/proxy/handler.lua
@@ -13,7 +13,14 @@ local kong_utils = require("kong.tools.gzip")
 local buffer = require "string.buffer"
 local strip = require("kong.tools.string").strip
 local cycle_aware_deep_copy = require("kong.tools.table").cycle_aware_deep_copy
+local kong_global = require("kong.global")
+local PHASES = kong_global.phases
 
+local certificate = require("kong.tls.plugins.certificate")
+local sni_filter = require("kong.tls.plugins.sni_filter")
+
+local TTL_FOREVER = { ttl = 0 }
+-- local SNI_CACHE_KEY = "ai:llm:cert_enabled_snis"
 
 local EMPTY = require("kong.tools.table").EMPTY
 
@@ -477,4 +484,57 @@ function _M:access(conf)
 
 end
 
+
+
+function _M:init_worker_for_plugin(plugin_name)
+  -- TODO: remove nasty hacks once we have singleton phases support in core
+  local sni_cache_key = "ai:llm:cert_enabled_snis:" .. plugin_name
+  local orig_ssl_client_hello = Kong.ssl_client_hello   -- luacheck: ignore
+  Kong.ssl_client_hello = function()                   -- luacheck: ignore
+    orig_ssl_client_hello()
+
+    local ctx = ngx.ctx
+    -- ensure phases are set
+    ctx.KONG_PHASE = PHASES.client_hello
+
+    kong_global.set_namespaced_log(kong, plugin_name)
+    local snis_set, err = kong.cache:get(sni_cache_key, TTL_FOREVER,
+      sni_filter.build_ssl_route_filter_set, plugin_name)
+
+    if err then
+      kong.log.err("unable to request client to present its certificate: ",
+            err)
+      return ngx.exit(ngx.ERROR)
+    end
+    certificate.execute_client_hello(snis_set, { disable_http2 = true })
+    kong_global.reset_log(kong)
+
+  end
+
+  local worker_events = kong.worker_events
+  if not worker_events or not worker_events.register then
+    return
+  end
+
+  local function invalidate_sni_cache()
+    kong.cache:invalidate(sni_cache_key)
+  end
+
+  worker_events.register(function(data)
+    invalidate_sni_cache()
+  end, "crud", "plugins")
+
+  worker_events.register(function(data)
+    invalidate_sni_cache()
+  end, "crud", "routes")
+
+  worker_events.register(function(data)
+    invalidate_sni_cache()
+  end, "crud", "services")
+
+  worker_events.register(function(data)
+    invalidate_sni_cache()
+  end, "crud", "ca_certificates")
+end
+
 return _M
diff --git a/kong/pdk/client/tls.lua b/kong/pdk/client/tls.lua
@@ -166,6 +166,24 @@ local function new()
     ngx.ctx.CLIENT_VERIFY_OVERRIDE = v
   end
 
+  ---
+  -- Prevents the TLS handshake from negotiating HTTP/2 ALPN. 
+  -- if successful, the TLS handshake will not negotiate HTTP/2 ALPN to turn to HTTP1.1.
+  --
+  -- @function kong.client.tls.disable_http2_alpn
+  -- @phases client_hello
+  -- @treturn true|nil Returns `true` if successful, `nil` if it fails.
+  -- @treturn nil|err Returns `nil` if successful, or an error message if it fails.
+  --
+  -- @usage
+  -- local res, err = kong.client.tls.disable_http2_alpn()
+  -- if not res then
+  --   -- do something with err
+  -- end
+  function _TLS.disable_http2_alpn()
+    check_phase(PHASES.client_hello)
+    return kong_tls.disable_http2_alpn()
+  end
 
   return _TLS
 end

diff --git a/kong/pdk/private/phases.lua b/kong/pdk/private/phases.lua
@@ -10,6 +10,7 @@ local PHASES = {
   --init            = 0x00000001,
   init_worker       = 0x00000001,
   certificate       = 0x00000002,
+  client_hello      = 0x00000008,
   --set             = 0x00000004,
   rewrite           = 0x00000010,
   access            = 0x00000020,

diff --git a/kong/plugins/ai-proxy/handler.lua b/kong/plugins/ai-proxy/handler.lua
@@ -3,7 +3,9 @@ local deep_copy = require "kong.tools.table".deep_copy
 
 
 local _M = deep_copy(require("kong.llm.proxy.handler"))
-
+_M.init_worker = function()
+    _M:init_worker_for_plugin("ai-proxy")
+end
 
 _M.PRIORITY = 770
 _M.VERSION = kong_meta.version

diff --git a/kong/templates/nginx_kong.lua b/kong/templates/nginx_kong.lua
@@ -126,6 +126,9 @@ server {
     ssl_certificate_by_lua_block {
         Kong.ssl_certificate()
     }
+    ssl_client_hello_by_lua_block {
+        Kong.ssl_client_hello()
+    }
 > end
 
     # injected nginx_proxy_* directives

diff --git a/kong/templates/nginx_kong_stream.lua b/kong/templates/nginx_kong_stream.lua
@@ -119,6 +119,9 @@ server {
     ssl_certificate_by_lua_block {
         Kong.ssl_certificate()
     }
+    ssl_client_hello_by_lua_block {
+        Kong.ssl_client_hello()
+    }
 > end
 
     set $upstream_host '';