From 4ea7bf0510eda0cdb62e14d45591c287555a442d Mon Sep 17 00:00:00 2001
From: Poorna <poornas@users.noreply.github.com>
Date: Wed, 23 Feb 2022 11:50:40 -0800
Subject: [PATCH] Use custom transport for site replication (#14391)

Also, ensure that tiering uses a different instance of custom transport
---
 cmd/site-replication.go | 19 ++-----------------
 cmd/warm-backend-s3.go  | 14 +++++++++++---
 2 files changed, 13 insertions(+), 20 deletions(-)

diff --git a/cmd/site-replication.go b/cmd/site-replication.go
index d11fcb678..57d9d84a4 100644
--- a/cmd/site-replication.go
+++ b/cmd/site-replication.go
@@ -20,13 +20,11 @@ package cmd
 import (
 	"bytes"
 	"context"
-	"crypto/tls"
 	"encoding/base64"
 	"encoding/json"
 	"encoding/xml"
 	"errors"
 	"fmt"
-	"net/http"
 	"net/url"
 	"reflect"
 	"sort"
@@ -2040,26 +2038,13 @@ func (c *SiteReplicationSys) RemoveRemoteTargetsForEndpoint(ctx context.Context,
 
 // Other helpers
 
-// newRemoteClusterHTTPTransport returns a new http configuration
-// used while communicating with the remote cluster.
-func newRemoteClusterHTTPTransport() *http.Transport {
-	tr := &http.Transport{
-		Proxy: http.ProxyFromEnvironment,
-		TLSClientConfig: &tls.Config{
-			RootCAs:            globalRootCAs,
-			ClientSessionCache: tls.NewLRUClientSessionCache(tlsClientSessionCacheSize),
-		},
-	}
-	return tr
-}
-
 func getAdminClient(endpoint, accessKey, secretKey string) (*madmin.AdminClient, error) {
 	epURL, _ := url.Parse(endpoint)
 	client, err := madmin.New(epURL.Host, accessKey, secretKey, epURL.Scheme == "https")
 	if err != nil {
 		return nil, err
 	}
-	client.SetCustomTransport(newRemoteClusterHTTPTransport())
+	client.SetCustomTransport(NewRemoteTargetHTTPTransport())
 	return client, nil
 }
 
@@ -2071,7 +2056,7 @@ func getS3Client(pc madmin.PeerSite) (*minioClient.Client, error) {
 	return minioClient.New(ep.Host, &minioClient.Options{
 		Creds:     credentials.NewStaticV4(pc.AccessKey, pc.SecretKey, ""),
 		Secure:    ep.Scheme == "https",
-		Transport: newRemoteClusterHTTPTransport(),
+		Transport: NewRemoteTargetHTTPTransport(),
 	})
 }
 
diff --git a/cmd/warm-backend-s3.go b/cmd/warm-backend-s3.go
index 37d06c2ee..1626682c4 100644
--- a/cmd/warm-backend-s3.go
+++ b/cmd/warm-backend-s3.go
@@ -21,8 +21,10 @@ import (
 	"context"
 	"fmt"
 	"io"
+	"net/http"
 	"net/url"
 	"strings"
+	"sync"
 	"time"
 
 	"github.com/minio/madmin-go"
@@ -31,6 +33,12 @@ import (
 	"github.com/minio/minio-go/v7/pkg/credentials"
 )
 
+// getRemoteTierTargetInstanceTransport contains a singleton roundtripper.
+var (
+	getRemoteTierTargetInstanceTransport     http.RoundTripper
+	getRemoteTierTargetInstanceTransportOnce sync.Once
+)
+
 type warmBackendS3 struct {
 	client       *minio.Client
 	core         *minio.Core
@@ -109,13 +117,13 @@ func newWarmBackendS3(conf madmin.TierS3) (*warmBackendS3, error) {
 	} else {
 		creds = credentials.NewStaticV4(conf.AccessKey, conf.SecretKey, "")
 	}
-	getRemoteTargetInstanceTransportOnce.Do(func() {
-		getRemoteTargetInstanceTransport = newGatewayHTTPTransport(10 * time.Minute)
+	getRemoteTierTargetInstanceTransportOnce.Do(func() {
+		getRemoteTierTargetInstanceTransport = newGatewayHTTPTransport(10 * time.Minute)
 	})
 	opts := &minio.Options{
 		Creds:     creds,
 		Secure:    u.Scheme == "https",
-		Transport: getRemoteTargetInstanceTransport,
+		Transport: getRemoteTierTargetInstanceTransport,
 	}
 	client, err := minio.New(u.Host, opts)
 	if err != nil {