-
Notifications
You must be signed in to change notification settings - Fork 565
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
4.x: Initial support for proxy protocol V1 and V2 #7829
Conversation
8b465f8
to
e2d25ef
Compare
…PI to make protocol data available to application handlers.
…he proxy protocol.
…s when using proxy protocol.
Signed-off-by: Santiago Pericasgeertsen <santiago.pericasgeertsen@oracle.com>
The revised Should the code allow users to configure which family of header to use (maybe both??) and then set the corresponding header(s)? I see that the proxy spec (thanks for the link) uses the Given that our requested URI support allows users to configure one or the other or both families of headers for that feature, should the proxy support do the same? Or, perhaps, just always set both |
It's obviously possible to support both. I wanted to do the minimum without consulting config and without creating formatted strings, to avoid adding more code to the request processing loop. Using the X headers seems more efficient and it is one of the options supported by the existing URI mechanism. Perhaps we can start with something simple and provide other options if/when customer feedback is received. |
Description
This PR includes an implementation of the proxy protocol V1 and V2 as described here https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt. This feature can be enabled on a listener configuration:
Once enabled, it is disabled by default, the proxy protocol header MUST be present in the connection (only for the first request if multiple ones are sent over a long-lived connection). The feature is supported for HTTP/1.1 and HTTP2 and can also be used in combination with TLS (proxy protocol header is processed before the SSL handshake).
The proxy protocol version, either V1 or V2, is automatically discovered by inspecting the first few bytes of a connection. The data collected from the protocol header can be obtained from a
ServerRequest
as shown below:It addition, a subset of the proxy protocol data is made available as the HTTP headers
X-Forwarded-For
andX-Forwarded-Port
. These headers can also be used in combination withRequestedUriDiscoveryContext
when configured to inspect the aforementioned headers.Other than unit and integration tests, both the V1 and V2 protocol headers have been manually tested to be compatible with Wireshark's decoder.
Documentation
I shall create a new follow-up issue to document this new features, if and when it is merged.