Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for proxy protocol in martian #916

Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

Add support for proxy protocol in martian #916

wants to merge 6 commits into from

Conversation

mmatczuk
Copy link
Contributor

This is version of #915 that implements reading proxy headers in martian.
This has many benefits unfortunately this approach is wrong so I'm sending it for information purposes only.

The PROXY protocol will take precedence over TLS when establishing a network connection. Here’s why:
The PROXY protocol is designed to pass client connection information (like the real IP address and port) from a load balancer or proxy to a backend server. It works at the transport layer and is placed before any higher-layer protocol like TLS.

This means we need implementation in forwarder.Listener I'd send another patch.

@mmatczuk
martian: add Proxy.ReadProxyProtocolHeaderTimeout
bda2fc9
@mmatczuk
martian: try reading PROXY protocol on new connections
4a46311
@mmatczuk
martian: update remote address info when reading request on connectio…
374c8f3 
…n with proxy header

If connection provides proxy protocol header, when reading requests set http.Request.RemoteAddr to source IP address from proxy header.
@mmatczuk
http_proxy: add HTTPProxyConfig.ProxyProtocolReadHeaderTimeout
610ffe8
@mmatczuk
bind: add proxy-protocol-read-header-timeout flag
d41d18a 
    --proxy-protocol-read-header-timeout <duration> (default 5s) (env FORWARDER_PROXY_PROTOCOL_READ_HEADER_TIMEOUT)
        The amount of time to wait for PROXY protocol header if present.
@mmatczuk mmatczuk changed the title Add support for proxy protocol in matian Add support for proxy protocol in martian. Sep 18, 2024
@mmatczuk mmatczuk changed the title Add support for proxy protocol in martian. Add support for proxy protocol in martian Sep 18, 2024
@mmatczuk
e2e: add proxy protocol tests
e5f55f7 
Enable proxy protocol by default in tests.
Add tests to check if XFF header is properly updated.
@Choraden
Copy link
Contributor

I'm beginning to think we made a mistake with putting tls to the listener.

@mmatczuk
Copy link
Contributor Author

I'm beginning to think we made a mistake with putting tls to the listener.

Why?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Choraden Choraden Awaiting requested review from Choraden Choraden is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mmatczuk @Choraden