Mercurial > prosody-modules
annotate mod_net_proxy/README.markdown @ 2930:9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
| author | Pascal Mathis <mail@pascalmathis.com> |
|---|---|
| date | Thu, 15 Mar 2018 15:26:30 +0100 |
| parents | |
| children | 4bb3a4b726c9 |
| rev | line source |
|---|---|
|
2930
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
1 --- |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
2 labels: |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
3 - 'Stage-Alpha' |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
4 summary: 'Implementation of PROXY protocol versions 1 and 2' |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
5 ... |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
6 |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
7 Introduction |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
8 ============ |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
9 |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
10 This module implements the PROXY protocol in versions 1 and 2, which fulfills |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
11 the following usecase as described within the official protocol specifications: |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
12 |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
13 > Relaying TCP connections through proxies generally involves a loss of the |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
14 > original TCP connection parameters such as source and destination addresses, |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
15 > ports, and so on. |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
16 > |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
17 > The PROXY protocol's goal is to fill the server's internal structures with the |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
18 > information collected by the proxy that the server would have been able to get |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
19 > by itself if the client was connecting directly to the server instead of via a |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
20 > proxy. |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
21 |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
22 You can find more information about the PROXY protocol on |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
23 [the official website](https://www.haproxy.com/blog/haproxy/proxy-protocol/) |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
24 or within |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
25 [the official protocol specifications.](https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt) |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
26 |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
27 |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
28 Usage |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
29 ===== |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
30 |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
31 Copy the plugin into your prosody's modules directory. And add it |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
32 between your enabled modules into the global section (modules\_enabled). |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
33 |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
34 As the PROXY protocol specifications do not allow guessing if the PROXY protocol |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
35 shall be used or not, you need to configure separate ports for all the services |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
36 that should be exposed with PROXY protocol support: |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
37 |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
38 ```lua |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
39 proxy_ports = {15222, 15269} |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
40 proxy_port_mappings = { |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
41 [15222] = "c2s", |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
42 [15269] = "s2s" |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
43 } |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
44 ``` |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
45 |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
46 The above example configuration, which needs to be placed in the global section, |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
47 would listen on both tcp/15222 and tcp/15269. All incoming connections to these ports |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
48 have to be initiated by a PROXYv1 or PROXYv2 sender and will get mapped to the |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
49 configured service name after initializating the connection. |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
50 |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
51 Please note that each port handled by _mod_net_proxy_ must be mapped to another |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
52 service name by adding an item to _proxy_port_mappings_, otherwise a warning will |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
53 be printed during module initialization and all incoming connections to unmapped ports |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
54 will be dropped after processing the PROXY protocol requests. |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
55 |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
56 The service name can be found by analyzing the source of the module, as it is the |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
57 same name as specified within the _name_ attribute when calling |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
58 `module:provides("net", ...)` to initialize a network listener. The following table |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
59 shows the names for the most commonly used Prosody modules: |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
60 |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
61 ------------- -------------------------- |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
62 **Module** **Service Name** |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
63 c2s c2s (Plain/StartTLS) |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
64 s2s s2s (Plain/StartTLS) |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
65 proxy65 proxy65 (Plain) |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
66 http http (Plain) |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
67 net_multiplex multiplex (Plain/StartTLS) |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
68 ------------- -------------------------- |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
69 |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
70 This module should work with all services that are providing ports which either |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
71 offer plaintext or StartTLS-based encryption. Please note that instead of using |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
72 this module for HTTP-based services (BOSH/WebSocket) it might be worth resorting |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
73 to use proxy which is able to process HTTP and insert a _X-Forwarded-For_ header |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
74 instead. |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
75 |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
76 |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
77 Example |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
78 ======= |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
79 |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
80 This example provides you with a Prosody server that accepts regular connections on |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
81 tcp/5222 (C2S) and tcp/5269 (S2S) while also offering dedicated PROXY protocol ports |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
82 for both modules, configured as tcp/15222 (C2S) and tcp/15269 (S2S): |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
83 |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
84 ```lua |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
85 c2s_ports = {5222} |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
86 s2s_ports = {5269} |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
87 proxy_ports = {15222, 15269} |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
88 proxy_port_mappings = { |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
89 [15222] = "c2s", |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
90 [15269] = "s2s" |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
91 } |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
92 ``` |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
93 |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
94 After adjusting the global configuration of your Prosody server accordingly, you can |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
95 configure your desired sender accordingly. Below is an example for a working HAProxy |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
96 configuration which will listen on the default XMPP ports (5222+5269) and connect to |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
97 your XMPP backend running on 192.168.10.10 using the PROXYv2 protocol: |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
98 |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
99 ``` |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
100 defaults d-xmpp |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
101 mode tcp |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
102 option redispatch |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
103 option tcplog |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
104 option tcpka |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
105 option clitcpka |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
106 option srvtcpka |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
107 |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
108 timeout connect 5s |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
109 timeout client 24h |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
110 timeout server 60m |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
111 |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
112 frontend f-xmpp |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
113 bind :5222,:5269 |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
114 use_backend b-xmpp-c2s if { dst_port eq 5222 } |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
115 use_backend b-xmpp-s2s if { dst_port eq 5269 } |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
116 |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
117 backend b-xmpp-c2s |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
118 balance roundrobin |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
119 option independant-streams |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
120 server mycoolprosodybox 192.168.10.10:15222 send-proxy-v2 |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
121 |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
122 backend b-xmpp-s2s |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
123 balance roundrobin |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
124 option independant-streams |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
125 server mycoolprosodybox 192.168.10.10:15269 send-proxy-v2 |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
126 ``` |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
127 |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
128 |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
129 Limitations |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
130 =========== |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
131 |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
132 It is currently not possible to use this module for offering PROXY protocol support |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
133 on SSL/TLS ports, which will automatically initiate a SSL handshake. This might be |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
134 possible in the future, but it currently does not look like this could easily be |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
135 implemented due to the current handling of such connections. |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
136 |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
137 |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
138 Important Notes |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
139 =============== |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
140 |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
141 Please do not expose any ports offering PROXY protocol to the internet - while regular |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
142 clients will be unable to use them anyways, it is outright dangerous and allows anyone |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
143 to spoof the actual IP address. It is highly recommended to only allow PROXY |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
144 connections from trusted sources, e.g. your loadbalancer. |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
145 |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
146 |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
147 Compatibility |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
148 ============= |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
149 |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
150 ----- ----- |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
151 trunk Works |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
152 0.10 Works |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
153 ----- ----- |