Added support for PROXY Protocol

echocat · Oct 21, 2020 · 41d212c · 41d212c
1 parent b398556
commit 41d212c
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 1 deletion.
diff --git a/go.mod b/go.mod
@@ -9,6 +9,7 @@ require (
 	github.com/imdario/mergo v0.3.7
 	github.com/nicksnyder/go-i18n/v2 v2.0.0-beta.6
 	github.com/onsi/gomega v1.4.3
+	github.com/pires/go-proxyproto v0.2.0
 	github.com/pkg/errors v0.9.1
 	github.com/prometheus/client_golang v1.7.1
 	github.com/satori/go.uuid v1.2.0

diff --git a/go.sum b/go.sum
@@ -129,6 +129,8 @@ github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1Cpa
 github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
 github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI=
 github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
+github.com/pires/go-proxyproto v0.2.0 h1:WyYKlv9pkt77b+LjMvPfwrsAxviaGCFhG4KDIy1ofLY=
+github.com/pires/go-proxyproto v0.2.0/go.mod h1:Odh9VFOZJCf9G8cLW5o435Xf1J95Jw9Gw5rnCjcwzAY=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=

diff --git a/server/connector_http.go b/server/connector_http.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"github.com/echocat/lingress/support"
+	"github.com/pires/go-proxyproto"
 	log "github.com/sirupsen/logrus"
 	"net"
 	"net/http"
@@ -18,6 +19,9 @@ type HttpConnector struct {
 	SoLinger       int16
 	MaxConnections uint16
 
+	// See https://www.haproxy.org/download/2.3/doc/proxy-protocol.txt
+	RespectProxyProtocol bool
+
 	Server       http.Server
 	ListenConfig net.ListenConfig
 }
@@ -57,6 +61,10 @@ func (instance *HttpConnector) Serve(stop support.Channel) error {
 	}
 	ln = newLimitedListener(instance.MaxConnections, instance.SoLinger, ln)
 
+	if instance.RespectProxyProtocol {
+		ln = &proxyproto.Listener{Listener: ln}
+	}
+
 	var serve func() error
 	if tlsConfig := instance.Server.TLSConfig; tlsConfig != nil {
 		serve = func() error {
@@ -83,11 +91,12 @@ func (instance *HttpConnector) Serve(stop support.Channel) error {
 }
 
 func (instance *HttpConnector) Shutdown() {
-	ctx, _ := context.WithTimeout(context.Background(), 5*time.Minute)
+	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Minute)
 	if err := instance.Server.Shutdown(ctx); err != nil {
 		log.WithError(err).
 			Warnf("cannot graceful shutdown %s proxy interface %s", instance.Id, instance.Server.Addr)
 	}
+	cancel()
 }
 
 func (instance *HttpConnector) flagName(prefix, suffix string) string {
@@ -127,6 +136,10 @@ func (instance *HttpConnector) RegisterFlag(fe support.FlagEnabled, appPrefix st
 		PlaceHolder(fmt.Sprint(instance.SoLinger)).
 		Envar(instance.serverFlagEnvVar(appPrefix, "SO_LINGER")).
 		Int16Var(&instance.SoLinger)
+	fe.Flag(instance.serverFlagName("proxyProtocol.respect"), "If set to true the proxy protocol will be respected. See: https://www.haproxy.org/download/2.3/doc/proxy-protocol.txt").
+		PlaceHolder(fmt.Sprint(instance.RespectProxyProtocol)).
+		Envar(instance.serverFlagEnvVar(appPrefix, "PROXY_PROTOCOL_RESPECT")).
+		BoolVar(&instance.RespectProxyProtocol)
 
 	fe.Flag(instance.clientFlagName("maxHeaderBytes"), "Maximum number of bytes the server will read parsing the request header's keys and values, including the request line. It does not limit the size of the request body.").
 		PlaceHolder(fmt.Sprint(instance.Server.MaxHeaderBytes)).