From 41d212c7b744a3b0a77dd5b2bdb8a90e9fecbf09 Mon Sep 17 00:00:00 2001 From: Gregor Noczinski Date: Wed, 21 Oct 2020 18:11:56 +0200 Subject: [PATCH] Added support for PROXY Protocol --- go.mod | 1 + go.sum | 2 ++ server/connector_http.go | 15 ++++++++++++++- 3 files changed, 17 insertions(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 8ba1bb9..023bd12 100644 --- a/go.mod +++ b/go.mod @@ -9,6 +9,7 @@ require ( github.com/imdario/mergo v0.3.7 github.com/nicksnyder/go-i18n/v2 v2.0.0-beta.6 github.com/onsi/gomega v1.4.3 + github.com/pires/go-proxyproto v0.2.0 github.com/pkg/errors v0.9.1 github.com/prometheus/client_golang v1.7.1 github.com/satori/go.uuid v1.2.0 diff --git a/go.sum b/go.sum index 2bf4002..639b73c 100644 --- a/go.sum +++ b/go.sum @@ -129,6 +129,8 @@ github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1Cpa github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= +github.com/pires/go-proxyproto v0.2.0 h1:WyYKlv9pkt77b+LjMvPfwrsAxviaGCFhG4KDIy1ofLY= +github.com/pires/go-proxyproto v0.2.0/go.mod h1:Odh9VFOZJCf9G8cLW5o435Xf1J95Jw9Gw5rnCjcwzAY= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= diff --git a/server/connector_http.go b/server/connector_http.go index ac14a2b..35647dc 100644 --- a/server/connector_http.go +++ b/server/connector_http.go @@ -4,6 +4,7 @@ import ( "context" "fmt" "github.com/echocat/lingress/support" + "github.com/pires/go-proxyproto" log "github.com/sirupsen/logrus" "net" "net/http" @@ -18,6 +19,9 @@ type HttpConnector struct { SoLinger int16 MaxConnections uint16 + // See https://www.haproxy.org/download/2.3/doc/proxy-protocol.txt + RespectProxyProtocol bool + Server http.Server ListenConfig net.ListenConfig } @@ -57,6 +61,10 @@ func (instance *HttpConnector) Serve(stop support.Channel) error { } ln = newLimitedListener(instance.MaxConnections, instance.SoLinger, ln) + if instance.RespectProxyProtocol { + ln = &proxyproto.Listener{Listener: ln} + } + var serve func() error if tlsConfig := instance.Server.TLSConfig; tlsConfig != nil { serve = func() error { @@ -83,11 +91,12 @@ func (instance *HttpConnector) Serve(stop support.Channel) error { } func (instance *HttpConnector) Shutdown() { - ctx, _ := context.WithTimeout(context.Background(), 5*time.Minute) + ctx, cancel := context.WithTimeout(context.Background(), 5*time.Minute) if err := instance.Server.Shutdown(ctx); err != nil { log.WithError(err). Warnf("cannot graceful shutdown %s proxy interface %s", instance.Id, instance.Server.Addr) } + cancel() } func (instance *HttpConnector) flagName(prefix, suffix string) string { @@ -127,6 +136,10 @@ func (instance *HttpConnector) RegisterFlag(fe support.FlagEnabled, appPrefix st PlaceHolder(fmt.Sprint(instance.SoLinger)). Envar(instance.serverFlagEnvVar(appPrefix, "SO_LINGER")). Int16Var(&instance.SoLinger) + fe.Flag(instance.serverFlagName("proxyProtocol.respect"), "If set to true the proxy protocol will be respected. See: https://www.haproxy.org/download/2.3/doc/proxy-protocol.txt"). + PlaceHolder(fmt.Sprint(instance.RespectProxyProtocol)). + Envar(instance.serverFlagEnvVar(appPrefix, "PROXY_PROTOCOL_RESPECT")). + BoolVar(&instance.RespectProxyProtocol) fe.Flag(instance.clientFlagName("maxHeaderBytes"), "Maximum number of bytes the server will read parsing the request header's keys and values, including the request line. It does not limit the size of the request body."). PlaceHolder(fmt.Sprint(instance.Server.MaxHeaderBytes)).