Add support for the PROXY protocol

[Jonty]

Gorouter does not support the PROXY protocol meaning that SSL terminators placed in front of it cannot pass on the client IP address.

This is a problem for us because we have an AWS ELB in front of gorouter operating in TCP mode, as ELB in HTTP mode (which would inject X-Forwarded-For headers) does not support websockets.

A horrid workaround is to colocate something like HAProxy that understands the PROXY protocol and can add an X-Forwarded-For header using the address passed via PROXY.

[cf-gitbot]

We have created an issue in Pivotal Tracker to manage this. You can view the current status of your issue at: https://www.pivotaltracker.com/story/show/116601821.

[shalako]

Hello @Jonty

Do you specifically want to send gorouter the source IP for websocket requests? Or are you losing client info for HTTP requests as a result of running your ELB in TCP Mode (because you also want to support websockets)?

Are you serving HTTP and websocket requests on the same port on your ELB? Have you considered serving these requests on different ports? The team running Pivotal Web Services (http://run.pivotal.io/) have configured their ELB to listen on ports 80 and 443 in HTTP mode, and port 4443 in TCP mode (in support of websockets). So client info comes through for HTTP requests, but not (I assume, based on your request) for websocket requests.

Thank you

[Jonty]

@shalako

• Yes, we lose client info (specifically IP addresses) as a result of running the ELB in TCP mode, which is unacceptable to the platform tenants.
• Tenants also require that websockets have the correct source address.
• And it's not an option for us to have websockets on a non-standard port.

[shalako]

#126 was merged