Add support for PROXY protocol

core/src/main/java/io/confluent/rest/ApplicationServer.java

@@ -27,10 +27,12 @@
 import org.eclipse.jetty.http2.server.HTTP2ServerConnectionFactory;
 import org.eclipse.jetty.http2.server.HTTP2CServerConnectionFactory;
 import org.eclipse.jetty.jmx.MBeanContainer;
+import org.eclipse.jetty.server.ConnectionFactory;
 import org.eclipse.jetty.server.Handler;
 import org.eclipse.jetty.server.HttpConfiguration;
 import org.eclipse.jetty.server.HttpConnectionFactory;
 import org.eclipse.jetty.server.NetworkTrafficServerConnector;
+import org.eclipse.jetty.server.ProxyConnectionFactory;
 import org.eclipse.jetty.server.Server;
 import org.eclipse.jetty.server.SslConnectionFactory;
 import org.eclipse.jetty.server.handler.ContextHandlerCollection;
@@ -416,6 +418,9 @@ private void configureConnectors(SslContextFactory sslContextFactory) {
     final boolean http2Enabled = isJava11Compatible()
                               && config.getBoolean(RestConfig.HTTP2_ENABLED_CONFIG);
 
+    final boolean proxyProtocolEnabled =
+        config.getBoolean(RestConfig.PROXY_CONNECTION_FACTORY_ENABLED_CONFIG);
+
     @SuppressWarnings("deprecation")
     List<NamedURI> listeners = parseListeners(
         config.getList(RestConfig.LISTENERS_CONFIG),
@@ -424,14 +429,17 @@ private void configureConnectors(SslContextFactory sslContextFactory) {
         SUPPORTED_URI_SCHEMES, "http");
 
     for (NamedURI listener : listeners) {
-      addConnectorForListener(httpConfiguration, httpConnectionFactory, listener, http2Enabled);
+      addConnectorForListener(httpConfiguration, httpConnectionFactory, listener,
+              http2Enabled, proxyProtocolEnabled);
     }
   }
 
   private void addConnectorForListener(HttpConfiguration httpConfiguration,
                                        HttpConnectionFactory httpConnectionFactory,
                                        NamedURI listener,
-                                       boolean http2Enabled) {
+                                       boolean http2Enabled,
+                                       boolean proxyProtocolEnabled) {
+    ArrayList<ConnectionFactory> connectionFactories = new ArrayList<>();
     NetworkTrafficServerConnector connector;
 
     if (http2Enabled) {
@@ -441,9 +449,13 @@ private void addConnectorForListener(HttpConfiguration httpConfiguration,
         final HTTP2CServerConnectionFactory h2cConnectionFactory =
                 new HTTP2CServerConnectionFactory(httpConfiguration);
 
+        if (proxyProtocolEnabled) {
+          connectionFactories.add(new ProxyConnectionFactory(httpConnectionFactory.getProtocol()));
+        }
+
         // The order of HTTP and HTTP/2 is significant here but it's not clear why :)
-        connector = new NetworkTrafficServerConnector(this, null, null, null, 0, 0,
-                httpConnectionFactory, h2cConnectionFactory);
+        connectionFactories.add(httpConnectionFactory);
+        connectionFactories.add(h2cConnectionFactory);
       } else {
         final HTTP2ServerConnectionFactory h2ConnectionFactory =
                 new HTTP2ServerConnectionFactory(httpConfiguration);
@@ -454,11 +466,19 @@ private void addConnectorForListener(HttpConfiguration httpConfiguration,
         SslConnectionFactory sslConnectionFactory = new SslConnectionFactory(sslContextFactory,
                 alpnConnectionFactory.getProtocol());
 
-        connector = new NetworkTrafficServerConnector(this, null, null, null, 0, 0,
-                sslConnectionFactory, alpnConnectionFactory, h2ConnectionFactory,
-                httpConnectionFactory);
+        if (proxyProtocolEnabled) {
+          connectionFactories.add(new ProxyConnectionFactory(sslConnectionFactory.getProtocol()));
+        }
+
+        connectionFactories.add(sslConnectionFactory);
+        connectionFactories.add(alpnConnectionFactory);
+        connectionFactories.add(h2ConnectionFactory);
+        connectionFactories.add(httpConnectionFactory);
       }
 
+      connector = new NetworkTrafficServerConnector(this, null, null, null, 0, 0,
+              connectionFactories.toArray(new ConnectionFactory[0]));
+
       // In Jetty 9.4.37, there was a change in behaviour to implement RFC 7230 more
       // rigorously and remove support for ambiguous URIs, such as escaping
       // . and / characters. While this is a good idea because it prevents clever
@@ -471,11 +491,25 @@ private void addConnectorForListener(HttpConfiguration httpConfiguration,
     } else {
       log.info("Adding listener: " + listener);
       if (listener.uri.getScheme().equals("http")) {
-        connector = new NetworkTrafficServerConnector(this, httpConnectionFactory);
+        if (proxyProtocolEnabled) {
+          connectionFactories.add(new ProxyConnectionFactory(httpConnectionFactory.getProtocol()));
+        }
+
+        connectionFactories.add(httpConnectionFactory);
       } else {
-        connector = new NetworkTrafficServerConnector(this, httpConnectionFactory,
-                sslContextFactory);
+        SslConnectionFactory sslConnectionFactory = new SslConnectionFactory(sslContextFactory,
+                httpConnectionFactory.getProtocol());
+
+        if (proxyProtocolEnabled) {
+          connectionFactories.add(new ProxyConnectionFactory(sslConnectionFactory.getProtocol()));
+        }
+
+        connectionFactories.add(sslConnectionFactory);
+        connectionFactories.add(httpConnectionFactory);
       }
+
+      connector = new NetworkTrafficServerConnector(this, null, null, null, 0, 0,
+              connectionFactories.toArray(new ConnectionFactory[0]));
     }
 
     connector.setPort(listener.getUri().getPort());

core/src/main/java/io/confluent/rest/RestConfig.java

@@ -446,6 +446,13 @@ public class RestConfig extends AbstractConfig {
           + "Java 11 JVM or later. Default is true.";
   protected static final boolean HTTP2_ENABLED_DEFAULT = true;
 
+  public static final String PROXY_CONNECTION_FACTORY_ENABLED_CONFIG =
+      "proxy.connection.factory.enabled";
+  protected static final String PROXY_CONNECTION_FACTORY_ENABLED_DOC =
+      "If true, support PROXY protocol requests using "
+          + "org.eclipse.jetty.server.ProxyConnectionFactory";
+  protected static final boolean PROXY_CONNECTION_FACTORY_ENALBED_DEFAULT = true;
+
   public static ConfigDef baseConfigDef() {
     return baseConfigDef(
         PORT_CONFIG_DEFAULT,
@@ -921,6 +928,12 @@ private static ConfigDef incompleteBaseConfigDef() {
             LISTENER_PROTOCOL_MAP_DEFAULT,
             Importance.LOW,
             LISTENER_PROTOCOL_MAP_DOC
+        ).define(
+            PROXY_CONNECTION_FACTORY_ENABLED_CONFIG,
+            Type.BOOLEAN,
+            PROXY_CONNECTION_FACTORY_ENALBED_DEFAULT,
+            Importance.LOW,
+            PROXY_CONNECTION_FACTORY_ENABLED_DOC
         );
   }