Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

--haproxy-protocol doesn't work with --unix-socket #7290

Closed
jvgutierrez opened this issue Jun 23, 2021 · 0 comments
Closed

--haproxy-protocol doesn't work with --unix-socket #7290

jvgutierrez opened this issue Jun 23, 2021 · 0 comments
Labels
connecting & proxies

Comments

@jvgutierrez
Copy link

I did this

~# curl --haproxy-protocol --unix-socket /run/varnish-frontend.socket -k -v -H "X-Forwarded-Proto: https" http://127.0.0.1:80/
* Expire in 0 ms for 6 (transfer 0x55a23e318fb0)
*   Trying /run/varnish-frontend.socket...
* Expire in 200 ms for 4 (transfer 0x55a23e318fb0)
* Connected to 127.0.0.1 (/run/varnish-frontend.socket) port 80 (#0)
> PROXY TCP4  /run/varnish-frontend.socket 0 0
* Send failure: Broken pipe
* Failed sending HTTP request
* Connection #0 to host 127.0.0.1 left intact
curl: (55) Send failure: Broken pipe

I expected the following

From the curl verbose output pasted above, you can see a wrongly formated PROXYv1 protocol request:

PROXY TCP4  /run/varnish-frontend.socket 0 0

From the PROXY v1 protocol spec https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt it should look like PROXY TCP4 IP IP PORT PORT or PROXY UNKNOWN. I guess that to be able to provide anything else than PROXY UNKNOWN an additional parameter should be implemented in curl to allow specifying the source IP of the connection.

curl/libcurl version

curl 7.64.0 (x86_64-pc-linux-gnu) libcurl/7.64.0 OpenSSL/1.1.1d zlib/1.2.11 libidn2/2.0.5 libpsl/0.20.2 (+libidn2/2.0.5) libssh2/1.8.0 nghttp2/1.36.0 librtmp/2.3
Release-Date: 2019-02-06
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp 
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy PSL

operating system

Linux traffic-cache-atsupload-buster 4.19.0-16-amd64 #1 SMP Debian 4.19.181-1 (2021-03-19) x86_64 GNU/Linux
bagder added a commit that referenced this issue Jun 23, 2021
@bagder
http: make the haproxy support work with unix domain sockets
43e1a2f 
... it should then pass on "PROXY UNKNOWN" since it doesn't know the
involved IP addresses.

Reported-by: Valentín Gutiérrez
Fixes #7290
@bagder bagder mentioned this issue Jun 23, 2021
Closed
@bagder bagder closed this as completed in a629506 Jun 24, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
connecting & proxies
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

http: make the haproxy support work with unix domain sockets curl/curl
2 participants
@bagder @jvgutierrez