Proxy protocol support fo outgoing connections

[tkald]

As I understand, fabio supports incoming proxy protocol connections.
What about outgoing connections?

CLIENT (ip 1.2.3.4) ---> Fabio (ip 5.6.7.8) ---> webserver (ip 9.10.11.12)

For now, webserver sees requests originating from ip 5.6.7.8 not from client ip 1.2.3.4.

I know, there are x-forwarded-for headers...

Since nginx supports incoming proxy protocol connections, would be nice if fabio could provide that output with http and tcp.

[magiconair]

It doesn't support the PROXY protocol for outgoing connections but that sounds like a good idea. I'll add it to the list.

[magiconair]

I've refactored the listeners and servers in the release-branch-1.4 to prepare for this. I want to finish the generic TCP proxying support first but aim for including this in the 1.4 release or shortly thereafter.

[lukas2511]

I also would like to see this feature.
I'm currently using haproxy in front of a few nginx boxes using proxy protocol and I'd like to switch to fabio for a more dynamic setup.

For now I've tried to implement this myself but since I didn't know a nice way to get to route tags / options inside of the SNI Proxy I wasn't able to make the PROXY header optional... Since I also have software running that doesn't understand the proxy protocol I need to have both options and I'd like to run both on the same port, works perfectly with haproxy.

I am hoping that your version will have an option to set the header on an as-needed basis so a single port can be shared between tcp+sni and (what i call it) tcp+sni+proxy.

My very crude implementation can be found here: lukas2511@deaa518
It's not 100% correctly implemented (e.g. fixed TCP4 for now), but it worked for me while playing around with the software.

[magiconair]

Hmm, that looks simple enough to be added as a listener option like read/write timeout. No need to duplicate the entire proxy for that. Let me see whether I can cook something up tomorrow or so.

[magiconair]

I'm wondering whether this is something that needs to be configurable per upstream server, e.g. some upstream servers want PROXY protocol and others don't? @lukas2511 @tkald what's your take on that?

The reason I'm asking is that there is currently no support for upstream servers announcing their capabilities. This isn't difficult to add but more work than a global switch.

[lukas2511]

@magiconair I would like to have this on a per-route basis, upstream server shouldn't be involved in making this decision, just the consul services.

[magiconair]

@lukas2511 since the route is announced by the upstream server through consul it needs to advertise this somehow. How do you envision this to work?

[lukas2511]

@magiconair the project readme has a few examples for other tags:

# HTTP/S examples
[...]
urlprefix-/foo/bar strip=/foo    # route with path stripping (forward only '/bar' to upstream)
# TCP examples
urlprefix-:3306 proto=tcp        # route external port 3306

Maybe something like

urlprefix-example.com/ proxy

Or is this not possible?

[lukas2511]

Sorry i think I just misunderstood what you meant with "upstream server", for me that was the upstream webserver, but now I notice that you mean the whole system, so yea, this should come from the upstream server, sorry for the confusion.

[pashinin]

Thank you for 1.5.11 release. It helped me to understand that I actually have a problem described in this issue. I thought Fabio can talk Proxy protocol in any direction. Hope this will be fixed.

[magiconair]

@pashinin Right now I have almost no time to work on this project other than urgent bug fixes and merging contributions. If you need this feature then the best chance is to submit a PR.

[aaronhurt]

I'd be happy to review/comment on the PR.

[bkmit]

@leprechau FYI: Proxy protocol for outgoing connections implemented on PR #598

[pashinin]

Tested Fabio with mentioned PR. Works with 2 Exim servers configured for Proxy protocol.
If you want you can docker pull pashinin/fabio:fix-191

[magiconair]

Then let’s merge