Add PROXY protocol support to tcp inbound #103
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
kslr
approved these changes
Aug 19, 2020
RPRX
reviewed
Aug 19, 2020
|
https://github.com/pires/go-proxyproto 这里的实现考虑了 passthrough 的情况。测试过不用反向代理或者haproxy不加 send-proxy 也正常。当然后者的情况log里就还是127.0.01了。 |
|
测试看起来坏掉了,等会到家修一修 |
根据 PROXY protocol 的原理,并不能完美区分发送方是否使用了 PROXY protocol(比如如果流量本身就有相同的头部,则会被误判)。这个库如何区分是否 PROXY protocol 需要研究,但如果 v2ray 只能同时接收它,则必定会导致:
所以加开关是必要的,比如 bool acceptProxyProtocol(至于开关的位置,则不一定在 tcpSettings 内) |
|
增加了相应的开关 默认为 false,此时跟之前的处理方式一致,即不接受 PROXY 头。 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This commit adds PROXY protocol (v1 & v2) support to tcp inbound ("network": "tcp" in streamSettings). So with a properly configured reverse proxy, we can see real client IPs, not lots of 127.0.0.1, in access log.