Lack of proxy protocol is a non-starter.

You can't be running this stuff in a cluster behind a cloud load balancer and then not be able to listen with proxy protocol. Without it, the applications lose the IP information from the origin client. Geo-based content becomes impossible.

I'm going to look at the source code to see if this is an easy fix. Seems like a checkbox or toggle is all that would be needed as proxy_protocol is just a single directive that goes with the listener line in NGINX.

Correct yes a simple toggle in the UI would be enough to get this moving, saved to the db table and the backend template just needs to know about that value.

This kind of thing wasn't part of the project's goal. It's generally not expected that people using this for their home gateway would be using a load balancer or HA.

I did some digging through the source code and I can see how to add support for this. There are models to update, etc. But.. you are correct. I also reviewed a few other things and concluded that this is a good system for a home lab, but it can't do things like setup backend streams or sets of target servers for load balancing. And without that, it would be pretty senseless to add proxy protocol because anyone utilizing proxy protocol is most certainly doing so to load balance their services.

I wouldn't mind using this in a homelab environment myself, but the problem is that I usually need to mimic the production environment as closely as possible so that I can see how things will (hopefully) work in the real world.

I think I will still spin this up though and play with it.

I would like to support adding listen ssl proxy_protocol,
Thanks.
like this:
listen 443 ssl http2 proxy_protocol;

I'm looking forward to adding this option!

Hopefully I'd see this feature get supported soon.
I can think of one instance where support of proxy protocol is great for home settings: Users with two or more WANs.
Personally my old test setup with dual-wan + proxy is like this:

This also works well if you have multiple domains that you want to serve from different machines.

You can use a load balancer that splits the traffic using SNI (so it doesn't need to know about the certificate) and then proxies it on so originating IP data isn't lost.

Hello @jc21

Is there any update is it going to be added?

Strongly needed, can this feature be included in the development plan

Is this still going to be added? I need proxy protocol support for my setup, really don't want to move off of NPM.

I want to setup https://github.com/stalwartlabs/mail-server in my home environment, and I only have 1 public IP. Therefore, NPM handles all my traffic. But for stalwart mail server, I need the proxy to be able to speak PROXY protocol: https://stalw.art/docs/server/reverse-proxy/proxy-protocol

I want to setup https://github.com/stalwartlabs/mail-server in my home environment, and I only have 1 public IP. Therefore, NPM handles all my traffic. But for stalwart mail server, I need the proxy to be able to speak PROXY protocol: https://stalw.art/docs/server/reverse-proxy/proxy-protocol

Have you checked out SWAG? Since there seems to be no movement on this I migrated to SWAG since you get more flexibility; it's essentially nginx with some pre-configurations (you lose the GUI). I still prefer NPM but needed proxy protocol support, may be worth checking out if you need it also.

I want to setup stalwartlabs/mail-server in my home environment, and I only have 1 public IP. Therefore, NPM handles all my traffic. But for stalwart mail server, I need the proxy to be able to speak PROXY protocol: stalw.art/docs/server/reverse-proxy/proxy-protocol

Do you need NPM to proxy all ports explicitly?
I'm running docker-mailserver next to NPM just fine, with the latter listening on 80+443 and the former on all the mail stuff like 25 or 143.

Unless you have things like custom load balancing set up in your NPM config that you want to leverage by setting up a stream module, you shouldn't need NPM as a middle-man on mail ports.

You can theoretically send the smtp imap ports directly to stalwart and only send the port 8080 for the gui via NPM, but then you have to include the certificates I think