walkero
/
nghttp2
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Merge branch 'nghttpx-fronend-proxyproto'

This commit is contained in:
Tatsuhiro Tsujikawa 2017-01-03 17:28:20 +09:00
parent 528af200b6 5f2cf461e6
commit b064d8a9ff
5 changed files with 25 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
integration-tests/server_tester.go
View File

@ -103,6 +103,7 @@ func newServerTesterInternal(src_args []string, t *testing.T, handler http.Handl
backendTLS := false backendTLS := false
dns := false dns := false
externalDNS := false externalDNS := false
acceptProxyProtocol := false
for _, k := range src_args { for _, k := range src_args {
switch k { switch k {
case "--http2-bridge": case "--http2-bridge":
@ -112,6 +113,8 @@ func newServerTesterInternal(src_args []string, t *testing.T, handler http.Handl
case "--external-dns": case "--external-dns":
dns = true dns = true
externalDNS = true externalDNS = true
case "--accept-proxy-protocol":
acceptProxyProtocol = true
default: default:
args = append(args, k) args = append(args, k)
} }
@ -160,12 +163,17 @@ func newServerTesterInternal(src_args []string, t *testing.T, handler http.Handl
b += ";dns" b += ";dns"
} }
noTLS := "no-tls" noTLS := ";no-tls"
if frontendTLS { if frontendTLS {
noTLS = "" noTLS = ""
} }
args = append(args, fmt.Sprintf("-f127.0.0.1,%v;%v", serverPort, noTLS), b, var proxyProto string
if acceptProxyProtocol {
proxyProto = ";proxyproto"
}
args = append(args, fmt.Sprintf("-f127.0.0.1,%v%v%v", serverPort, noTLS, proxyProto), b,
"--errorlog-file="+logDir+"/log.txt", "-LINFO") "--errorlog-file="+logDir+"/log.txt", "-LINFO")
authority := fmt.Sprintf("127.0.0.1:%v", connectPort) authority := fmt.Sprintf("127.0.0.1:%v", connectPort)

6
src/shrpx.cc
View File

@ -1694,6 +1694,10 @@ Connections:
default. Any requests which come through this address default. Any requests which come through this address
are replied with 200 HTTP status, without no body. are replied with 200 HTTP status, without no body.
To accept PROXY protocol version 1 on frontend
connection, specify "proxyproto" parameter. This is
disabled by default.
Default: *,3000 Default: *,3000
--backlog=<N> --backlog=<N>
Set listen backlog size. Set listen backlog size.
@ -1718,8 +1722,6 @@ Connections:
timeouts when connecting and making CONNECT request can timeouts when connecting and making CONNECT request can
be specified by --backend-read-timeout and be specified by --backend-read-timeout and
--backend-write-timeout options. --backend-write-timeout options.
--accept-proxy-protocol
Accept PROXY protocol version 1 on frontend connection.
Performance: Performance:
-n, --workers=<N> -n, --workers=<N>

3
src/shrpx_client_handler.cc
View File

@ -413,7 +413,8 @@ ClientHandler::ClientHandler(Worker *worker, int fd, SSL *ssl,
auto config = get_config(); auto config = get_config();
if (config->conn.upstream.accept_proxy_protocol) { if (faddr_->accept_proxy_protocol ||
config->conn.upstream.accept_proxy_protocol) {
read_ = &ClientHandler::read_clear; read_ = &ClientHandler::read_clear;
write_ = &ClientHandler::noop; write_ = &ClientHandler::noop;
on_read_ = &ClientHandler::proxy_protocol_read; on_read_ = &ClientHandler::proxy_protocol_read;

6
src/shrpx_config.cc
View File

@ -677,6 +677,7 @@ int parse_memcached_connection_params(MemcachedConnectionParams &out,
struct UpstreamParams { struct UpstreamParams {
int alt_mode; int alt_mode;
bool tls; bool tls;
bool proxyproto;
}; };
namespace { namespace {
@ -705,6 +706,8 @@ int parse_upstream_params(UpstreamParams &out, const StringRef &src_params) {
return -1; return -1;
} }
out.alt_mode = ALTMODE_HEALTHMON; out.alt_mode = ALTMODE_HEALTHMON;
} else if (util::strieq_l("proxyproto", param)) {
out.proxyproto = true;
} else if (!param.empty()) { } else if (!param.empty()) {
LOG(ERROR) << "frontend: " << param << ": unknown keyword"; LOG(ERROR) << "frontend: " << param << ": unknown keyword";
return -1; return -1;
@ -2091,6 +2094,7 @@ int parse_config(Config *config, int optid, const StringRef &opt,
addr.fd = -1; addr.fd = -1;
addr.tls = params.tls; addr.tls = params.tls;
addr.alt_mode = params.alt_mode; addr.alt_mode = params.alt_mode;
addr.accept_proxy_protocol = params.proxyproto;
if (addr.alt_mode == ALTMODE_API) { if (addr.alt_mode == ALTMODE_API) {
apiconf.enabled = true; apiconf.enabled = true;
@ -2883,6 +2887,8 @@ int parse_config(Config *config, int optid, const StringRef &opt,
#endif // !HAVE_MRUBY #endif // !HAVE_MRUBY
return 0; return 0;
case SHRPX_OPTID_ACCEPT_PROXY_PROTOCOL: case SHRPX_OPTID_ACCEPT_PROXY_PROTOCOL:
LOG(WARN) << opt << ": deprecated. Use proxyproto keyword in "
<< SHRPX_OPT_FRONTEND << " instead.";
config->conn.upstream.accept_proxy_protocol = util::strieq_l("yes", optarg); config->conn.upstream.accept_proxy_protocol = util::strieq_l("yes", optarg);
return 0; return 0;

3
src/shrpx_config.h
View File

@ -382,6 +382,8 @@ struct UpstreamAddr {
bool host_unix; bool host_unix;
// true if TLS is enabled. // true if TLS is enabled.
bool tls; bool tls;
// true if client is supposed to send PROXY protocol v1 header.
bool accept_proxy_protocol;
int fd; int fd;
}; };
@ -775,6 +777,7 @@ struct ConnectionConfig {
RateLimitConfig write; RateLimitConfig write;
} ratelimit; } ratelimit;
size_t worker_connections; size_t worker_connections;
// Deprecated. See UpstreamAddr.accept_proxy_protocol.
bool accept_proxy_protocol; bool accept_proxy_protocol;
} upstream; } upstream;