Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add PROXY protocol line support #35

Open
pquerna opened this issue Dec 23, 2013 · 4 comments
Open

Add PROXY protocol line support #35

pquerna opened this issue Dec 23, 2013 · 4 comments
Labels
enhancement

Comments

@pquerna
Copy link
Contributor

pquerna commented Dec 23, 2013

For these reasons Vulcan should support the PROXY protocol line.

Library for doing this is here:
https://github.com/racker/go-proxy-protocol

cc @songgao
@songgao
Copy link

songgao commented Dec 24, 2013

I was looking into this the other day. It seems that it's non-trivial to make Vulcan to accept PROXY line, because the http package in Go doesn't support serving a given connection, or io.ReadWriter etc. What it supports is either serving a existing listener, or "ListenAndServe". It needs to accept connections itself. Also, there's no easy way to hijack incoming connections either. You can, however, hijack in a handler, where http package already parsed the request and hijacking would cause http not writing into the connection anymore.

I think there are only two ways to implement PROXY protocol with http package:

  1. Fork the http package, to either 1) allow hijacking incoming connections; or 2) allow serving connections (rather than only listeners)
  2. Create a relay. For each incoming connection that consists HTTP request, the relay 1) accepts the TCP connection; 2) then consumes the PROXY line if it exists; 3) initiate a new TCP connection to the actual HTTP server that's maintained by http package; 4) and then io.Copy from the old connection to the new connection.

Method 1 requires more work and introduces maintenance work if it's not merged into golang project. Method 2 seems simple and will not require much maintenance work in the future, but is less efficient. The question is how much overhead it introduces in context of everything else that Vulcan does?

@pquerna
Copy link
Contributor Author

pquerna commented Dec 24, 2013

Similar to how for ListenAndServeTLS to work with Server Name Indication, I think it might be possible to make our own ListenAndServe?

See this example Code:

https://groups.google.com/d/msg/golang-nuts/rUm2iYTdrU4/PaEBya4dzvoJ

@songgao
Copy link

songgao commented Dec 26, 2013

@pquerna Please correct me if I'm wrong: did you mean we make a listener (like tls.NewListener, line 1747 in http://golang.org/src/pkg/net/http/server.go) that http serves on, and the listener would take the PROXY line? But how could we pass the infomation in PROXY line through http all the way to vulcan?

I was thinking about making a drop-in replacement for http in go-proxy-protocol that takes PROXY line during accepting a connection, and amends something in http.Request. Does that sound good?

@songgao
Copy link

songgao commented Dec 29, 2013

Here's a drop-in alternative to net/http that supports ProxyProtocol: songgao/go.http#1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pquerna @songgao