[MEDIUM] server: add support for the "send-proxy" option
This option enables use of the PROXY protocol with the server, which
allows haproxy to transport original client's address across multiple
architecture layers.
diff --git a/doc/configuration.txt b/doc/configuration.txt
index 1bba57f..fa5038f 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -6647,6 +6647,21 @@
Supported in default-server: Yes
+send-proxy
+ The "send-proxy" parameter enforces use of the PROXY protocol over any
+ connection established to this server. The PROXY protocol informs the other
+ end about the layer 3/4 addresses of the incoming connection, so that it can
+ know the client's address or the public address it accessed to, whatever the
+ upper layer protocol. For connections accepted by an "accept-proxy" listener,
+ the advertised address will be used. Only TCPv4 and TCPv6 address families
+ are supported. Other families such as Unix sockets, will report an UNKNOWN
+ family. Servers using this option can fully be chained to another instance of
+ haproxy listening with an "accept-proxy" setting. This setting must not be
+ used if the server isn't aware of the protocol. See also the "accept-proxy"
+ option of the "bind" keyword.
+
+ Supported in default-server: No
+
slowstart <start_time_in_ms>
The "slowstart" parameter for a server accepts a value in milliseconds which
indicates after how long a server which has just come back up will run at
diff --git a/include/types/server.h b/include/types/server.h
index c697457..fb31215 100644
--- a/include/types/server.h
+++ b/include/types/server.h
@@ -1,23 +1,23 @@
/*
- include/types/server.h
- This file defines everything related to servers.
-
- Copyright (C) 2000-2009 Willy Tarreau - w@1wt.eu
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation, version 2.1
- exclusively.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with this library; if not, write to the Free Software
- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/
+ * include/types/server.h
+ * This file defines everything related to servers.
+ *
+ * Copyright (C) 2000-2011 Willy Tarreau - w@1wt.eu
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation, version 2.1
+ * exclusively.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ */
#ifndef _TYPES_SERVER_H
#define _TYPES_SERVER_H
@@ -53,6 +53,7 @@
#define SRV_TPROXY_CLI 0x0300 /* bind to the client's IP+port to reach this server */
#define SRV_TPROXY_DYN 0x0400 /* bind to a dynamically computed non-local address */
#define SRV_TPROXY_MASK 0x0700 /* bind to a non-local address to reach this server */
+#define SRV_SEND_PROXY 0x0800 /* this server talks the PROXY protocol */
/* function which act on servers need to return various errors */
#define SRV_STATUS_OK 0 /* everything is OK. */
diff --git a/src/backend.c b/src/backend.c
index 93a8fc8..397216d 100644
--- a/src/backend.c
+++ b/src/backend.c
@@ -971,6 +971,14 @@
s->req->cons->connect = tcp_connect_server;
copy_target(&s->req->cons->target, &s->target);
+ /* process the case where the server requires the PROXY protocol to be sent */
+ s->req->cons->send_proxy_ofs = 0;
+ if (s->target.type == TARG_TYPE_SERVER && (s->target.ptr.s->state & SRV_SEND_PROXY)) {
+ s->req->cons->send_proxy_ofs = 1; /* must compute size */
+ if (!(s->flags & SN_FRT_ADDR_SET))
+ get_frt_addr(s);
+ }
+
assign_tproxy_address(s);
err = s->req->cons->connect(s->req->cons);
diff --git a/src/cfgparse.c b/src/cfgparse.c
index b5e077a..9cc23d1 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -4167,6 +4167,10 @@
newsrv->state |= SRV_BACKUP;
cur_arg ++;
}
+ else if (!defsrv && !strcmp(args[cur_arg], "send-proxy")) {
+ newsrv->state |= SRV_SEND_PROXY;
+ cur_arg ++;
+ }
else if (!strcmp(args[cur_arg], "weight")) {
int w;
w = atol(args[cur_arg + 1]);
@@ -4454,7 +4458,7 @@
}
else {
if (!defsrv)
- Alert("parsing [%s:%d] : server %s only supports options 'backup', 'cookie', 'redir', 'observer', 'on-error', 'error-limit', 'check', 'disabled', 'track', 'id', 'inter', 'fastinter', 'downinter', 'rise', 'fall', 'addr', 'port', 'source', 'minconn', 'maxconn', 'maxqueue', 'slowstart' and 'weight'.\n",
+ Alert("parsing [%s:%d] : server %s only supports options 'backup', 'cookie', 'redir', 'observer', 'on-error', 'error-limit', 'check', 'disabled', 'track', 'id', 'inter', 'fastinter', 'downinter', 'rise', 'fall', 'addr', 'port', 'source', 'send-proxy', 'minconn', 'maxconn', 'maxqueue', 'slowstart' and 'weight'.\n",
file, linenum, newsrv->id);
else
Alert("parsing [%s:%d]: default-server only supports options 'on-error', 'error-limit', 'inter', 'fastinter', 'downinter', 'rise', 'fall', 'port', 'minconn', 'maxconn', 'maxqueue', 'slowstart' and 'weight'.\n",