PROXY Protocol¶
GOST support for proxy protocol depends on the pires/go-proxyproto library.
Receive Proxy Protocol Header¶
The GOST service supports the receiving PROXY protocol(v1/v2). When the service is behind other proxy service (such as Nginx), the PROXY protocol is used to obtain the real IP of the client.
Enable PROXY protocol function with the proxyProtocol
option.
Tip
After the PROXY protocol function is enabled, the client is not forced to send PROXY protocol header, and the service will automatically determine whether there is PROXY protocol header based on the received data.
Example¶
Port 8000 simulates a reverse proxy service and forwards data to the following 8080 service. Port 8080 is a port forwarding service.
When accessing port 8000, the client IP obtained by the service on port 8080 is 127.0.0.1.
{
"client":"127.0.0.1:53574",
"handler":"tcp",
"kind":"handler",
"level":"info",
"listener":"tcp",
"local":"127.0.0.1:8080",
"msg":"127.0.0.1:53574 <> 127.0.0.1:8080",
"remote":"127.0.0.1:53574",
"service":"service-1"
}
If the client sends PROXY protocol header, the 8080 port service can get the real IP of the client.
{
"client":"192.168.100.100:57208",
"handler":"tcp",
"kind":"handler",
"level":"info",
"listener":"tcp",
"local":"127.0.0.1:8080",
"msg":"127.0.0.1:41700 <> 127.0.0.1:8080",
"remote":"127.0.0.1:41700",
"service":"service-1"
}
Send Proxy Protocol Header¶
3.2.1
GOST supports sending proxy protocol header to upstream forwarding nodes and proxy nodes to inform the upstream nodes of the real IP address.
Port Forwarding Node¶
Enable sending of proxy protocol headers by using proxyProtocol
option on the handler.
The handler.proxyProtocol
is a scoped parameter that applies to the handler. If use proxyProtocol
directly, it applies to the service level.
Proxy Node¶
Limitation
The proxy protocol function currently does not support the UDP protocol.