Add proxyprotocol support to TLS listener

2025-04-28 22:25:07 +03:00 · 2022-11-13 12:06:12 +08:00 · 2022-11-13 12:06:12 +08:00 · 788b36617a
commit 788b36617a
parent ae24f5de38
4 changed files with 18 additions and 1 deletions
--- a/go.mod
+++ b/go.mod
@ -12,6 +12,7 @@ require (
 	github.com/kardianos/minwinsvc v1.0.2
 	github.com/mitchellh/mapstructure v1.4.1
 	github.com/vishvananda/netlink v1.1.0
+	github.com/pires/go-proxyproto v0.6.2
 	golang.org/x/mobile v0.0.0-20221110043201-43a038452099
 	golang.org/x/net v0.0.0-20221014081412-f15817d10f9b
 	golang.org/x/sys v0.0.0-20221013171732-95e765b1cc43
--- a/go.sum
+++ b/go.sum
@ -34,6 +34,8 @@ github.com/mitchellh/mapstructure v1.4.1 h1:CpVNEelQCZBooIPDn+AR3NpivK/TIKU8bDxd
 github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N7AbDhec=
 github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
+github.com/pires/go-proxyproto v0.6.2 h1:KAZ7UteSOt6urjme6ZldyFm4wDe/z0ZUP0Yv0Dos0d8=
+github.com/pires/go-proxyproto v0.6.2/go.mod h1:Odh9VFOZJCf9G8cLW5o435Xf1J95Jw9Gw5rnCjcwzAY=
 github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
--- a/src/core/link.go
+++ b/src/core/link.go
@ -52,6 +52,7 @@ type link struct {
 type linkOptions struct {
 	pinnedEd25519Keys map[keyArray]struct{}
 	priority          uint8
+	proxyprotocol     bool
 }

 type Listener struct {
@ -428,5 +429,8 @@ func linkOptionsForListener(u *url.URL) (l linkOptions) {
 			l.priority = uint8(pi)
 		}
 	}
+	if p := u.Query().Get("proxyprotocol"); p == "true" {
+		l.proxyprotocol = true
+	}
 	return
 }
--- a/src/core/link_tls.go
+++ b/src/core/link_tls.go
@ -17,6 +17,7 @@ import (
 	"time"

 	"github.com/Arceliar/phony"
+	"github.com/pires/go-proxyproto"
 )

 type linkTLS struct {
@ -90,7 +91,16 @@ func (l *linkTLS) listen(url *url.URL, sintf string) (*Listener, error) {
 		cancel()
 		return nil, err
 	}
-	tlslistener := tls.NewListener(listener, l.config)
+	var tlslistener net.Listener
+	var proxylistener proxyproto.Listener
+	linkoptions := linkOptionsForListener(url)
+	if linkoptions.proxyprotocol {
+		proxylistener = proxyproto.Listener{Listener: listener}
+		tlslistener = tls.NewListener(&proxylistener, l.config)
+		l.core.log.Printf("ProxyProtocol enabled for TLS listener %s", listener.Addr())
+	} else {
+		tlslistener = tls.NewListener(listener, l.config)
+	}
 	entry := &Listener{
 		Listener: tlslistener,
 		closed:   make(chan struct{}),