Caddy: proxy module should support the proxy protocols for upstreams
Afaik caddy only supports the proxy protocol in the "frontend" (so another proxy is connecting using the proxy protocol to caddy). Caddy does not support using the proxy protocol to connect to upstreams, according to the documentation at https://caddyserver.com/docs/proxy:
to is the destination endpoint to proxy to. ... If a scheme (http/https/quic/srv) ...
It should be possible to use "proxy" as a scheme.
gucki
All 10 comments
Can you please go into more detail of what/how this would work? Will close for now, since the issue template was not filled out with sufficient information. Can reopen if filled out with enough information to be actionable.
mholt
on 19 Sep 2019
1. What would you like to have changed?
It should be possible to use the proxy protocol not only for incomming but also outgoing (proxied) requests.
2. Why is this feature a useful, necessary, and/or important addition to this project?
It'd improve caddy's value as a proxy because it could pass along the real client-ip in a way many other applications support (see https://www.haproxy.com/de/blog/haproxy/proxy-protocol/) and does not rely on setting specific headers (X-Forwarded-For, ...).
3. What alternatives are there, or what are you doing in the meantime to work around the lack of this feature?
Use haproxy.
4. Please link to any relevant issues, pull requests, or other discussions.
gucki
on 20 Sep 2019
Thanks. So as I understand it, you want the proxy to receive an HTTP request and then establish a PROXY protocol connection to a backend?
mholt
on 20 Sep 2019
Yes, exactly. This way caddy could be used as an alternative to, for example, haproxy.
gucki
on 20 Sep 2019
Have you seen https://caddyserver.com/docs/http.proxyprotocol?
mholt
on 20 Sep 2019
Yes, but this is only for the frontend, right? So caddy sitting behind a proxy which talks the proxy-protocol to caddy. But it'll not make caddy (better: the caddy proxy module) talk to it's backends using the proxy-protocol, right?
gucki
on 20 Sep 2019
@mastercactapus I know you have some expertise in this area. Would you be interested in working together to add PROXY protocol to Caddy 2, both in the front and to proxy backends?
mholt
on 16 Oct 2019
@mholt Absolutely. Most of the work for the protocol stuff is handled here (WriteTo should work for upstreams): https://godoc.org/github.com/mastercactapus/proxyprotocol
We should work through things like how requests would work with keepalive enabled to the upstream, but very doable I imagine.
mastercactapus
on 17 Oct 2019
Cool. I would need to help make sure that listeners or connections can be wrapped (on the front-side of things). I'm down for working on this whenever!
mholt
on 17 Oct 2019
This would be pretty amazing for talking to Varnish.
mwpastore
on 4 Dec 2019
Related issues
jgsqware
路
3Comments
klaasel
路
3Comments
whs
路
3Comments
mschneider82
路
3Comments
aeroxy
路
3Comments
Most helpful comment
@mholt Absolutely. Most of the work for the protocol stuff is handled here (WriteTo should work for upstreams): https://godoc.org/github.com/mastercactapus/proxyprotocol
We should work through things like how requests would work with keepalive enabled to the upstream, but very doable I imagine.