Get client's addr/port from proxy header if enable proxy_protocol
This commit is contained in:
JianBo He
zhanghongtong
parent
909efa2020
commit
0ebd36b011
|
|
@ -1399,18 +1399,6 @@ listener.ws.external.access.1 = allow all
|
|||
## Value: on | off
|
||||
listener.ws.external.verify_protocol_header = on
|
||||
|
||||
## Use X-Forwarded-For header for real source IP if the EMQ X cluster is
|
||||
## deployed behind NGINX or HAProxy.
|
||||
##
|
||||
## Value: String
|
||||
## listener.ws.external.proxy_address_header = X-Forwarded-For
|
||||
|
||||
## Use X-Forwarded-Port header for real source port if the EMQ X cluster is
|
||||
## deployed behind NGINX or HAProxy.
|
||||
##
|
||||
## Value: String
|
||||
## listener.ws.external.proxy_port_header = X-Forwarded-Port
|
||||
|
||||
## Enable the Proxy Protocol V1/2 if the EMQ cluster is deployed behind
|
||||
## HAProxy or Nginx.
|
||||
##
|
||||
|
|
|
|||
|
|
@ -1310,16 +1310,6 @@ end}.
|
|||
{datatype, flag}
|
||||
]}.
|
||||
|
||||
{mapping, "listener.ws.$name.proxy_address_header", "emqx.listeners", [
|
||||
{datatype, string},
|
||||
hidden
|
||||
]}.
|
||||
|
||||
{mapping, "listener.ws.$name.proxy_port_header", "emqx.listeners", [
|
||||
{datatype, string},
|
||||
hidden
|
||||
]}.
|
||||
|
||||
{mapping, "listener.ws.$name.proxy_protocol", "emqx.listeners", [
|
||||
{datatype, flag}
|
||||
]}.
|
||||
|
|
@ -1467,16 +1457,6 @@ end}.
|
|||
{datatype, string}
|
||||
]}.
|
||||
|
||||
{mapping, "listener.wss.$name.proxy_address_header", "emqx.listeners", [
|
||||
{datatype, string},
|
||||
hidden
|
||||
]}.
|
||||
|
||||
{mapping, "listener.wss.$name.proxy_port_header", "emqx.listeners", [
|
||||
{datatype, string},
|
||||
hidden
|
||||
]}.
|
||||
|
||||
{mapping, "listener.wss.$name.proxy_protocol", "emqx.listeners", [
|
||||
{datatype, flag}
|
||||
]}.
|
||||
|
|
@ -1681,11 +1661,9 @@ end}.
|
|||
{proxy_protocol_timeout, cuttlefish:conf_get(Prefix ++ ".proxy_protocol_timeout", Conf, undefined)},
|
||||
{verify_protocol_header, cuttlefish:conf_get(Prefix ++ ".verify_protocol_header", Conf, undefined)},
|
||||
{peer_cert_as_username, cuttlefish:conf_get(Prefix ++ ".peer_cert_as_username", Conf, undefined)},
|
||||
{proxy_port_header, cuttlefish:conf_get(Prefix ++ ".proxy_port_header", Conf, undefined)},
|
||||
{compress, cuttlefish:conf_get(Prefix ++ ".compress", Conf, undefined)},
|
||||
{idle_timeout, cuttlefish:conf_get(Prefix ++ ".idle_timeout", Conf, undefined)},
|
||||
{max_frame_size, cuttlefish:conf_get(Prefix ++ ".max_frame_size", Conf, undefined)},
|
||||
{proxy_address_header, cuttlefish:conf_get(Prefix ++ ".proxy_address_header", Conf, undefined)} | AccOpts(Prefix)])
|
||||
{max_frame_size, cuttlefish:conf_get(Prefix ++ ".max_frame_size", Conf, undefined)} | AccOpts(Prefix)])
|
||||
end,
|
||||
DeflateOpts = fun(Prefix) ->
|
||||
Filter([{level, cuttlefish:conf_get(Prefix ++ ".deflate_opts.level", Conf, undefined)},
|
||||
|
|
|
|||
|
|
@ -191,7 +191,13 @@ init(Req, Opts) ->
|
|||
end.
|
||||
|
||||
websocket_init([Req, Opts]) ->
|
||||
Peername = cowboy_req:peer(Req),
|
||||
Peername = case proplists:get_bool(proxy_protocol, Opts)
|
||||
andalso maps:get(proxy_header, Req) of
|
||||
#{src_address := SrcAddr, src_port := SrcPort} ->
|
||||
{SrcAddr, SrcPort};
|
||||
_ ->
|
||||
cowboy_req:peer(Req)
|
||||
end,
|
||||
Sockname = cowboy_req:sock(Req),
|
||||
Peercert = cowboy_req:cert(Req),
|
||||
WsCookie = try cowboy_req:parse_cookies(Req)
|
||||
|
|
|
|||
Loading…
Reference in New Issue