From bceb72853dff279efc14dd5bbc051b5a38264beb Mon Sep 17 00:00:00 2001 From: Feng Lee Date: Sat, 2 Dec 2017 17:59:29 +0800 Subject: [PATCH] Fix issue #1335 - Forward real client IP using a reverse proxy for websocket --- etc/emq.conf | 8 ++++---- priv/emq.schema | 19 +++++++------------ 2 files changed, 11 insertions(+), 16 deletions(-) diff --git a/etc/emq.conf b/etc/emq.conf index 53f070f2d..e1f31e843 100644 --- a/etc/emq.conf +++ b/etc/emq.conf @@ -496,9 +496,9 @@ listener.ws.external.max_clients = 64 listener.ws.external.access.1 = allow all -listener.ws.external.proxy_ipaddress_header = x-forwarded-for +## listener.ws.external.proxy_address_header = x-forwarded-for -listener.ws.external.proxy_port_header = x-remote-port +## listener.ws.external.proxy_port_header = x-remote-port ## TCP Options listener.ws.external.backlog = 1024 @@ -522,9 +522,9 @@ listener.wss.external.max_clients = 64 listener.wss.external.access.1 = allow all -listener.wss.external.proxy_ipaddress_header = x-forwarded-for +## listener.wss.external.proxy_address_header = x-forwarded-for -listener.wss.external.proxy_port_header = x-remote-port +## listener.wss.external.proxy_port_header = x-remote-port ## SSL Options listener.wss.external.handshake_timeout = 15s diff --git a/priv/emq.schema b/priv/emq.schema index 7d756b434..7aba5304c 100644 --- a/priv/emq.schema +++ b/priv/emq.schema @@ -992,7 +992,7 @@ end}. hidden ]}. -{mapping, "listener.ws.$name.proxy_ipaddress_header", "emqttd.listeners", [ +{mapping, "listener.ws.$name.proxy_address_header", "emqttd.listeners", [ {datatype, string}, hidden ]}. @@ -1065,7 +1065,7 @@ end}. hidden ]}. -{mapping, "listener.wss.$name.proxy_ipaddress_header", "emqttd.listeners", [ +{mapping, "listener.wss.$name.proxy_address_header", "emqttd.listeners", [ {datatype, string}, hidden ]}. @@ -1147,13 +1147,6 @@ end}. end end, - WsProxyOpts = fun(Prefix) when Prefix =:= "listener.ws.external" orelse - Prefix =:= "listener.wss.external" -> - Filter([{proxy_port_header, cuttlefish:conf_get(Prefix ++ ".proxy_port_header", Conf, undefined)}, - {proxy_ipaddress_header, cuttlefish:conf_get(Prefix ++ ".proxy_ipaddress_header", Conf, undefined)}]); - (_) -> [] - end, - MountPoint = fun(undefined) -> undefined; (S) -> list_to_binary(S) end, ConnOpts = fun(Prefix) -> @@ -1162,7 +1155,9 @@ end}. {proxy_protocol, cuttlefish:conf_get(Prefix ++ ".proxy_protocol", Conf, undefined)}, {proxy_protocol_timeout, cuttlefish:conf_get(Prefix ++ ".proxy_protocol_timeout", Conf, undefined)}, {mountpoint, MountPoint(cuttlefish:conf_get(Prefix ++ ".mountpoint", Conf, undefined))}, - {peer_cert_as_username, cuttlefish:conf_get(Prefix ++ ".peer_cert_as_username", Conf, undefined)}]) + {peer_cert_as_username, cuttlefish:conf_get(Prefix ++ ".peer_cert_as_username", Conf, undefined)}, + {proxy_port_header, cuttlefish:conf_get(Prefix ++ ".proxy_port_header", Conf, undefined)}, + {proxy_address_header, cuttlefish:conf_get(Prefix ++ ".proxy_address_header", Conf, undefined)}]) end, LisOpts = fun(Prefix) -> @@ -1206,7 +1201,7 @@ end}. []; ListenOn -> [{Atom(Type), ListenOn, [{connopts, ConnOpts(Prefix)}, - {sockopts, TcpOpts(Prefix)} | LisOpts(Prefix) ++ WsProxyOpts(Prefix)]}] + {sockopts, TcpOpts(Prefix)} | LisOpts(Prefix)]}] end end, @@ -1218,7 +1213,7 @@ end}. ListenOn -> [{Atom(Type), ListenOn, [{connopts, ConnOpts(Prefix)}, {sockopts, TcpOpts(Prefix)}, - {sslopts, SslOpts(Prefix)} | LisOpts(Prefix) ++ WsProxyOpts(Prefix)]}] + {sslopts, SslOpts(Prefix)} | LisOpts(Prefix)]}] end end,