Merge pull request #778 from emqtt/proxy-protocol
Support Proxy protocol V1/2
This commit is contained in:
commit
ee79412007
10
etc/emq.conf
10
etc/emq.conf
|
@ -228,6 +228,10 @@ mqtt.listener.tcp.max_clients = 1024
|
||||||
## Rate Limit. Format is 'burst,rate', Unit is KB/Sec
|
## Rate Limit. Format is 'burst,rate', Unit is KB/Sec
|
||||||
## mqtt.listener.tcp.rate_limit = 100,10
|
## mqtt.listener.tcp.rate_limit = 100,10
|
||||||
|
|
||||||
|
## Proxy Protocol V1
|
||||||
|
mqtt.listener.tcp.proxy_protocol = 1
|
||||||
|
mqtt.listener.tcp.proxy_protocol_timeout = 10
|
||||||
|
|
||||||
## TCP Socket Options
|
## TCP Socket Options
|
||||||
mqtt.listener.tcp.backlog = 1024
|
mqtt.listener.tcp.backlog = 1024
|
||||||
## mqtt.listener.tcp.recbuf = 4096
|
## mqtt.listener.tcp.recbuf = 4096
|
||||||
|
@ -246,6 +250,8 @@ mqtt.listener.ssl.max_clients = 512
|
||||||
|
|
||||||
## Rate Limit. Format is 'burst,rate', Unit is KB/Sec
|
## Rate Limit. Format is 'burst,rate', Unit is KB/Sec
|
||||||
## mqtt.listener.ssl.rate_limit = 100,10
|
## mqtt.listener.ssl.rate_limit = 100,10
|
||||||
|
mqtt.listener.ssl.proxy_protocol = 1
|
||||||
|
mqtt.listener.ssl.proxy_protocol_timeout = 10
|
||||||
|
|
||||||
## Configuring SSL Options. See http://erlang.org/doc/man/ssl.html
|
## Configuring SSL Options. See http://erlang.org/doc/man/ssl.html
|
||||||
### TLS only for POODLE attack
|
### TLS only for POODLE attack
|
||||||
|
@ -262,6 +268,10 @@ mqtt.listener.http = 8083
|
||||||
mqtt.listener.http.acceptors = 4
|
mqtt.listener.http.acceptors = 4
|
||||||
mqtt.listener.http.max_clients = 64
|
mqtt.listener.http.max_clients = 64
|
||||||
|
|
||||||
|
## Proxy Protocol V1
|
||||||
|
mqtt.listener.http.proxy_protocol = 1
|
||||||
|
mqtt.listener.http.proxy_protocol_timeout = 10
|
||||||
|
|
||||||
## HTTP(SSL) Listener
|
## HTTP(SSL) Listener
|
||||||
mqtt.listener.https = 8084
|
mqtt.listener.https = 8084
|
||||||
mqtt.listener.https.acceptors = 4
|
mqtt.listener.https.acceptors = 4
|
||||||
|
|
|
@ -552,6 +552,19 @@ end}.
|
||||||
{datatype, string}
|
{datatype, string}
|
||||||
]}.
|
]}.
|
||||||
|
|
||||||
|
{mapping, "mqtt.listener.tcp.proxy_protocol", "emqttd.listeners", [
|
||||||
|
{default, 1},
|
||||||
|
{datatype, integer},
|
||||||
|
{validators, ["range:1-2"]},
|
||||||
|
hidden
|
||||||
|
]}.
|
||||||
|
|
||||||
|
{mapping, "mqtt.listener.tcp.proxy_protocol_timeout", "emqttd.listeners", [
|
||||||
|
{default, 10},
|
||||||
|
{datatype, integer},
|
||||||
|
hidden
|
||||||
|
]}.
|
||||||
|
|
||||||
{mapping, "mqtt.listener.tcp.backlog", "emqttd.listeners", [
|
{mapping, "mqtt.listener.tcp.backlog", "emqttd.listeners", [
|
||||||
{default, 1024},
|
{default, 1024},
|
||||||
{datatype, integer}
|
{datatype, integer}
|
||||||
|
@ -601,6 +614,16 @@ end}.
|
||||||
{datatype, string}
|
{datatype, string}
|
||||||
]}.
|
]}.
|
||||||
|
|
||||||
|
{mapping, "mqtt.listener.ssl.proxy_protocol", "emqttd.listeners", [
|
||||||
|
{default, off},
|
||||||
|
{datatype, flag}
|
||||||
|
]}.
|
||||||
|
|
||||||
|
{mapping, "mqtt.listener.ssl.proxy_protocol_timeout", "emqttd.listeners", [
|
||||||
|
{default, 5s},
|
||||||
|
{datatype, {duration, ms}}
|
||||||
|
]}.
|
||||||
|
|
||||||
{mapping, "mqtt.listener.ssl.tls_versions", "emqttd.listeners", [
|
{mapping, "mqtt.listener.ssl.tls_versions", "emqttd.listeners", [
|
||||||
{datatype, string}
|
{datatype, string}
|
||||||
]}.
|
]}.
|
||||||
|
@ -645,6 +668,19 @@ end}.
|
||||||
{datatype, integer}
|
{datatype, integer}
|
||||||
]}.
|
]}.
|
||||||
|
|
||||||
|
{mapping, "mqtt.listener.http.proxy_protocol", "emqttd.listeners", [
|
||||||
|
{default, 1},
|
||||||
|
{datatype, integer},
|
||||||
|
{validators, ["range:1-2"]},
|
||||||
|
hidden
|
||||||
|
]}.
|
||||||
|
|
||||||
|
{mapping, "mqtt.listener.http.proxy_protocol_timeout", "emqttd.listeners", [
|
||||||
|
{default, 10},
|
||||||
|
{datatype, integer},
|
||||||
|
hidden
|
||||||
|
]}.
|
||||||
|
|
||||||
{mapping, "mqtt.listener.https", "emqttd.listeners", [
|
{mapping, "mqtt.listener.https", "emqttd.listeners", [
|
||||||
%%{default, 8084},
|
%%{default, 8084},
|
||||||
{datatype, [integer, ip]}
|
{datatype, [integer, ip]}
|
||||||
|
@ -660,6 +696,18 @@ end}.
|
||||||
{datatype, integer}
|
{datatype, integer}
|
||||||
]}.
|
]}.
|
||||||
|
|
||||||
|
{mapping, "mqtt.listener.https.proxy_protocol", "emqttd.listeners", [
|
||||||
|
{default, 1},
|
||||||
|
{datatype, integer},
|
||||||
|
{validators, ["range:1-2"]},
|
||||||
|
hidden
|
||||||
|
]}.
|
||||||
|
|
||||||
|
{mapping, "mqtt.listener.https.proxy_protocol_timeout", "emqttd.listeners", [
|
||||||
|
{datatype, integer},
|
||||||
|
hidden
|
||||||
|
]}.
|
||||||
|
|
||||||
{mapping, "mqtt.listener.https.handshake_timeout", "emqttd.listeners", [
|
{mapping, "mqtt.listener.https.handshake_timeout", "emqttd.listeners", [
|
||||||
{default, 15},
|
{default, 15},
|
||||||
{datatype, integer}
|
{datatype, integer}
|
||||||
|
@ -722,7 +770,9 @@ end}.
|
||||||
undefined ->
|
undefined ->
|
||||||
[];
|
[];
|
||||||
Port ->
|
Port ->
|
||||||
ConnOpts = Filter([{rate_limit, cuttlefish:conf_get(Key ++ ".rate_limit", Conf, undefined)}]),
|
ConnOpts = Filter([{rate_limit, cuttlefish:conf_get(Key ++ ".rate_limit", Conf, undefined)},
|
||||||
|
{proxy_protocol, cuttlefish:conf_get(Key ++ ".proxy_protocol", Conf, undefined)},
|
||||||
|
{proxy_protocol_timeout, cuttlefish:conf_get(Key ++ ".proxy_protocol_timeout", Conf, undefined)}]),
|
||||||
Opts = [{connopts, ConnOpts}, {sockopts, TcpOpts(Key)} | LisOpts(Key)],
|
Opts = [{connopts, ConnOpts}, {sockopts, TcpOpts(Key)} | LisOpts(Key)],
|
||||||
[{Name, Port, case Name =:= ssl orelse Name =:= https of
|
[{Name, Port, case Name =:= ssl orelse Name =:= https of
|
||||||
true -> [{sslopts, SslOpts(Key)} | Opts];
|
true -> [{sslopts, SslOpts(Key)} | Opts];
|
||||||
|
|
Loading…
Reference in New Issue