Merge pull request #778 from emqtt/proxy-protocol

Support Proxy protocol V1/2

etc/emq.conf

@@ -228,6 +228,10 @@ mqtt.listener.tcp.max_clients = 1024
 ## Rate Limit. Format is 'burst,rate', Unit is KB/Sec
 ## mqtt.listener.tcp.rate_limit = 100,10
 
+## Proxy Protocol V1
+mqtt.listener.tcp.proxy_protocol = 1
+mqtt.listener.tcp.proxy_protocol_timeout = 10
+
 ## TCP Socket Options
 mqtt.listener.tcp.backlog = 1024
 ## mqtt.listener.tcp.recbuf = 4096
@@ -246,6 +250,8 @@ mqtt.listener.ssl.max_clients = 512
 
 ## Rate Limit. Format is 'burst,rate', Unit is KB/Sec
 ## mqtt.listener.ssl.rate_limit = 100,10
+mqtt.listener.ssl.proxy_protocol = 1
+mqtt.listener.ssl.proxy_protocol_timeout = 10
 
 ## Configuring SSL Options. See http://erlang.org/doc/man/ssl.html
 ### TLS only for POODLE attack
@@ -262,6 +268,10 @@ mqtt.listener.http = 8083
 mqtt.listener.http.acceptors = 4
 mqtt.listener.http.max_clients = 64
 
+## Proxy Protocol V1
+mqtt.listener.http.proxy_protocol = 1
+mqtt.listener.http.proxy_protocol_timeout = 10
+
 ## HTTP(SSL) Listener
 mqtt.listener.https = 8084
 mqtt.listener.https.acceptors = 4

priv/emq.schema

@@ -552,6 +552,19 @@ end}.
   {datatype, string}
 ]}.
 
+{mapping, "mqtt.listener.tcp.proxy_protocol", "emqttd.listeners", [
+  {default, 1},
+  {datatype, integer},
+  {validators, ["range:1-2"]},
+  hidden
+]}.
+
+{mapping, "mqtt.listener.tcp.proxy_protocol_timeout", "emqttd.listeners", [
+  {default, 10},
+  {datatype, integer},
+  hidden
+]}.
+
 {mapping, "mqtt.listener.tcp.backlog", "emqttd.listeners", [
   {default, 1024},
   {datatype, integer}
@@ -601,6 +614,16 @@ end}.
   {datatype, string}
 ]}.
 
+{mapping, "mqtt.listener.ssl.proxy_protocol", "emqttd.listeners", [
+  {default, off},
+  {datatype, flag}
+]}.
+
+{mapping, "mqtt.listener.ssl.proxy_protocol_timeout", "emqttd.listeners", [
+  {default, 5s},
+  {datatype, {duration, ms}}
+]}.
+
 {mapping, "mqtt.listener.ssl.tls_versions", "emqttd.listeners", [
   {datatype, string}
 ]}.
@@ -645,6 +668,19 @@ end}.
   {datatype, integer}
 ]}.
 
+{mapping, "mqtt.listener.http.proxy_protocol", "emqttd.listeners", [
+  {default, 1},
+  {datatype, integer},
+  {validators, ["range:1-2"]},
+  hidden
+]}.
+
+{mapping, "mqtt.listener.http.proxy_protocol_timeout", "emqttd.listeners", [
+  {default, 10},
+  {datatype, integer},
+  hidden
+]}.
+
 {mapping, "mqtt.listener.https", "emqttd.listeners", [
   %%{default, 8084},
   {datatype, [integer, ip]}
@@ -660,6 +696,18 @@ end}.
   {datatype, integer}
 ]}.
 
+{mapping, "mqtt.listener.https.proxy_protocol", "emqttd.listeners", [
+  {default, 1},
+  {datatype, integer},
+  {validators, ["range:1-2"]},
+  hidden
+]}.
+
+{mapping, "mqtt.listener.https.proxy_protocol_timeout", "emqttd.listeners", [
+  {datatype, integer},
+  hidden
+]}.
+
 {mapping, "mqtt.listener.https.handshake_timeout", "emqttd.listeners", [
   {default, 15},
   {datatype, integer}
@@ -722,7 +770,9 @@ end}.
                         undefined ->
                             [];
                         Port ->
-                            ConnOpts = Filter([{rate_limit, cuttlefish:conf_get(Key ++ ".rate_limit", Conf, undefined)}]),
+                            ConnOpts = Filter([{rate_limit, cuttlefish:conf_get(Key ++ ".rate_limit", Conf, undefined)},
+                                               {proxy_protocol, cuttlefish:conf_get(Key ++ ".proxy_protocol", Conf, undefined)},
+                                               {proxy_protocol_timeout, cuttlefish:conf_get(Key ++ ".proxy_protocol_timeout", Conf, undefined)}]),
                             Opts = [{connopts, ConnOpts}, {sockopts, TcpOpts(Key)} | LisOpts(Key)],
                             [{Name, Port, case Name =:= ssl orelse Name =:= https of
                                               true  -> [{sslopts, SslOpts(Key)} | Opts];