Merge pull request #778 from emqtt/proxy-protocol

Support Proxy protocol V1/2
This commit is contained in:
Feng Lee 2017-03-22 10:20:57 +08:00 committed by GitHub
commit ee79412007
2 changed files with 61 additions and 1 deletions

View File

@ -228,6 +228,10 @@ mqtt.listener.tcp.max_clients = 1024
## Rate Limit. Format is 'burst,rate', Unit is KB/Sec ## Rate Limit. Format is 'burst,rate', Unit is KB/Sec
## mqtt.listener.tcp.rate_limit = 100,10 ## mqtt.listener.tcp.rate_limit = 100,10
## Proxy Protocol V1
mqtt.listener.tcp.proxy_protocol = 1
mqtt.listener.tcp.proxy_protocol_timeout = 10
## TCP Socket Options ## TCP Socket Options
mqtt.listener.tcp.backlog = 1024 mqtt.listener.tcp.backlog = 1024
## mqtt.listener.tcp.recbuf = 4096 ## mqtt.listener.tcp.recbuf = 4096
@ -246,6 +250,8 @@ mqtt.listener.ssl.max_clients = 512
## Rate Limit. Format is 'burst,rate', Unit is KB/Sec ## Rate Limit. Format is 'burst,rate', Unit is KB/Sec
## mqtt.listener.ssl.rate_limit = 100,10 ## mqtt.listener.ssl.rate_limit = 100,10
mqtt.listener.ssl.proxy_protocol = 1
mqtt.listener.ssl.proxy_protocol_timeout = 10
## Configuring SSL Options. See http://erlang.org/doc/man/ssl.html ## Configuring SSL Options. See http://erlang.org/doc/man/ssl.html
### TLS only for POODLE attack ### TLS only for POODLE attack
@ -262,6 +268,10 @@ mqtt.listener.http = 8083
mqtt.listener.http.acceptors = 4 mqtt.listener.http.acceptors = 4
mqtt.listener.http.max_clients = 64 mqtt.listener.http.max_clients = 64
## Proxy Protocol V1
mqtt.listener.http.proxy_protocol = 1
mqtt.listener.http.proxy_protocol_timeout = 10
## HTTP(SSL) Listener ## HTTP(SSL) Listener
mqtt.listener.https = 8084 mqtt.listener.https = 8084
mqtt.listener.https.acceptors = 4 mqtt.listener.https.acceptors = 4

View File

@ -552,6 +552,19 @@ end}.
{datatype, string} {datatype, string}
]}. ]}.
{mapping, "mqtt.listener.tcp.proxy_protocol", "emqttd.listeners", [
{default, 1},
{datatype, integer},
{validators, ["range:1-2"]},
hidden
]}.
{mapping, "mqtt.listener.tcp.proxy_protocol_timeout", "emqttd.listeners", [
{default, 10},
{datatype, integer},
hidden
]}.
{mapping, "mqtt.listener.tcp.backlog", "emqttd.listeners", [ {mapping, "mqtt.listener.tcp.backlog", "emqttd.listeners", [
{default, 1024}, {default, 1024},
{datatype, integer} {datatype, integer}
@ -601,6 +614,16 @@ end}.
{datatype, string} {datatype, string}
]}. ]}.
{mapping, "mqtt.listener.ssl.proxy_protocol", "emqttd.listeners", [
{default, off},
{datatype, flag}
]}.
{mapping, "mqtt.listener.ssl.proxy_protocol_timeout", "emqttd.listeners", [
{default, 5s},
{datatype, {duration, ms}}
]}.
{mapping, "mqtt.listener.ssl.tls_versions", "emqttd.listeners", [ {mapping, "mqtt.listener.ssl.tls_versions", "emqttd.listeners", [
{datatype, string} {datatype, string}
]}. ]}.
@ -645,6 +668,19 @@ end}.
{datatype, integer} {datatype, integer}
]}. ]}.
{mapping, "mqtt.listener.http.proxy_protocol", "emqttd.listeners", [
{default, 1},
{datatype, integer},
{validators, ["range:1-2"]},
hidden
]}.
{mapping, "mqtt.listener.http.proxy_protocol_timeout", "emqttd.listeners", [
{default, 10},
{datatype, integer},
hidden
]}.
{mapping, "mqtt.listener.https", "emqttd.listeners", [ {mapping, "mqtt.listener.https", "emqttd.listeners", [
%%{default, 8084}, %%{default, 8084},
{datatype, [integer, ip]} {datatype, [integer, ip]}
@ -660,6 +696,18 @@ end}.
{datatype, integer} {datatype, integer}
]}. ]}.
{mapping, "mqtt.listener.https.proxy_protocol", "emqttd.listeners", [
{default, 1},
{datatype, integer},
{validators, ["range:1-2"]},
hidden
]}.
{mapping, "mqtt.listener.https.proxy_protocol_timeout", "emqttd.listeners", [
{datatype, integer},
hidden
]}.
{mapping, "mqtt.listener.https.handshake_timeout", "emqttd.listeners", [ {mapping, "mqtt.listener.https.handshake_timeout", "emqttd.listeners", [
{default, 15}, {default, 15},
{datatype, integer} {datatype, integer}
@ -722,7 +770,9 @@ end}.
undefined -> undefined ->
[]; [];
Port -> Port ->
ConnOpts = Filter([{rate_limit, cuttlefish:conf_get(Key ++ ".rate_limit", Conf, undefined)}]), ConnOpts = Filter([{rate_limit, cuttlefish:conf_get(Key ++ ".rate_limit", Conf, undefined)},
{proxy_protocol, cuttlefish:conf_get(Key ++ ".proxy_protocol", Conf, undefined)},
{proxy_protocol_timeout, cuttlefish:conf_get(Key ++ ".proxy_protocol_timeout", Conf, undefined)}]),
Opts = [{connopts, ConnOpts}, {sockopts, TcpOpts(Key)} | LisOpts(Key)], Opts = [{connopts, ConnOpts}, {sockopts, TcpOpts(Key)} | LisOpts(Key)],
[{Name, Port, case Name =:= ssl orelse Name =:= https of [{Name, Port, case Name =:= ssl orelse Name =:= https of
true -> [{sslopts, SslOpts(Key)} | Opts]; true -> [{sslopts, SslOpts(Key)} | Opts];