yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #778 from emqtt/proxy-protocol 

Support Proxy protocol V1/2
This commit is contained in:
Feng Lee 2017-03-22 10:20:57 +08:00 committed by GitHub
parent b3cb875eb2 942edad3c5
commit ee79412007
2 changed files with 61 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
etc/emq.conf
View File

@ -228,6 +228,10 @@ mqtt.listener.tcp.max_clients = 1024
## Rate Limit. Format is 'burst,rate', Unit is KB/Sec
## mqtt.listener.tcp.rate_limit = 100,10
## Proxy Protocol V1
mqtt.listener.tcp.proxy_protocol = 1
mqtt.listener.tcp.proxy_protocol_timeout = 10
## TCP Socket Options
mqtt.listener.tcp.backlog = 1024
## mqtt.listener.tcp.recbuf = 4096
@ -246,6 +250,8 @@ mqtt.listener.ssl.max_clients = 512
## Rate Limit. Format is 'burst,rate', Unit is KB/Sec
## mqtt.listener.ssl.rate_limit = 100,10
mqtt.listener.ssl.proxy_protocol = 1
mqtt.listener.ssl.proxy_protocol_timeout = 10
## Configuring SSL Options. See http://erlang.org/doc/man/ssl.html
### TLS only for POODLE attack
@ -262,6 +268,10 @@ mqtt.listener.http = 8083
mqtt.listener.http.acceptors = 4
mqtt.listener.http.max_clients = 64
## Proxy Protocol V1
mqtt.listener.http.proxy_protocol = 1
mqtt.listener.http.proxy_protocol_timeout = 10
## HTTP(SSL) Listener
mqtt.listener.https = 8084
mqtt.listener.https.acceptors = 4

52
priv/emq.schema
View File

@ -552,6 +552,19 @@ end}.
{datatype, string}
]}.
{mapping, "mqtt.listener.tcp.proxy_protocol", "emqttd.listeners", [
{default, 1},
{datatype, integer},
{validators, ["range:1-2"]},
hidden
]}.
{mapping, "mqtt.listener.tcp.proxy_protocol_timeout", "emqttd.listeners", [
{default, 10},
{datatype, integer},
hidden
]}.
{mapping, "mqtt.listener.tcp.backlog", "emqttd.listeners", [
{default, 1024},
{datatype, integer}
@ -601,6 +614,16 @@ end}.
{datatype, string}
]}.
{mapping, "mqtt.listener.ssl.proxy_protocol", "emqttd.listeners", [
{default, off},
{datatype, flag}
]}.
{mapping, "mqtt.listener.ssl.proxy_protocol_timeout", "emqttd.listeners", [
{default, 5s},
{datatype, {duration, ms}}
]}.
{mapping, "mqtt.listener.ssl.tls_versions", "emqttd.listeners", [
{datatype, string}
]}.
@ -645,6 +668,19 @@ end}.
{datatype, integer}
]}.
{mapping, "mqtt.listener.http.proxy_protocol", "emqttd.listeners", [
{default, 1},
{datatype, integer},
{validators, ["range:1-2"]},
hidden
]}.
{mapping, "mqtt.listener.http.proxy_protocol_timeout", "emqttd.listeners", [
{default, 10},
{datatype, integer},
hidden
]}.
{mapping, "mqtt.listener.https", "emqttd.listeners", [
%%{default, 8084},
{datatype, [integer, ip]}
@ -660,6 +696,18 @@ end}.
{datatype, integer}
]}.
{mapping, "mqtt.listener.https.proxy_protocol", "emqttd.listeners", [
{default, 1},
{datatype, integer},
{validators, ["range:1-2"]},
hidden
]}.
{mapping, "mqtt.listener.https.proxy_protocol_timeout", "emqttd.listeners", [
{datatype, integer},
hidden
]}.
{mapping, "mqtt.listener.https.handshake_timeout", "emqttd.listeners", [
{default, 15},
{datatype, integer}
@ -722,7 +770,9 @@ end}.
undefined ->
[];
Port ->
ConnOpts = Filter([{rate_limit, cuttlefish:conf_get(Key ++ ".rate_limit", Conf, undefined)}]),
ConnOpts = Filter([{rate_limit, cuttlefish:conf_get(Key ++ ".rate_limit", Conf, undefined)},
{proxy_protocol, cuttlefish:conf_get(Key ++ ".proxy_protocol", Conf, undefined)},
{proxy_protocol_timeout, cuttlefish:conf_get(Key ++ ".proxy_protocol_timeout", Conf, undefined)}]),
Opts = [{connopts, ConnOpts}, {sockopts, TcpOpts(Key)} | LisOpts(Key)],
[{Name, Port, case Name =:= ssl orelse Name =:= https of
true -> [{sslopts, SslOpts(Key)} | Opts];