From f321bcdaceb87227dd4c3391bb1be1c2ba2ac1b1 Mon Sep 17 00:00:00 2001 From: Feng Lee Date: Wed, 22 Mar 2017 10:48:47 +0800 Subject: [PATCH] Support proxy protocol v1/2 config --- etc/emq.conf | 16 +++++++--------- priv/emq.schema | 40 ++++++---------------------------------- 2 files changed, 13 insertions(+), 43 deletions(-) diff --git a/etc/emq.conf b/etc/emq.conf index 49ec5ac10..94e7a4ecf 100644 --- a/etc/emq.conf +++ b/etc/emq.conf @@ -228,9 +228,9 @@ mqtt.listener.tcp.max_clients = 1024 ## Rate Limit. Format is 'burst,rate', Unit is KB/Sec ## mqtt.listener.tcp.rate_limit = 100,10 -## Proxy Protocol V1 -mqtt.listener.tcp.proxy_protocol = 1 -mqtt.listener.tcp.proxy_protocol_timeout = 10 +## Proxy Protocol V1/2 +## mqtt.listener.tcp.proxy_protocol = on +## mqtt.listener.tcp.proxy_protocol_timeout = 3s ## TCP Socket Options mqtt.listener.tcp.backlog = 1024 @@ -250,8 +250,10 @@ mqtt.listener.ssl.max_clients = 512 ## Rate Limit. Format is 'burst,rate', Unit is KB/Sec ## mqtt.listener.ssl.rate_limit = 100,10 -mqtt.listener.ssl.proxy_protocol = 1 -mqtt.listener.ssl.proxy_protocol_timeout = 10 + +## Proxy Protocol V1/2 +## mqtt.listener.ssl.proxy_protocol = on +## mqtt.listener.ssl.proxy_protocol_timeout = 3s ## Configuring SSL Options. See http://erlang.org/doc/man/ssl.html ### TLS only for POODLE attack @@ -268,10 +270,6 @@ mqtt.listener.http = 8083 mqtt.listener.http.acceptors = 4 mqtt.listener.http.max_clients = 64 -## Proxy Protocol V1 -mqtt.listener.http.proxy_protocol = 1 -mqtt.listener.http.proxy_protocol_timeout = 10 - ## HTTP(SSL) Listener mqtt.listener.https = 8084 mqtt.listener.https.acceptors = 4 diff --git a/priv/emq.schema b/priv/emq.schema index 3ef4fe60d..af77a8998 100644 --- a/priv/emq.schema +++ b/priv/emq.schema @@ -553,16 +553,13 @@ end}. ]}. {mapping, "mqtt.listener.tcp.proxy_protocol", "emqttd.listeners", [ - {default, 1}, - {datatype, integer}, - {validators, ["range:1-2"]}, - hidden + %%{default, off}, + {datatype, flag} ]}. {mapping, "mqtt.listener.tcp.proxy_protocol_timeout", "emqttd.listeners", [ - {default, 10}, - {datatype, integer}, - hidden + %%{default, "5s"}, + {datatype, {duration, ms}} ]}. {mapping, "mqtt.listener.tcp.backlog", "emqttd.listeners", [ @@ -615,12 +612,12 @@ end}. ]}. {mapping, "mqtt.listener.ssl.proxy_protocol", "emqttd.listeners", [ - {default, off}, + %%{default, off}, {datatype, flag} ]}. {mapping, "mqtt.listener.ssl.proxy_protocol_timeout", "emqttd.listeners", [ - {default, 5s}, + %%{default, "5s"}, {datatype, {duration, ms}} ]}. @@ -668,19 +665,6 @@ end}. {datatype, integer} ]}. -{mapping, "mqtt.listener.http.proxy_protocol", "emqttd.listeners", [ - {default, 1}, - {datatype, integer}, - {validators, ["range:1-2"]}, - hidden -]}. - -{mapping, "mqtt.listener.http.proxy_protocol_timeout", "emqttd.listeners", [ - {default, 10}, - {datatype, integer}, - hidden -]}. - {mapping, "mqtt.listener.https", "emqttd.listeners", [ %%{default, 8084}, {datatype, [integer, ip]} @@ -696,18 +680,6 @@ end}. {datatype, integer} ]}. -{mapping, "mqtt.listener.https.proxy_protocol", "emqttd.listeners", [ - {default, 1}, - {datatype, integer}, - {validators, ["range:1-2"]}, - hidden -]}. - -{mapping, "mqtt.listener.https.proxy_protocol_timeout", "emqttd.listeners", [ - {datatype, integer}, - hidden -]}. - {mapping, "mqtt.listener.https.handshake_timeout", "emqttd.listeners", [ {default, 15}, {datatype, integer}