Merge pull request #1476 from emqtt/ws-proxy

Fix issue #1335 - Forward real client IP using a reverse proxy for websocket
2018-01-28 15:12:19 +08:00 · 2018-01-28 15:12:19 +08:00 · f810698d7e
parent f70bf23440 707d338b0e
commit f810698d7e
3 changed files with 34 additions and 3 deletions
--- a/etc/emq.conf
+++ b/etc/emq.conf
@ -1084,6 +1084,10 @@ listener.ws.external.max_clients = 102400
 ## Value: ACL Rule
 listener.ws.external.access.1 = allow all

+## listener.ws.external.proxy_address_header = x-forwarded-for
+
+## listener.ws.external.proxy_port_header = x-remote-port
+
 ## Enable the Proxy Protocol V1/2 if the EMQ cluster is deployed behind
 ## HAProxy or Nginx.
 ##
@ -1200,6 +1204,10 @@ listener.wss.external.max_clients = 64
 ## Value: ACL Rule
 listener.wss.external.access.1 = allow all

+## listener.wss.external.proxy_address_header = x-forwarded-for
+
+## listener.wss.external.proxy_port_header = x-remote-port
+
 ## Enable the Proxy Protocol V1/2 support.
 ##
 ## See: listener.tcp.<name>.proxy_protocol
--- a/priv/emq.schema
+++ b/priv/emq.schema
@ -1029,6 +1029,16 @@ end}.
  {datatype, string}
 ]}.

+{mapping, "listener.ws.$name.proxy_port_header", "emqttd.listeners", [
+  {datatype, string},
+  hidden
+]}.
+
+{mapping, "listener.ws.$name.proxy_address_header", "emqttd.listeners", [
+  {datatype, string},
+  hidden
+]}.
+
 {mapping, "listener.ws.$name.proxy_protocol", "emqttd.listeners", [
  {datatype, flag}
 ]}.
@ -1115,6 +1125,16 @@ end}.
  {datatype, string}
 ]}.

+{mapping, "listener.wss.$name.proxy_port_header", "emqttd.listeners", [
+  {datatype, string},
+  hidden
+]}.
+
+{mapping, "listener.wss.$name.proxy_address_header", "emqttd.listeners", [
+  {datatype, string},
+  hidden
+]}.
+
 {mapping, "listener.wss.$name.proxy_protocol", "emqttd.listeners", [
  {datatype, flag}
 ]}.
@ -1244,7 +1264,9 @@ end}.
                           {proxy_protocol, cuttlefish:conf_get(Prefix ++ ".proxy_protocol", Conf, undefined)},
                           {proxy_protocol_timeout, cuttlefish:conf_get(Prefix ++ ".proxy_protocol_timeout", Conf, undefined)},
                           {mountpoint, MountPoint(cuttlefish:conf_get(Prefix ++ ".mountpoint", Conf, undefined))},
-                           {peer_cert_as_username, cuttlefish:conf_get(Prefix ++ ".peer_cert_as_username", Conf, undefined)}])
+                           {peer_cert_as_username, cuttlefish:conf_get(Prefix ++ ".peer_cert_as_username", Conf, undefined)},
+                           {proxy_port_header, cuttlefish:conf_get(Prefix ++ ".proxy_port_header", Conf, undefined)},
+                           {proxy_address_header, cuttlefish:conf_get(Prefix ++ ".proxy_address_header", Conf, undefined)}])
               end,

    LisOpts = fun(Prefix) ->
@ -1290,7 +1312,8 @@ end}.
                           undefined ->
                               [];
                           ListenOn ->
-                               [{Atom(Type), ListenOn, [{connopts, ConnOpts(Prefix)}, {sockopts, TcpOpts(Prefix)} | LisOpts(Prefix)]}]
+                               [{Atom(Type), ListenOn, [{connopts, ConnOpts(Prefix)},
+                                                        {sockopts, TcpOpts(Prefix)} | LisOpts(Prefix)]}]
                       end
                   end,

--- a/src/emqttd.app.src
+++ b/src/emqttd.app.src
@ -1,6 +1,6 @@
 {application,emqttd,
             [{description,"Erlang MQTT Broker"},
-              {vsn,"2.3.3"},
+              {vsn,"2.3.4"},
              {modules,[]},
              {registered,[emqttd_sup]},
              {applications,[kernel,stdlib,gproc,lager,esockd,mochiweb,