Merge pull request #1476 from emqtt/ws-proxy

Fix issue #1335 - Forward real client IP using a reverse proxy for websocket

etc/emq.conf

@@ -1084,6 +1084,10 @@ listener.ws.external.max_clients = 102400
 ## Value: ACL Rule
 listener.ws.external.access.1 = allow all
 
+## listener.ws.external.proxy_address_header = x-forwarded-for
+
+## listener.ws.external.proxy_port_header = x-remote-port
+
 ## Enable the Proxy Protocol V1/2 if the EMQ cluster is deployed behind
 ## HAProxy or Nginx.
 ##
@@ -1200,6 +1204,10 @@ listener.wss.external.max_clients = 64
 ## Value: ACL Rule
 listener.wss.external.access.1 = allow all
 
+## listener.wss.external.proxy_address_header = x-forwarded-for
+
+## listener.wss.external.proxy_port_header = x-remote-port
+
 ## Enable the Proxy Protocol V1/2 support.
 ##
 ## See: listener.tcp.<name>.proxy_protocol

priv/emq.schema

@@ -1029,6 +1029,16 @@ end}.
   {datatype, string}
 ]}.
 
+{mapping, "listener.ws.$name.proxy_port_header", "emqttd.listeners", [
+  {datatype, string},
+  hidden
+]}.
+
+{mapping, "listener.ws.$name.proxy_address_header", "emqttd.listeners", [
+  {datatype, string},
+  hidden
+]}.
+
 {mapping, "listener.ws.$name.proxy_protocol", "emqttd.listeners", [
   {datatype, flag}
 ]}.
@@ -1115,6 +1125,16 @@ end}.
   {datatype, string}
 ]}.
 
+{mapping, "listener.wss.$name.proxy_port_header", "emqttd.listeners", [
+  {datatype, string},
+  hidden
+]}.
+
+{mapping, "listener.wss.$name.proxy_address_header", "emqttd.listeners", [
+  {datatype, string},
+  hidden
+]}.
+
 {mapping, "listener.wss.$name.proxy_protocol", "emqttd.listeners", [
   {datatype, flag}
 ]}.
@@ -1244,7 +1264,9 @@ end}.
                            {proxy_protocol, cuttlefish:conf_get(Prefix ++ ".proxy_protocol", Conf, undefined)},
                            {proxy_protocol_timeout, cuttlefish:conf_get(Prefix ++ ".proxy_protocol_timeout", Conf, undefined)},
                            {mountpoint, MountPoint(cuttlefish:conf_get(Prefix ++ ".mountpoint", Conf, undefined))},
-                           {peer_cert_as_username, cuttlefish:conf_get(Prefix ++ ".peer_cert_as_username", Conf, undefined)}])
+                           {peer_cert_as_username, cuttlefish:conf_get(Prefix ++ ".peer_cert_as_username", Conf, undefined)},
+                           {proxy_port_header, cuttlefish:conf_get(Prefix ++ ".proxy_port_header", Conf, undefined)},
+                           {proxy_address_header, cuttlefish:conf_get(Prefix ++ ".proxy_address_header", Conf, undefined)}])
                end,
 
     LisOpts = fun(Prefix) ->
@@ -1290,7 +1312,8 @@ end}.
                            undefined ->
                                [];
                            ListenOn ->
-                               [{Atom(Type), ListenOn, [{connopts, ConnOpts(Prefix)}, {sockopts, TcpOpts(Prefix)} | LisOpts(Prefix)]}]
+                               [{Atom(Type), ListenOn, [{connopts, ConnOpts(Prefix)},
+                                                        {sockopts, TcpOpts(Prefix)} | LisOpts(Prefix)]}]
                        end
                    end,
 

src/emqttd.app.src

@@ -1,6 +1,6 @@
 {application,emqttd,
              [{description,"Erlang MQTT Broker"},
-              {vsn,"2.3.3"},
+              {vsn,"2.3.4"},
               {modules,[]},
               {registered,[emqttd_sup]},
               {applications,[kernel,stdlib,gproc,lager,esockd,mochiweb,