You need to sign in or sign up before continuing.
Support for HTTPS over PROXYv2 protocol
This patch adds PROXYv2 protocol support. This allows us to propagate the original client IP address through HAProxy's TCP proxy. That gives us source IP addresses in our logs, which allows us to properly diagnose shifts in traffic.
See #180 (closed) for more details.
Sample HAProxy config:
global
log stdout format raw local0 info
defaults
timeout connect 10s
timeout client 30s
timeout server 30s
log global
option tcplog
frontend fe
bind 127.0.0.1:12340
mode tcp
default_backend be
backend be
mode tcp
server app1 127.0.0.1:1234 send-proxy-v2
Start HAProxy with:
$ haproxy -f haproxy.cfg
Generating certs for localhost: https://gist.github.com/cecilemuller/9492b848eb8fe46d462abeb26656c4f8.
Sample server invocation:
$ ./gitlab-pages -log-format=json -listen-https-proxyv2=127.0.0.1:1234 -root-cert=$(pwd)/localhost.crt -root-key=$(pwd)/localhost.key
Sample client invocation:
$ curl -v https://localhost:12340/ --cacert ~/code/gitlab-pages/RootCA.crt
refs https://gitlab.com/gitlab-com/gl-infra/infrastructure/-/issues/11902
Edited by Igor