mc-router
mc-router copied to clipboard
itzg
Ability to passthrough PROXY protocol
When a reverse proxy sends PROXY protocol to mc-router, mc-router will reject the connection:
time="2022-12-29T14:11:17Z" level=info msg="Got connection" client="217.182.27.248:32991"
time="2022-12-29T14:11:17Z" level=error msg="Unexpected packetID, expected handshake" client="217.182.27.248:32991" packetID=10
It would be great to have the ability for mc-router to pass through PROXY protocol from the connection to the backend server.
Can you clarify the use case such as with a simple network diagram? mc-router already has the option to originate PROXY to the backend Minecraft servers, so I'm not sure why another layer would be involved.
Can you clarify the use case such as with a simple network diagram? mc-router already has the option to originate PROXY to the backend Minecraft servers, so I'm not sure why another layer would be involved.
Currently mc-router seems to support the following:
Where the enduser's IP address gets sent to the backend server using PROXY protocol.
My usecase however, is that I'd like to add a reverse proxy to the mix for DDoS mitigation purposes, which turns the diagram into this:
The problem here is that the reverse proxy sends PROXY protocol already and mc-router isn't able to decipher this as it is expecting a Minecraft handshake instead of PROXY protocol. I'd need mc-router to recognize PROXY protocol coming from an inbound connection and pass these headers through.
Thanks for clarifying. That totally makes sense.
Does it seem to be reasonable to have that be an instance wide argument like --pass-thru-proxy?
Thanks for clarifying. That totally makes sense.
Does it seem to be reasonable to have that be an instance wide argument like
--pass-thru-proxy?
Yeah, that's fine.
I would also love to see this feature. I use minimum a LB with proxy protocol in front of mc-router. Currently mc-router and the backend Minecraft server do not get the actual client IP.
