caddy
caddy copied to clipboard
caddyserver
proxy module should support the proxy protocols for upstreams
Afaik caddy only supports the proxy protocol in the "frontend" (so another proxy is connecting using the proxy protocol to caddy). Caddy does not support using the proxy protocol to connect to upstreams, according to the documentation at https://caddyserver.com/docs/proxy:
to is the destination endpoint to proxy to. ... If a scheme (http/https/quic/srv) ...
It should be possible to use "proxy" as a scheme.
Can you please go into more detail of what/how this would work? Will close for now, since the issue template was not filled out with sufficient information. Can reopen if filled out with enough information to be actionable.
1. What would you like to have changed?
It should be possible to use the proxy protocol not only for incomming but also outgoing (proxied) requests.
2. Why is this feature a useful, necessary, and/or important addition to this project?
It'd improve caddy's value as a proxy because it could pass along the real client-ip in a way many other applications support (see https://www.haproxy.com/de/blog/haproxy/proxy-protocol/) and does not rely on setting specific headers (X-Forwarded-For, ...).
3. What alternatives are there, or what are you doing in the meantime to work around the lack of this feature?
Use haproxy.
4. Please link to any relevant issues, pull requests, or other discussions.
https://www.haproxy.com/de/blog/haproxy/proxy-protocol/
Thanks. So as I understand it, you want the proxy to receive an HTTP request and then establish a PROXY protocol connection to a backend?
Yes, exactly. This way caddy could be used as an alternative to, for example, haproxy.
Yes, but this is only for the frontend, right? So caddy sitting behind a proxy which talks the proxy-protocol to caddy. But it'll not make caddy (better: the caddy proxy module) talk to it's backends using the proxy-protocol, right?
@mastercactapus I know you have some expertise in this area. Would you be interested in working together to add PROXY protocol to Caddy 2, both in the front and to proxy backends?
@mholt Absolutely. Most of the work for the protocol stuff is handled here (WriteTo should work for upstreams): https://godoc.org/github.com/mastercactapus/proxyprotocol
We should work through things like how requests would work with keepalive enabled to the upstream, but very doable I imagine.
Cool. I would need to help make sure that listeners or connections can be wrapped (on the front-side of things). I'm down for working on this whenever!
Hi there, can I use the L4 module for this now? Or is there still work to do to add proxy protocol support to the reverse_proxy http handler (or introduce a new reverse_proxy handler)?
@mwpastore The L4 module won't work with Caddy's HTTP app. The L4 one is designed to handle incoming TCP connections, whereas the HTTP app handles incoming HTTP requests. Not the same.
This is still an open feature request for Caddy's reverse_proxy. (Matt closed it by mistake, misread that this issue is in the Caddy repo and not in the caddy-l4 repo, so it was reopened)
Hi, is there anyone working on this feature? I can provide a pr if wanted.
