[FR] Proxy protocol support

[JuniorJPDJ]

It would allow proxies like haproxy or mumble-web to set client ip in murmur. Eg. Someone joins through mumble-web, but server admin can see his real ip instead of mumble-web host ip (if mumble-web implements proxy protocol).

[Krzmbrzl]

I guess you are referring to http://www.haproxy.org/download/1.8/doc/proxy-protocol.txt ?

This would probably quite a bit of overhead since the server is supposed to still send the audio packets to the Proxy and not the client directly, right? Afaik we currently only have a single IP address (connection really) associated with a client..

[JuniorJPDJ]

Yes, that's exactly protocol what I'm talking about.

It wouldn't be additional overhead as I'm talking about usecases already using proxies, like mumble-web. I'm just talking about additional layer allowing to send real user IP from proxy to server, when proxy IP is marked as trusted proxy.

It wouldn't be IP which murmur should communicate directly, it would be decoded just for logs and server administrators (eg. shown in Connection Information in client) and to check if IP is banned.

Now If you IP-ban mumble-web user it bans whole proxy.

I'm not sure how exactly mumble TCP + UDP is done, but i suspect it would be enough to encapsulate TCP stream in proxy protocol without touching UDP audio.

[JuniorJPDJ]

BTW. This seems to be cool workaround: https://github.com/msantos/libproxyproto I haven't tested it yet tho.

[wfjsw]

AFAIK you can't really do UDP in a nice way if you gonna adapt proxies. Last year I tried https://github.com/cloudflare/mmproxy and it works quite well.

[JuniorJPDJ]

AFAIK you can't really do UDP in a nice way if you gonna adapt proxies.

I'm not so sure about that - haproxy now is adding QUIC support, so it may be adding UDP load balancing too. Proxy protocol seems to support UDP.

[nejtr0n]

One more case. If im using mumble behind nginx, and somebody trying to connect frequently, server bans gateway for a long time, and all clients suffers.