Use proxy-protocol to pass through source IP to nginx

2017-04-28 17:21:47 -05:00 · 2017-04-28 17:21:47 -05:00 · d56d8b7da1
commit d56d8b7da1
parent 317f222527
3 changed files with 31 additions and 6 deletions
--- a/controllers/nginx/pkg/cmd/controller/tcp.go
+++ b/controllers/nginx/pkg/cmd/controller/tcp.go
@ -13,6 +13,7 @@ type server struct {
 	Hostname string
 	IP       string
 	Port     int
+	ProxyProtocol bool
 }

 type proxy struct {
@ -61,10 +62,31 @@ func (p *proxy) Handle(conn net.Conn) {
 	}
 	defer clientConn.Close()

-	_, err = clientConn.Write(data[:length])
-	if err != nil {
-		clientConn.Close()
+	if proxy.ProxyProtocol {
+		//Write out the proxy-protocol header
+		localAddr := conn.LocalAddr().(*net.TCPAddr)
+		remoteAddr := conn.RemoteAddr().(*net.TCPAddr)
+		protocol := "UNKNOWN"
+		if remoteAddr.IP.To4() != nil {
+			protocol = "TCP4"
+		} else if remoteAddr.IP.To16() != nil {
+			protocol = "TCP6"
+		}
+		proxyProtocolHeader := fmt.Sprintf("PROXY %s %s %s %d %d\r\n", protocol, remoteAddr.IP.String(), localAddr.IP.String(), remoteAddr.Port, localAddr.Port)
+		glog.V(4).Infof("Writing proxy protocol header - %s", proxyProtocolHeader)
+		_, err = fmt.Fprintf(clientConn, proxyProtocolHeader)
 	}
+	if err != nil {
+		glog.Errorf("unexpected error writing proxy-protocol header: %s", err)
+		clientConn.Close()
+	} else {
+		_, err = clientConn.Write(data[:length])
+		if err != nil {
+			glog.Errorf("unexpected error writing first 4k of proxy data: %s", err)
+			clientConn.Close()
+		}
+	}
+
 	pipe(clientConn, conn)
 }