[
https://issues.apache.org/jira/browse/SSHD-656?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15168459#comment-15168459
]
Goldstein Lyor commented on SSHD-656:
-------------------------------------
Feel free to go ahead and publish a pull request for it - see
https://github.com/apache/mina-sshd/commit/ec56d2ab6c0a0923d8310976530e7c8bf1144d13
for a mechanism I added for this very purpose. Basically, you need to write a
_ClientProxyConnector_ and _ServerProxyAcceptor_ that implement the protocol
you describe. If you do go ahead with this, then please open a *separate*
module folder for it - e.g., _sshd-haproxy_ (similar to _sshd-ldap_) since this
is a "plugin" that one can use rather than a core feature.
> Support The PROXY protocol
> --------------------------
>
> Key: SSHD-656
> URL: https://issues.apache.org/jira/browse/SSHD-656
> Project: MINA SSHD
> Issue Type: New Feature
> Reporter: Eugene Petrenko
> Priority: Minor
>
> Load Balancing and other higher availability services are included between
> client and SSHD server and works on TCP level. This makes an actual client
> address shown in the SSHD server to be a load balancer address, not a real
> client address. This makes it hard to use SSHD for multi-node production
> scenarios.
>
> There are several ways to solve the issue.
> The first one is to include complex TCP routing to have specific packets
> delivered correctly. This is too hard to setup
> It looks like using {{The PROXY Protocol}} is the possible, easy and more or
> less standard way to pass actual client/server addresses to the server over
> TCP. The protocol is implemented by a number of TCP-based servers
> (including nginx, Amazon Load Balancer, Apache, github enterprise, see the
> link below for details)
> Protocol specification is here
> http://www.haproxy.org/download/1.6/doc/proxy-protocol.txt
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
