On Sat, Feb 26, 2011 at 11:09:28AM -0500, Ben Timby wrote:
> On Sat, Feb 26, 2011 at 9:34 AM, Willy Tarreau <w...@1wt.eu> wrote:
> > If you maintain your own servers, wouldn't you be interested in making
> > them support the proxy protocol we've added between stunnel and haproxy ?
> > It provides the server with a first line containing the protocol (TCPv4,
> > TCPv6), source and destination addresses and ports, and does not require
> > a state to consume a response. Also since by definition it can only appear
> > on the first line of the connection, there is no risk a client would send
> > it. It would work like this :
> >
> >> Client HAProxy Backend
> >> *------------------------------------------------*
> >> connect --------> |
> >> | connect ------------->|
> >> | PROXY TCP4 <IP> ...-->|
> >> *===========================*
> >> | <---------- 220 Ready |
> >> USER -----------> |
> >> | USER ---------------> |
> >> | <-------------250 OK |
> >> <---------250 OK |
> >> *------------------------------------------------*
> >
> > I'm just checking how we could implement something simple, reliable and
> > durable.
>
> As am I. I was not aware of that protocol, but that sounds like it
> would fit the bill. Is there any other information about that? Is
> HAProxy able to insert that protocol line or is that an extension to
> stunnel?
It has been implement on the client side in haproxy but not yet on the
server side, though it should not be difficult at all. You can find
information on the protocol here :
http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt
The goal was to make it very strict and simple to parse in order to
encourage a broader adoption than just the stunnel+haproxy tandem.
Regards,
Willy
