[
https://issues.apache.org/jira/browse/ARTEMIS-3915?focusedWorklogId=982076&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-982076
]
ASF GitHub Bot logged work on ARTEMIS-3915:
-------------------------------------------
Author: ASF GitHub Bot
Created on: 05/Sep/25 15:18
Start Date: 05/Sep/25 15:18
Worklog Time Spent: 10m
Work Description: gemmellr commented on code in PR #5908:
URL: https://github.com/apache/activemq-artemis/pull/5908#discussion_r2325321500
##########
artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyConnection.java:
##########
@@ -388,18 +394,40 @@ private static void flushAndWait(final Channel channel,
final ChannelPromise pro
@Override
public final String getRemoteAddress() {
- SocketAddress address = channel.remoteAddress();
- if (address == null) {
- return null;
+ String proxyProtocolSourceAddress =
channel.attr(PROXY_PROTOCOL_SOURCE_ADDRESS).get();
+ String proxyProtocolSourcePort =
channel.attr(PROXY_PROTOCOL_SOURCE_PORT).get();
+ if (proxyProtocolSourceAddress != null &&
!proxyProtocolSourceAddress.isEmpty() && proxyProtocolSourcePort != null &&
!proxyProtocolSourcePort.isEmpty()) {
+ return proxyProtocolSourceAddress + ":" + proxyProtocolSourcePort;
+ } else {
+ SocketAddress address = channel.remoteAddress();
+ if (address == null) {
+ return null;
+ }
+ String result = address.toString();
+ if (result.startsWith("/")) {
+ return result.substring(1);
+ } else {
+ return result;
+ }
Review Comment:
Should this (and related methods below) maybe be done in
NettyServerConnection? The client wont ever see this stuff?
##########
artemis-core-client/src/main/java/org/apache/activemq/artemis/spi/core/remoting/Connection.java:
##########
@@ -135,10 +135,25 @@ default void disconnect() {
}
/**
- * {@return the string representation of the remote address this connection
is connected to}
+ * {@return a string representation of the remote address of this
connection; if this connection is made via the
+ * proxy protocol then this will be the original address, not the proxy
address}
Review Comment:
Similarly, wondering if changes on this interface should also be elsewhere,
since a client will wont see these things. Could probably say the same about
RemotingConnection.
##########
tests/e2e-tests/src/test/java/org/apache/activemq/artemis/tests/e2e/proxy/HAProxyTest.java:
##########
@@ -0,0 +1,253 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.artemis.tests.e2e.proxy;
+
+import javax.jms.Connection;
+import javax.jms.ConnectionFactory;
+import javax.jms.DeliveryMode;
+import javax.jms.Message;
+import javax.jms.MessageConsumer;
+import javax.jms.MessageProducer;
+import javax.jms.Queue;
+import javax.jms.QueueConnection;
+import javax.jms.QueueConnectionFactory;
+import javax.jms.QueueRequestor;
+import javax.jms.QueueSession;
+import javax.jms.Session;
+import java.lang.invoke.MethodHandles;
+import java.nio.charset.StandardCharsets;
+import java.util.concurrent.CountDownLatch;
+import java.util.concurrent.TimeUnit;
+
+import org.apache.activemq.artemis.api.core.JsonUtil;
+import org.apache.activemq.artemis.api.core.management.ResourceNames;
+import org.apache.activemq.artemis.api.jms.ActiveMQJMSClient;
+import org.apache.activemq.artemis.api.jms.management.JMSManagementHelper;
+import org.apache.activemq.artemis.core.management.impl.view.ConnectionField;
+import
org.apache.activemq.artemis.core.management.impl.view.predicate.ActiveMQFilterPredicate;
+import org.apache.activemq.artemis.jms.client.ActiveMQQueueConnectionFactory;
+import org.apache.activemq.artemis.json.JsonObject;
+import org.apache.activemq.artemis.tests.e2e.common.ContainerService;
+import org.apache.activemq.artemis.tests.e2e.common.E2ETestBase;
+import org.apache.activemq.artemis.tests.e2e.common.ValidateContainer;
+import org.apache.activemq.artemis.utils.RandomUtil;
+import org.eclipse.paho.mqttv5.client.IMqttToken;
+import org.eclipse.paho.mqttv5.client.MqttCallback;
+import org.eclipse.paho.mqttv5.client.MqttClient;
+import org.eclipse.paho.mqttv5.client.MqttConnectionOptions;
+import org.eclipse.paho.mqttv5.client.MqttDisconnectResponse;
+import org.eclipse.paho.mqttv5.client.persist.MemoryPersistence;
+import org.eclipse.paho.mqttv5.common.MqttException;
+import org.eclipse.paho.mqttv5.common.MqttMessage;
+import org.eclipse.paho.mqttv5.common.packet.MqttProperties;
+import org.junit.jupiter.api.AfterAll;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import static io.netty.handler.codec.mqtt.MqttQoS.AT_LEAST_ONCE;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+/**
+ * You need to build the Artemis Docker image with 'mvn install
-De2e-tests.skipImageBuild=false' before this test is
+ * executed.
+ */
+public class HAProxyTest extends E2ETestBase {
Review Comment:
Might be good to use TLS in the test too?
##########
tests/e2e-tests/pom.xml:
##########
@@ -220,6 +235,22 @@
<configuration>${basedir}/target/classes/servers/brokerConnect/qdr</configuration>
</configuration>
</execution>
+ <execution>
+ <phase>test-compile</phase>
+ <id>create-proxy</id>
Review Comment:
Maybe 'proxy-protocol' instead of just 'proxy' to make it clearer later?
(here and paths below / in the test)
Issue Time Tracking
-------------------
Worklog Id: (was: 982076)
Time Spent: 1h 50m (was: 1h 40m)
> Support PROXY Protocol
> ----------------------
>
> Key: ARTEMIS-3915
> URL: https://issues.apache.org/jira/browse/ARTEMIS-3915
> Project: ActiveMQ Artemis
> Issue Type: Improvement
> Components: Broker
> Reporter: João Santos
> Assignee: Justin Bertram
> Priority: Major
> Labels: pull-request-available
> Time Spent: 1h 50m
> Remaining Estimate: 0h
>
> [HAProxy|http://www.haproxy.org/] is a widely known and used TCP Load
> Balancer and especially useful for an ActiveMQ Artemis clustered environment.
> Although possible to functionally implement with both products current
> features, Artemis does not support the PROXY protocol, which prevents it's
> broker nodes from inferring the real remote client IP address when behind an
> HAProxy instance.
> Since Netty sockets implementation already seems to support this protocol
> (discussed w/ [~jbertram] on DEV mailing list), it shouldn't be a big leap to
> adding support for the protocol on Artemis acceptors, thus improving the
> deployment of the use case at hand.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
For further information, visit: https://activemq.apache.org/contact
