[
https://issues.apache.org/jira/browse/ARTEMIS-3915?focusedWorklogId=982111&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-982111
]
ASF GitHub Bot logged work on ARTEMIS-3915:
-------------------------------------------
Author: ASF GitHub Bot
Created on: 06/Sep/25 00:44
Start Date: 06/Sep/25 00:44
Worklog Time Spent: 10m
Work Description: jbertram commented on code in PR #5908:
URL: https://github.com/apache/activemq-artemis/pull/5908#discussion_r2326314429
##########
docs/user-manual/proxy-protocol.adoc:
##########
@@ -0,0 +1,33 @@
+= PROXY Protocol
+:idprefix:
+:idseparator: -
+:docinfo: shared
+
+As noted in the official
https://github.com/haproxy/haproxy/blob/master/doc/proxy-protocol.txt[PROXY
Protocol documentation]:
+
+[quote,]
+____
+The PROXY protocol provides a convenient way to safely transport connection
information such as a client's address across multiple layers of NAT or TCP
proxies.
+____
+
+This essentially allows the broker to know a client's IP address even when the
connection is established through reverse proxy that supports the PROXY
protocol (e.g. HAProxy, nginx, etc.).
+Without PROXY protocol support the broker would see such client connections as
coming from the proxy itself which can be misleading for administrators and
complicate trouble-shooting.
+
+Both versions 1 & 2 of the PROXY Protocol are supported.
+Furthermore, this support is 100% transparent and requires no additional
configuration.
+The broker automatically detects the use of the PROXY Protocol and manages the
connection appropriately.
Review Comment:
I've changed the implementation to account for this.
##########
artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyConnection.java:
##########
@@ -388,18 +394,40 @@ private static void flushAndWait(final Channel channel,
final ChannelPromise pro
@Override
public final String getRemoteAddress() {
- SocketAddress address = channel.remoteAddress();
- if (address == null) {
- return null;
+ String proxyProtocolSourceAddress =
channel.attr(PROXY_PROTOCOL_SOURCE_ADDRESS).get();
+ String proxyProtocolSourcePort =
channel.attr(PROXY_PROTOCOL_SOURCE_PORT).get();
+ if (proxyProtocolSourceAddress != null &&
!proxyProtocolSourceAddress.isEmpty() && proxyProtocolSourcePort != null &&
!proxyProtocolSourcePort.isEmpty()) {
+ return proxyProtocolSourceAddress + ":" + proxyProtocolSourcePort;
+ } else {
+ SocketAddress address = channel.remoteAddress();
+ if (address == null) {
+ return null;
+ }
+ String result = address.toString();
+ if (result.startsWith("/")) {
+ return result.substring(1);
+ } else {
+ return result;
+ }
Review Comment:
Good idea.
Issue Time Tracking
-------------------
Worklog Id: (was: 982111)
Time Spent: 2h (was: 1h 50m)
> Support PROXY Protocol
> ----------------------
>
> Key: ARTEMIS-3915
> URL: https://issues.apache.org/jira/browse/ARTEMIS-3915
> Project: ActiveMQ Artemis
> Issue Type: Improvement
> Components: Broker
> Reporter: João Santos
> Assignee: Justin Bertram
> Priority: Major
> Labels: pull-request-available
> Time Spent: 2h
> Remaining Estimate: 0h
>
> [HAProxy|http://www.haproxy.org/] is a widely known and used TCP Load
> Balancer and especially useful for an ActiveMQ Artemis clustered environment.
> Although possible to functionally implement with both products current
> features, Artemis does not support the PROXY protocol, which prevents it's
> broker nodes from inferring the real remote client IP address when behind an
> HAProxy instance.
> Since Netty sockets implementation already seems to support this protocol
> (discussed w/ [~jbertram] on DEV mailing list), it shouldn't be a big leap to
> adding support for the protocol on Artemis acceptors, thus improving the
> deployment of the use case at hand.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
For further information, visit: https://activemq.apache.org/contact
