[
https://issues.apache.org/jira/browse/ARTEMIS-3915?focusedWorklogId=984824&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-984824
]
ASF GitHub Bot logged work on ARTEMIS-3915:
-------------------------------------------
Author: ASF GitHub Bot
Created on: 26/Sep/25 19:49
Start Date: 26/Sep/25 19:49
Worklog Time Spent: 10m
Work Description: jbertram commented on code in PR #5908:
URL: https://github.com/apache/activemq-artemis/pull/5908#discussion_r2383350591
##########
artemis-server/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/HAProxyMessageEnforcer.java:
##########
@@ -0,0 +1,73 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.artemis.core.remoting.impl.netty;
+
+import io.netty.buffer.ByteBuf;
+import io.netty.channel.ChannelHandler;
+import io.netty.channel.ChannelHandlerContext;
+import io.netty.channel.ChannelInboundHandlerAdapter;
+import org.apache.activemq.artemis.core.server.ActiveMQServerLogger;
+import org.apache.activemq.artemis.utils.SocketAddressUtil;
+
+/**
+ * This Netty handler enforces the presence or absence of PROXY protocol
messages. It verifies conformity and then
+ * removes itself from the pipeline.
+ * <p>
+ * If the incoming message protocol does not align with the enforcer's
requirements the connection is closed.
+ */
[email protected]
+public class HAProxyMessageEnforcer extends ChannelInboundHandlerAdapter {
+
+ public static final HAProxyMessageEnforcer PROXY_PROTOCOL_REQUIRED = new
HAProxyMessageEnforcer(true);
+
+ public static final HAProxyMessageEnforcer PROXY_PROTOCOL_REJECTED = new
HAProxyMessageEnforcer(false);
+
+ final boolean requireHaProxyMessage;
+
+ HAProxyMessageEnforcer(boolean requireHaProxyMessage) {
+ this.requireHaProxyMessage = requireHaProxyMessage;
+ }
+
+ @Override
+ public void channelRead(ChannelHandlerContext ctx, Object msg) throws
Exception {
+ ByteBuf in = (ByteBuf) msg;
+ if (in.readableBytes() < 4) {
Review Comment:
Check out the latest push. I added your test, and I removed the enforcer
object for the normal (i.e. `proxyProtocolEnabled=false`) case although I still
check in the `ProtocolDecoder` so we can fail fast.
Issue Time Tracking
-------------------
Worklog Id: (was: 984824)
Time Spent: 12h 20m (was: 12h 10m)
> Support PROXY Protocol
> ----------------------
>
> Key: ARTEMIS-3915
> URL: https://issues.apache.org/jira/browse/ARTEMIS-3915
> Project: ActiveMQ Artemis
> Issue Type: Improvement
> Components: Broker
> Reporter: João Santos
> Assignee: Justin Bertram
> Priority: Major
> Labels: pull-request-available
> Time Spent: 12h 20m
> Remaining Estimate: 0h
>
> [HAProxy|http://www.haproxy.org/] is a widely known and used TCP Load
> Balancer and especially useful for an ActiveMQ Artemis clustered environment.
> Although possible to functionally implement with both products current
> features, Artemis does not support the PROXY protocol, which prevents it's
> broker nodes from inferring the real remote client IP address when behind an
> HAProxy instance.
> Since Netty sockets implementation already seems to support this protocol
> (discussed w/ [~jbertram] on DEV mailing list), it shouldn't be a big leap to
> adding support for the protocol on Artemis acceptors, thus improving the
> deployment of the use case at hand.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
For further information, visit: https://activemq.apache.org/contact
