twellck opened a new pull request, #12859:
URL: https://github.com/apache/apisix/pull/12859
### Description
This pull request aligns the configuration and handling of PROXY Protocol
listen ports with the structure used for `node_listen` and `ssl.listen`. It
adds support for specifying multiple ports and IP addresses (including IPv6),
introduces schema validation improvements, ensures backward compatibility with
legacy options, and updates documentation.
#### Key Changes:
**Configuration and Schema Improvements:**
- Added support for `proxy_protocol.listen_http` and
`proxy_protocol.listen_https` as new configuration options.
- These options allow specifying multiple ports and IP addresses
(including IPv6) for PROXY Protocol.
- New schema validation supports integers, objects, and arrays for port
and IP address definitions.
- Deprecated `listen_http_port` and `listen_https_port` fields for PROXY
Protocol while ensuring backward compatibility.
- Updated `config.yaml.example` to document the new structure and usage
patterns for PROXY Protocol listen options.
**Backward Compatibility & Warnings:**
- CLI logic detects the use of deprecated `listen_http_port` and
`listen_https_port` fields, issuing warnings, and internally treats them the
same as the new configuration (only when legacy fields are present).
**Template, Runtime, and IPv6 Support:**
- Updated the Nginx configuration template (`ngx_tpl.lua`) to use
`listen_http` and `listen_https` fields.
- Ensures IPv6 support for PROXY Protocol by dynamically generating
additional Nginx `listen` directives for IPv6 addresses.
**Documentation Updates:**
- Example and inline documentation updated to illustrate:
- Migration from `listen_http_port` and `listen_https_port` to
`listen_http`/`listen_https`.
- How to specify multiple ports and use specific IPv4/IPv6 bindings.
**Testing Enhancements:**
- Added test scenarios for new and legacy configurations, including:
- Tests for backward compatibility with `listen_http_port` and
`listen_https_port`.
- Validations for the new `listen_http` and `listen_https` formats,
IPv4/IPv6 combinations, and support for QUIC/HTTP3.
- Additional tests for unusual inputs, such as unformatted or malformed
IPv6 literals.
#### Which issue(s) this PR fixes:
Fixes [#12828](https://github.com/apache/apisix/issues/12828)
#### Checklist
- [x] I have explained the need for this PR and the problem it solves.
- [x] I have explained the changes or the new features added to this PR.
- [x] I have added tests corresponding to this change.
- [x] I have updated the documentation to reflect this change.
- [x] I have verified that this change is backward compatible (If not,
please discuss on the [APISIX mailing
list](https://github.com/apache/apisix/tree/master#community) first).
---
### Notes for Reviewers
- This PR focuses on improving user flexibility and extending IPv6 support
for PROXY Protocol configurations.
- Provides backward-compatible changes to preserve legacy functionality
while guiding users toward the new configuration structure.
- Suggested areas for additional review:
- Schema changes and edge case validation.
- Adequacy of tests, particularly for IPv6 bindings and legacy support.
---
*Note: AI helped format this Pull Request.*
<!--
Note
1. Mark the PR as draft until it's ready to be reviewed.
2. Always add/update tests for any changes unless justified.
3. Always update documentation to reflect new changes.
4. Make commits to address review comments instead of `force-push`ing.
5. Merge master to resolve conflicts, avoid rebasing.
6. Use "request review" to notify reviewers after updates.
7. Only a reviewer can resolve a conversation.
-->
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
