[jira] [Commented] (JAMES-3788) Support for HAProxy Proxy Protocol

Thu, 04 Aug 2022 00:46:08 -0700 


    [ 
https://issues.apache.org/jira/browse/JAMES-3788?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17575092#comment-17575092
 ] 

ouvtam commented on JAMES-3788:
-------------------------------

> IMO the right thing to do is to add an option in protocol configuration to 
> activate proxy protocol or not, ie in imapserver.xml smtpserver.xml, etc...

I totally agree.

What I wanted to point out: Even if you enable proxy support (e.g. 
smtpserver.xml) it is currently not possible to bypass the proxy, because the 
decoder throws an exception if you start talking to James (e.g. telnet on 
localhost:25 for debugging) because it requires the PROXY command. I am going 
to wrap/extend the default HAProxyMessageDecoder class to not throw an 
exception in order to make it work without the PROXY command.

> Support for HAProxy Proxy Protocol
> ----------------------------------
>
>                 Key: JAMES-3788
>                 URL: https://issues.apache.org/jira/browse/JAMES-3788
>             Project: James Server
>          Issue Type: New Feature
>          Components: protocols
>            Reporter: ouvtam
>            Priority: Minor
>
> As proposed in the gitter channel I would like to add support for HAProxy's 
> PROXY protocol 
> ([https://www.haproxy.org/download/2.7/doc/proxy-protocol.txt|https://www.haproxy.org/download/2.7/doc/proxy-protocol.txt).]).
> This allows to run James behind HAProxy (i.e. load balancing multiple James 
> instances). In order to properly support the proxy protocol James needs to 
> parse the provided PROXY arguments from HAProxy (remote ip address, remote 
> port etc.) and store it in the SMTPSession for further processing (e.g. 
> DNSRBL check, Authorized Networks etc.). Otherwise James uses HAProxy's 
> address (e.g. localhost) as remote address.
> For instance, HAProxy sends following line after connecting:
> {code:java}
> "PROXY TCP4 255.255.255.255 255.255.255.255 65535 65535\r\n" {code}
> Netty already provides a codec for HAProxy's protocol 
> (io.netty.handler.codec.haproxy), so this can be implemented in the transport 
> layer of James.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org
For additional commands, e-mail: server-dev-h...@james.apache.org

Reply via email to