Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

address concerns raised while troubleshooting #524 #581

Merged
merged 4 commits into from
Dec 7, 2018

Conversation

aaronhurt
Copy link
Member

@aaronhurt aaronhurt commented Dec 7, 2018

This PR, when merged, should resolve #524 and restore proper TCP proxy functionality with an out-of-box configuration.

@aaronhurt aaronhurt self-assigned this Dec 7, 2018
@aaronhurt aaronhurt requested a review from magiconair December 7, 2018 16:34
@aaronhurt
Copy link
Member Author

@pschultz @magiconair PR to address #524

@aaronhurt aaronhurt changed the title resolve concerns raised in troubleshooting #524 address concerns raised while troubleshooting #524 Dec 7, 2018
Copy link
Contributor

@magiconair magiconair left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Two minor nitpicks. Otherwise, LGTM.

route/access_rules.go Outdated Show resolved Hide resolved
route/access_rules.go Outdated Show resolved Hide resolved
@magiconair
Copy link
Contributor

Is it possible to have multiple authors on a single commit? Then you could attribute @pschultz as well. More curious than asking.

@aaronhurt
Copy link
Member Author

I'm not sure about the commit itself ... I don't know. I fully agree though that @pschultz should get credit in the changelog and release notes at a minimum.

@aaronhurt
Copy link
Member Author

@magiconair Any more thoughts on changing the default state of proxy-protocol on the listener? Do we want to keep it false as-is in the current PR?

I also noticed that in the updated go-proxyproto package there is a function to check for allowed sources for proxy-protocol. That would elevate some of the security concerns but I think that's a later feature enhancement.

@magiconair
Copy link
Contributor

@sean- would disabling PROXY by default affect you?

@aaronhurt
Copy link
Member Author

@magiconair per earlier question...you definitely can with GitHub:
https://help.github.com/articles/creating-a-commit-with-multiple-authors/

@magiconair
Copy link
Contributor

You'll learn something new every day. Thx for looking.

@sean-
Copy link

sean- commented Dec 7, 2018

@magiconair, no it wouldn't. We're not using the TCP PROXY protocol anywhere. We're using gRPC now (successfully) and auth.

@magiconair
Copy link
Contributor

Lets do this. Thank you all!

@magiconair magiconair merged commit 45b97ae into master Dec 7, 2018
@magiconair magiconair deleted the issue-524-tcp-proxy branch December 7, 2018 20:39
@magiconair
Copy link
Contributor

@leprechau shoot, we forgot something. Can you provide another PR with an updated fabio.properties and documentation? Feel free to merge right away. I'll work on the CHANGELOG.

@aaronhurt
Copy link
Member Author

@magiconair absolutely.

@magiconair
Copy link
Contributor

Also, fabio users: if you find this change and think disabling PROXY by default was a grave mistake please let us know. Thx

@magiconair
Copy link
Contributor

@leprechau does this disable proxy for tcp only or also for http?

@aaronhurt
Copy link
Member Author

This disables PROXY protocol on all listeners by default unless enabled with pxyproto=true.

@magiconair
Copy link
Contributor

I'm having second thoughts on disabling by default. Will sleep on it a night. :)

@magiconair magiconair added this to the 1.5.11 milestone Dec 7, 2018
@aaronhurt
Copy link
Member Author

aaronhurt commented Dec 7, 2018

Okay, I have the documentation done. I'll push it to a new branch and create a PR. For what it's worth HAProxy has it disabled by default unless specified on the listener as well.

@aaronhurt
Copy link
Member Author

Updated documentation here: #583

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

TCP proxy broken since v1.5.8
3 participants