Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve Proxy Protocol docs/configuration parsing #4065

Closed
sidewinder12s opened this issue Mar 2, 2018 · 3 comments
Closed

Improve Proxy Protocol docs/configuration parsing #4065

sidewinder12s opened this issue Mar 2, 2018 · 3 comments

Comments

@sidewinder12s
Copy link

Feature Request:
Improve the documentation/parsing of proxy_protocol_authorized_addrs listener configuration options. The parsing is not very friendly and the documentation just says the field is a string, leaving you guessing how to input multiple IPs which is completely expected if your putting in IPs of a load balancer. I would have expected it to be an array. The fact you need to separate the addresses with a comma isn't documented either.

Environment:

  • Vault Version: v0.9.3
  • Operating System/Architecture: docker/ubuntu/amd64

Vault Config File:
Within the listener config:

proxy_protocol_behavior = "allow_authorized"
proxy_protocol_authorized_addrs = ""10.15.163.13:8200, 10.15.163.12:8200""

Startup Log Output:

{\"line\":\"\u001b[0;31mError initializing listener of type tcp: failed parsing proxy_protocol_authorized_addrs: error parsing authorized address: Unable to convert \\"  10.15.163.12:8200\\" to an IPv4 or IPv6 address, or a UNIX Socket\u001b[0m\",\"source\":\"stdout\",\"tag\":\"vault:0.9.3/container_name/9882051d8d99\"},\"time\":\"1520029773.110934\",\"host\":\"host.com\"}

Expected Behavior:
Vault should have started up.

Actual Behavior:
Vault failed to start

Steps to Reproduce:
Add a proxy_protocol_authorized_addrs field with 2 addresses and a space between the 2 to the listener config.

proxy_protocol_authorized_addrs = ""10.15.163.13:8200, 10.15.163.12:8200""

References:
Removing the space between the 2 addresses fixes this however that doesn't seem to be documented anywhere.

proxy_protocol_authorized_addrs = ""10.15.163.13:8200,10.15.163.12:8200""
@shelby-moore
Copy link

It's also strange that with proxy_protocol_behavior = "use_always" you need to specify proxy_protocol_authorized_addrs, which will cause Vault to not start up if it is an empty string. It would be preferable to not require proxy_protocol_authorized_addrs at all in this case, or at least allow it to be an empty string.

@jefferai
Copy link
Member

jefferai commented May 8, 2018
edited
Loading

I would have expected it to be an array.

You can use an array or a comma-separated string, both work.

It's also strange that with proxy_protocol_behavior = "use_always" you need to specify proxy_protocol_authorized_addrs, which will cause Vault to not start up if it is an empty string

This could probably be changed, please file an issue for it or submit a PR.

@shelby-moore shelby-moore mentioned this issue May 9, 2018
Merged
@jefferai
Copy link
Member

jefferai commented May 9, 2018

Closed by #4528

@jefferai jefferai closed this as completed May 9, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jefferai @sidewinder12s @shelby-moore