cy6erGn0m
commented
4 years ago Currently, one need to specify a custom engine config lambda and configure connectors manually.
Open ghost opened 4 years ago
cy6erGn0m
commented
4 years ago Currently, one need to specify a custom engine config lambda and configure connectors manually.
oleg-larshin
commented
4 years ago Please check the following ticket on YouTrack for follow-ups to this issue. GitHub issues will be closed in the coming weeks.
Subsystem ktor-server
Is your feature request related to a problem? Please describe. N/A
Describe the solution you'd like Something as simple as
install(ProxyProtocolSupport), hopefully.ktor does not seem to natively support PROXY protocol (this is different from X-Forwarded-For), where the TCP connection starts with the originator IP/port/proxy's IP port followed by a newline.
I am uncertain if there is an easy way to do this short of forking one of the EngineMains - my original thought was to modify the jetty EngineMain to prepend ProxyConnectionFactory() before the HTTP and HTTPS factories in the list. It should just unwrap and remove the first line, then the rest of the payload can be parsed as HTTP or TLS-wrapped HTTP.
Motivation to include to ktor This is, as far as I can tell, built into both netty and jetty, as
io.netty.handler.codec.haproxyandorg.eclipse.jetty.server.ProxyConnectionFactory. Commonly used TCP load balancers (haproxy, AWS load balancers, Cloudflare Spectrum, and more) can inject the originating IP address without needing to MITM TLS traffic or otherwise decrypt it/hold keys.