[FR] Proxy protocol support

mumble-voip / mumble

Mumble is an open-source, low-latency, high quality voice chat software.

https://www.mumble.info

Other

6.44k stars 1.12k forks source link

[FR] Proxy protocol support #4769

Open JuniorJPDJ opened 3 years ago

JuniorJPDJ commented 3 years ago

It would allow proxies like haproxy or mumble-web to set client ip in murmur. Eg. Someone joins through mumble-web, but server admin can see his real ip instead of mumble-web host ip (if mumble-web implements proxy protocol).

Krzmbrzl commented 3 years ago

I guess you are referring to http://www.haproxy.org/download/1.8/doc/proxy-protocol.txt ?

This would probably quite a bit of overhead since the server is supposed to still send the audio packets to the Proxy and not the client directly, right? Afaik we currently only have a single IP address (connection really) associated with a client..

JuniorJPDJ commented 3 years ago

Yes, that's exactly protocol what I'm talking about.

It wouldn't be additional overhead as I'm talking about usecases already using proxies, like mumble-web. I'm just talking about additional layer allowing to send real user IP from proxy to server, when proxy IP is marked as trusted proxy.

It wouldn't be IP which murmur should communicate directly, it would be decoded just for logs and server administrators (eg. shown in Connection Information in client) and to check if IP is banned.

Now If you IP-ban mumble-web user it bans whole proxy.

I'm not sure how exactly mumble TCP + UDP is done, but i suspect it would be enough to encapsulate TCP stream in proxy protocol without touching UDP audio.

JuniorJPDJ commented 3 years ago

BTW. This seems to be cool workaround: https://github.com/msantos/libproxyproto I haven't tested it yet tho.

wfjsw commented 2 years ago

AFAIK you can't really do UDP in a nice way if you gonna adapt proxies. Last year I tried https://github.com/cloudflare/mmproxy and it works quite well.

JuniorJPDJ commented 2 years ago

AFAIK you can't really do UDP in a nice way if you gonna adapt proxies.

I'm not so sure about that - haproxy now is adding QUIC support, so it may be adding UDP load balancing too. Proxy protocol seems to support UDP.

nejtr0n commented 1 year ago

One more case. If im using mumble behind nginx, and somebody trying to connect frequently, server bans gateway for a long time, and all clients suffers.

AXFOX commented 1 month ago

I have same problem , I just have IPv6 Public Network,every IPv4 connect proxy by FRP.