Open kjvalencik opened 5 years ago
The protocol looks involved; there are two versions... What other software support it, apart from haproxy?
What is main advantage compared to SOCKS5 and HTTP CONNECT? (Or maybe I don't understand how it is used).
Is there a ready-made implementation for Rust/Tokio?
There are a few examples of software that support it here.
As far as I know, there is not a ready-made Rust implementation. I was able to find a couple of small examples on github, but nothing robust.
The main advantage is that it allows simple TCP servers to recover the original IP address. When combined with Cloudflare's mmproxy
it can even be used without direct support from the TCP server itself.
I have not been able to find a ws-to-tcp bridge that supports it.
Do you want websocat to accept connections prefixed by that proxy header or initiate them (or both)?
Which tool available in Debian packages is to be used to test, explore and experiment how this protocol works? Is nginx enough or it is only a half or the feature?
Is there any netcat-, curl- or socat-like tool that can use PROXY protocol from simple command-line invocations without writing any config files?
My specific use case is to send the headers. I'll do some more investigation and get back to you. Thanks!
You may also include how such header should look in e.g. Wireshark.
Documentation at haproxy contains some examples, but it's better to see more full picture.
Also what is the name of this proxy protocol? Is there an RFC? Definitely it shouldn't be called just a "proxy" (i.e. --proxy
switch or proxy:
specifier).
Crude prototype:
websocat -t - --ws-c-uri=ws://lol/kek ws-c:sh-c:'( printf "PROXY TCP4 0.0.0.0 0.0.0.0 0 0\r\n"; cat ) | nc 127.0.0.1 1234'
$ nc -lp 1234
PROXY TCP4 0.0.0.0 0.0.0.0 0 0
GET /kek HTTP/1.1
Host: lol
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Version: 13
Sec-WebSocket-Key: NiVUsXbHCu/bTNJxe4pexQ==
If there is a tool for using such proxies like connect-proxy or corkscrew then it is rather easy to call it from Websocat (including in TLS mode).
It would be useful to send a PROXY protocol header when proxying a TCP server. This would allow the application to map back to the original addresses.
http://www.haproxy.org/download/1.8/doc/proxy-protocol.txt
Prior art: https://blog.cloudflare.com/mmproxy-creative-way-of-preserving-client-ips-in-spectrum/