Merge pull request #35470 from cescoffier/ha-proxy-protocol

Add an option enabling the support for the HA PROXY protocol
quarkusio · Aug 23, 2023 · d422fc3 · d422fc3
2 parents 8d51c06 + 881132a
commit d422fc3
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 3 deletions.
diff --git a/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/ProxyConfig.java b/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/ProxyConfig.java
@@ -11,6 +11,16 @@
  * Holds configuration related with proxy addressing forward.
  */
 public interface ProxyConfig {
+
+    /**
+     * Set whether the server should use the HA {@code PROXY} protocol when serving requests from behind a proxy.
+     * (see the <a href="https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt">PROXY Protocol</a>).
+     * When set to {@code true}, the remote address returned will be the one from the actual connecting client.
+     * If it is set to {@code false} (default), the remote address returned will be the one from the proxy.
+     */
+    @WithDefault("false")
+    boolean useProxyProtocol();
+
     /**
      * If this is true then the address, scheme etc. will be set from headers forwarded by the proxy server, such as
      * {@code X-Forwarded-For}. This should only be set if you are behind a proxy that sets these headers.
@@ -70,7 +80,7 @@ public interface ProxyConfig {
      * The trusted proxy address should be specified as the IP address (IPv4 or IPv6), hostname or Classless Inter-Domain
      * Routing (CIDR) notation. Please note that Quarkus needs to perform DNS lookup for all hostnames during the request.
      * For that reason, using hostnames is not recommended.
-     *
+     * <p>
      * Examples of a socket address in the form of `host` or `host:port`:
      *
      * <ul>
@@ -81,15 +91,15 @@ public interface ProxyConfig {
      * <li>`localhost`</li>
      * <li>`localhost:8084`</li>
      * </ul>
-     *
+     * <p>
      * Examples of a CIDR notation:
      *
      * <ul>
      * <li>`::/128`</li>
      * <li>`::/0`</li>
      * <li>`127.0.0.0/8`</li>
      * </ul>
-     *
+     * <p>
      * Please bear in mind that IPv4 CIDR won't match request sent from the IPv6 address and the other way around.
      */
     Optional<List<@WithConverter(TrustedProxyCheckPartConverter.class) TrustedProxyCheckPart>> trustedProxies();

diff --git a/...p/runtime/src/main/java/io/quarkus/vertx/http/runtime/options/HttpServerOptionsUtils.java b/...p/runtime/src/main/java/io/quarkus/vertx/http/runtime/options/HttpServerOptionsUtils.java
@@ -275,6 +275,8 @@ public static void applyCommonOptions(HttpServerOptions httpServerOptions,
             }
             httpServerOptions.setInitialSettings(settings);
         }
+
+        httpServerOptions.setUseProxyProtocol(httpConfiguration.proxy().useProxyProtocol());
     }
 
     public static void applyCommonOptionsForManagementInterface(HttpServerOptions options,
@@ -299,6 +301,8 @@ public static void applyCommonOptionsForManagementInterface(HttpServerOptions op
         }
         options.setDecompressionSupported(buildTimeConfig.enableDecompression());
         options.setHandle100ContinueAutomatically(httpConfiguration.handle100ContinueAutomatically());
+
+        options.setUseProxyProtocol(httpConfiguration.proxy().useProxyProtocol());
     }
 
     private static KeyStoreOptions createKeyStoreOptions(Path path, String password, Optional<String> fileType,