From 881132a9601b2ed527e98eefd493dfb08d3c5502 Mon Sep 17 00:00:00 2001 From: Clement Escoffier Date: Tue, 22 Aug 2023 13:56:23 +0200 Subject: [PATCH] Add an option enabling the support for the HA PROXY protocol. Fix https://github.com/quarkusio/quarkus/issues/32124 --- .../quarkus/vertx/http/runtime/ProxyConfig.java | 16 +++++++++++++--- .../runtime/options/HttpServerOptionsUtils.java | 4 ++++ 2 files changed, 17 insertions(+), 3 deletions(-) diff --git a/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/ProxyConfig.java b/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/ProxyConfig.java index e2d4d5cc5fa27..7aaf42dfe5703 100644 --- a/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/ProxyConfig.java +++ b/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/ProxyConfig.java @@ -11,6 +11,16 @@ * Holds configuration related with proxy addressing forward. */ public interface ProxyConfig { + + /** + * Set whether the server should use the HA {@code PROXY} protocol when serving requests from behind a proxy. + * (see the PROXY Protocol). + * When set to {@code true}, the remote address returned will be the one from the actual connecting client. + * If it is set to {@code false} (default), the remote address returned will be the one from the proxy. + */ + @WithDefault("false") + boolean useProxyProtocol(); + /** * If this is true then the address, scheme etc. will be set from headers forwarded by the proxy server, such as * {@code X-Forwarded-For}. This should only be set if you are behind a proxy that sets these headers. @@ -70,7 +80,7 @@ public interface ProxyConfig { * The trusted proxy address should be specified as the IP address (IPv4 or IPv6), hostname or Classless Inter-Domain * Routing (CIDR) notation. Please note that Quarkus needs to perform DNS lookup for all hostnames during the request. * For that reason, using hostnames is not recommended. - * + *

* Examples of a socket address in the form of `host` or `host:port`: * *

- * + *

* Examples of a CIDR notation: * *

- * + *

* Please bear in mind that IPv4 CIDR won't match request sent from the IPv6 address and the other way around. */ Optional> trustedProxies(); diff --git a/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/options/HttpServerOptionsUtils.java b/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/options/HttpServerOptionsUtils.java index 77c9e694ea011..56409be6f047d 100644 --- a/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/options/HttpServerOptionsUtils.java +++ b/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/options/HttpServerOptionsUtils.java @@ -275,6 +275,8 @@ public static void applyCommonOptions(HttpServerOptions httpServerOptions, } httpServerOptions.setInitialSettings(settings); } + + httpServerOptions.setUseProxyProtocol(httpConfiguration.proxy().useProxyProtocol()); } public static void applyCommonOptionsForManagementInterface(HttpServerOptions options, @@ -299,6 +301,8 @@ public static void applyCommonOptionsForManagementInterface(HttpServerOptions op } options.setDecompressionSupported(buildTimeConfig.enableDecompression()); options.setHandle100ContinueAutomatically(httpConfiguration.handle100ContinueAutomatically()); + + options.setUseProxyProtocol(httpConfiguration.proxy().useProxyProtocol()); } private static KeyStoreOptions createKeyStoreOptions(Path path, String password, Optional fileType,